[FREEBSD:D4284C2E-8B83-11EC-B369-6C3BE5272ACD] Grafana -- CSRF

Severity High

Affected Packages 3

CVEs 1

Grafana Labs reports:

  On Jan. 18, security researchers @jub0bs and @abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).

Package	Affected Version
pkg:freebsd/grafana8	< 8.3.5
pkg:freebsd/grafana7	< 7.5.15
pkg:freebsd/grafana6

ID

FREEBSD:D4284C2E-8B83-11EC-B369-6C3BE5272ACD

Severity

high

Severity from

CVE-2022-21703

URL

http://vuxml.freebsd.org/freebsd/d4284c2e-8b83-11ec-b369-6c3be5272acd.html

Published

2022-01-18T00:00:00
(2 years ago)

Modified

2022-02-12T00:00:00
(2 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/grafana8		grafana8	< 8.3.5
Affected	pkg:freebsd/grafana7		grafana7	< 7.5.15
Affected	pkg:freebsd/grafana6		grafana6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date