CVE-2023-1410 Vulnerability Details

  /     /     /  

CVE-2023-1410 Metadata Quick Info

CVE Published: 23/03/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: GRAFANA | Vendor: Grafana | Product: Grafana
Status : PUBLISHED

CVE-2023-1410 Description

Grafana is an open-source platform for monitoring and observability.  Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description.  Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.

Metrics

CVSS Version: 3.1 | Base Score: 6.2 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79
Source: Grafana

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-592
CAPEC Description: CAPEC-592


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-1410 Vulnerability Details