[FREEBSD:4B478274-47A0-11EC-BD24-6C3BE5272ACD] Grafana -- XSS
Severity
Medium
Affected Packages
1
CVEs
1
Grafana Labs reports:
If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim’s browser.
The user visiting the malicious link must be unauthenticated, and the link must be for a page that contains the login button in the menu bar.
There are two ways an unauthenticated user can open a page in Grafana that contains the login button:
Anonymous authentication is enabled. This means all pages in Grafana would be open for the attack.
The link is to an unauthenticated page. The following pages are vulnerable:
/dashboard-solo/snapshot/*
/dashboard/snapshot/*
/invite/:code
The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }}
An example of an expression would be: {{constructor.constructor(‘alert(1)’)()}}. This can be included in the link URL like this:
https://play.grafana.org/dashboard/snapshot/%7B%7Bconstructor.constructor('alert(1)')()%7D%7D?orgId=1
When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated, and the AngularJS rendering engine will execute the JavaScript expression contained in the URL.
Package | Affected Version |
---|---|
pkg:freebsd/grafana8 | < 8.2.3 |
- ID
- FREEBSD:4B478274-47A0-11EC-BD24-6C3BE5272ACD
- Severity
- medium
- Severity from
- CVE-2021-41174
- URL
- http://vuxml.freebsd.org/freebsd/4b478274-47a0-11ec-bd24-6c3be5272acd.html
- Published
-
2021-10-21T00:00:00
(2 years ago) - Modified
-
2021-12-11T00:00:00
(2 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://grafana.com/blog/2021/11/03/grafana-8.2.3-released-with-medium-severity-security-fix-cve-2021-41174-grafana-xss/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/grafana8 | grafana8 | < 8.2.3 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |