CVE-2023-1410
Summary
| CVE | CVE-2023-1410 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-23 08:15:00 UTC |
| Updated | 2023-04-20 09:15:00 UTC |
| Description | Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 404 Page not found | Grafana Labs | MISC | grafana.com | |
| CVE-2023-1410 Grafana Vulnerability in NetApp Products | NetApp Product Security | MISC | security.netapp.com | |
| github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76 | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 150668 Grafana Stored Cross Site Scripting Vulnerability (CVE-2023-1410)
- 379220 GitLab Multiple Security Vulnerabilities (gitlab- 15.11.1, 15.10.5, and 15.9.6)
- 691127 Free Berkeley Software Distribution (FreeBSD) Security Update for grafana (955eb3cc-ce0b-11ed-825f-6c3be5272acd)
- 730771 Grafana Stored Cross-Site Scripting (XSS) Vulnerability
- 754116 SUSE Enterprise Linux Security Update for SUSE Manager Client Tools (SUSE-SU-2023:2578-1)