Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14NWZoLWZ2dnItODkyZs4AAUas
Grafana XSS Vulnerability
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..
Permalink: https://github.com/advisories/GHSA-x5fh-fvvr-892fJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14NWZoLWZ2dnItODkyZs4AAUas
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 7 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-x5fh-fvvr-892f, CVE-2018-1000816
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000816
- https://github.com/grafana/grafana/issues/13667
- https://github.com/grafana/grafana/pull/13670
- https://github.com/grafana/grafana/commit/eabb04cec21dc323347da1aab7fcbf2a6e9dd121
- https://github.com/advisories/GHSA-x5fh-fvvr-892f
Blast Radius: 9.2
Affected Packages
go:github.com/grafana/grafana
Dependent packages: 37Dependent repositories: 50
Downloads:
Affected Version Ranges: < 5.3.2
Fixed in: 5.3.2
All affected versions: 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.6.0, 1.6.1, 1.7.0, 1.8.0, 1.8.1, 1.9.0, 1.9.1, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.5.0, 2.6.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.1.0, 3.1.1, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.3.0, 5.3.1
All unaffected versions: 5.3.2, 5.3.3, 5.3.4, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.6