Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
References
Link | Resource |
---|---|
https://github.com/grafana/grafana/pull/45083 | Issue Tracking Patch Third Party Advisory |
https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w | Mitigation Release Notes Third Party Advisory |
https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/ | Mitigation Release Notes Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/ | |
https://security.netapp.com/advisory/ntap-20220303-0005/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:43
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
10 Sep 2022, 02:41
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
07 May 2022, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2022, 02:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.8 |
First Time |
Netapp
Netapp e-series Performance Analyzer Fedoraproject fedora Fedoraproject |
|
CPE | cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220303-0005/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/ - Mailing List, Third Party Advisory |
20 Apr 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Mar 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Feb 2022, 18:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.1 |
First Time |
Grafana
Grafana grafana |
|
CPE | cpe:2.3:a:grafana:grafana:3.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:3.0.0:beta4:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:3.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:3.0.0:beta6:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:3.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:3.0.0:beta7:*:*:*:*:*:* cpe:2.3:a:grafana:grafana:3.0.0:beta5:*:*:*:*:*:* |
|
References | (MISC) https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/ - Mitigation, Release Notes, Vendor Advisory | |
References | (MISC) https://github.com/grafana/grafana/pull/45083 - Issue Tracking, Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w - Mitigation, Release Notes, Third Party Advisory |
08 Feb 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-08 21:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-21703
Mitre link : CVE-2022-21703
CVE.ORG link : CVE-2022-21703
JSON object : View
Products Affected
netapp
- e-series_performance_analyzer
grafana
- grafana
fedoraproject
- fedora
CWE
CWE-352
Cross-Site Request Forgery (CSRF)