csaf_opensuse - opensuse-su-2024:11816-1

opensuse-su-2024:11816-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

grafana-8.3.4-1.1 on GA media

Notes

Title of the patch

grafana-8.3.4-1.1 on GA media

Description of the patch

These are all security issues fixed in the grafana-8.3.4-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11816

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "grafana-8.3.4-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the grafana-8.3.4-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11816",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11816-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-36222 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-36222/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3711 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3711/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41174 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41174/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41244 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41244/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-43798 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-43798/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-21673 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-21673/"
      }
    ],
    "title": "grafana-8.3.4-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11816-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-8.3.4-1.1.aarch64",
                "product": {
                  "name": "grafana-8.3.4-1.1.aarch64",
                  "product_id": "grafana-8.3.4-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-8.3.4-1.1.ppc64le",
                "product": {
                  "name": "grafana-8.3.4-1.1.ppc64le",
                  "product_id": "grafana-8.3.4-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-8.3.4-1.1.s390x",
                "product": {
                  "name": "grafana-8.3.4-1.1.s390x",
                  "product_id": "grafana-8.3.4-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-8.3.4-1.1.x86_64",
                "product": {
                  "name": "grafana-8.3.4-1.1.x86_64",
                  "product_id": "grafana-8.3.4-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-8.3.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64"
        },
        "product_reference": "grafana-8.3.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-8.3.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le"
        },
        "product_reference": "grafana-8.3.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-8.3.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x"
        },
        "product_reference": "grafana-8.3.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-8.3.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
        },
        "product_reference": "grafana-8.3.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-36222",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-36222"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-36222",
          "url": "https://www.suse.com/security/cve/CVE-2021-36222"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188571 for CVE-2021-36222",
          "url": "https://bugzilla.suse.com/1188571"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-36222"
    },
    {
      "cve": "CVE-2021-3711",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3711"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3711",
          "url": "https://www.suse.com/security/cve/CVE-2021-3711"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189520 for CVE-2021-3711",
          "url": "https://bugzilla.suse.com/1189520"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190129 for CVE-2021-3711",
          "url": "https://bugzilla.suse.com/1190129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192100 for CVE-2021-3711",
          "url": "https://bugzilla.suse.com/1192100"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205663 for CVE-2021-3711",
          "url": "https://bugzilla.suse.com/1205663"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1225628 for CVE-2021-3711",
          "url": "https://bugzilla.suse.com/1225628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2021-3711"
    },
    {
      "cve": "CVE-2021-41174",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41174"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim\u0027s browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(\u0027alert(1)\u0027)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41174",
          "url": "https://www.suse.com/security/cve/CVE-2021-41174"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192383 for CVE-2021-41174",
          "url": "https://bugzilla.suse.com/1192383"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41174"
    },
    {
      "cve": "CVE-2021-41244",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41244"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users\u0027 roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users\u0027 roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41244",
          "url": "https://www.suse.com/security/cve/CVE-2021-41244"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192763 for CVE-2021-41244",
          "url": "https://bugzilla.suse.com/1192763"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2021-41244"
    },
    {
      "cve": "CVE-2021-43798",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-43798"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `\u003cgrafana_host_url\u003e/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-43798",
          "url": "https://www.suse.com/security/cve/CVE-2021-43798"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193492 for CVE-2021-43798",
          "url": "https://bugzilla.suse.com/1193492"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-43798"
    },
    {
      "cve": "CVE-2022-21673",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-21673"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
          "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-21673",
          "url": "https://www.suse.com/security/cve/CVE-2022-21673"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1194873 for CVE-2022-21673",
          "url": "https://bugzilla.suse.com/1194873"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.aarch64",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.ppc64le",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.s390x",
            "openSUSE Tumbleweed:grafana-8.3.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-21673"
    }
  ]
}

CVE-2021-43798 (GCVE-0-2021-43798)

Vulnerability from cvelistv5

Published

2021-12-07 18:25

Modified

2024-08-04 04:03

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

References

►

URL

Tags

	https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p	x_refsource_CONFIRM
	https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce	x_refsource_MISC
	http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html	x_refsource_MISC
	https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2021/12/09/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/12/10/4	mailing-list, x_refsource_MLIST
	https://security.netapp.com/advisory/ntap-20211229-0004/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	grafana	grafana	Version: >= 8.0.0, < 8.0.7 Version: >= 8.1.0, < 8.1.8 Version: >= 8.2.0, < 8.2.7 Version: = 8.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:03:08.797Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html"
          },
          {
            "name": "[oss-security] 20211209 CVE-2021-43798 Grafana directory traversal",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/09/2"
          },
          {
            "name": "[oss-security] 20211210 CVE-2021-43813 and CVE-2021-43815 - Grafana directory traversal for some .md and .csv files",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/10/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211229-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grafana",
          "vendor": "grafana",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0, \u003c 8.1.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0, \u003c 8.2.7"
            },
            {
              "status": "affected",
              "version": "= 8.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `\u003cgrafana_host_url\u003e/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-29T20:06:36",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html"
        },
        {
          "name": "[oss-security] 20211209 CVE-2021-43798 Grafana directory traversal",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/09/2"
        },
        {
          "name": "[oss-security] 20211210 CVE-2021-43813 and CVE-2021-43815 - Grafana directory traversal for some .md and .csv files",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/10/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211229-0004/"
        }
      ],
      "source": {
        "advisory": "GHSA-8pjx-jj86-j47p",
        "discovery": "UNKNOWN"
      },
      "title": "Grafana path traversal",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-43798",
          "STATE": "PUBLIC",
          "TITLE": "Grafana path traversal"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grafana",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 8.0.0, \u003c 8.0.7"
                          },
                          {
                            "version_value": "\u003e= 8.1.0, \u003c 8.1.8"
                          },
                          {
                            "version_value": "\u003e= 8.2.0, \u003c 8.2.7"
                          },
                          {
                            "version_value": "= 8.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "grafana"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `\u003cgrafana_host_url\u003e/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p",
              "refsource": "CONFIRM",
              "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p"
            },
            {
              "name": "https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce",
              "refsource": "MISC",
              "url": "https://github.com/grafana/grafana/commit/c798c0e958d15d9cc7f27c72113d572fa58545ce"
            },
            {
              "name": "http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html"
            },
            {
              "name": "https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/",
              "refsource": "CONFIRM",
              "url": "https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/"
            },
            {
              "name": "http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html"
            },
            {
              "name": "[oss-security] 20211209 CVE-2021-43798 Grafana directory traversal",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/09/2"
            },
            {
              "name": "[oss-security] 20211210 CVE-2021-43813 and CVE-2021-43815 - Grafana directory traversal for some .md and .csv files",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/4"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211229-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211229-0004/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-8pjx-jj86-j47p",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-43798",
    "datePublished": "2021-12-07T18:25:10",
    "dateReserved": "2021-11-16T00:00:00",
    "dateUpdated": "2024-08-04T04:03:08.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-36222 (GCVE-0-2021-36222)

Vulnerability from cvelistv5

Published

2021-07-22 17:28

Modified

2024-08-04 00:54

Severity ?

CWE

Summary

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

References

►

URL

Tags

	https://web.mit.edu/kerberos/advisories/	x_refsource_MISC
	https://github.com/krb5/krb5/releases	x_refsource_MISC
	https://www.debian.org/security/2021/dsa-4944	vendor-advisory, x_refsource_DEBIAN
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
	https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20211022-0003/	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20211104-0007/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:54:51.338Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://web.mit.edu/kerberos/advisories/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/krb5/krb5/releases"
          },
          {
            "name": "DSA-4944",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4944"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211104-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-04T08:06:53",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://web.mit.edu/kerberos/advisories/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/krb5/krb5/releases"
        },
        {
          "name": "DSA-4944",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4944"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211104-0007/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-36222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://web.mit.edu/kerberos/advisories/",
              "refsource": "MISC",
              "url": "https://web.mit.edu/kerberos/advisories/"
            },
            {
              "name": "https://github.com/krb5/krb5/releases",
              "refsource": "MISC",
              "url": "https://github.com/krb5/krb5/releases"
            },
            {
              "name": "DSA-4944",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4944"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562",
              "refsource": "CONFIRM",
              "url": "https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211022-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211104-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211104-0007/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-36222",
    "datePublished": "2021-07-22T17:28:47",
    "dateReserved": "2021-07-07T00:00:00",
    "dateUpdated": "2024-08-04T00:54:51.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41174 (GCVE-0-2021-41174)

Vulnerability from cvelistv5

Published

2021-11-03 18:00

Modified

2024-08-04 02:59

Severity ?

6.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(‘alert(1)’)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.

References

►

URL

Tags

	https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8	x_refsource_CONFIRM
	https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912	x_refsource_MISC
	https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82	x_refsource_MISC
	https://github.com/grafana/grafana/commit/fb85ed691290d211a5baa44d9a641ab137f0de88	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20211125-0003/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	grafana	grafana	Version: >= 8.0.0, < 8.2.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:59:31.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/commit/fb85ed691290d211a5baa44d9a641ab137f0de88"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211125-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grafana",
          "vendor": "grafana",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.2.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim\u0027s browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(\u2018alert(1)\u2019)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-25T06:06:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grafana/grafana/commit/fb85ed691290d211a5baa44d9a641ab137f0de88"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211125-0003/"
        }
      ],
      "source": {
        "advisory": "GHSA-3j9m-hcv9-rpj8",
        "discovery": "UNKNOWN"
      },
      "title": "XSS vulnerability allowing arbitrary JavaScript execution",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41174",
          "STATE": "PUBLIC",
          "TITLE": "XSS vulnerability allowing arbitrary JavaScript execution"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grafana",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 8.0.0, \u003c 8.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "grafana"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim\u0027s browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(\u2018alert(1)\u2019)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8",
              "refsource": "CONFIRM",
              "url": "https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8"
            },
            {
              "name": "https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912",
              "refsource": "MISC",
              "url": "https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912"
            },
            {
              "name": "https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82",
              "refsource": "MISC",
              "url": "https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82"
            },
            {
              "name": "https://github.com/grafana/grafana/commit/fb85ed691290d211a5baa44d9a641ab137f0de88",
              "refsource": "MISC",
              "url": "https://github.com/grafana/grafana/commit/fb85ed691290d211a5baa44d9a641ab137f0de88"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211125-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211125-0003/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-3j9m-hcv9-rpj8",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41174",
    "datePublished": "2021-11-03T18:00:12",
    "dateReserved": "2021-09-15T00:00:00",
    "dateUpdated": "2024-08-04T02:59:31.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-21673 (GCVE-0-2022-21673)

Vulnerability from cvelistv5

Published

2022-01-18 21:35

Modified

2025-04-23 19:11

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.

References

►

URL

Tags

	https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4	x_refsource_CONFIRM
	https://github.com/grafana/grafana/releases/tag/v7.5.13	x_refsource_MISC
	https://github.com/grafana/grafana/releases/tag/v8.3.4	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220303-0004/	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	grafana	grafana	Version: >= 7.2.0, < 7.5.13 Version: >= 8.0.0, < 8.3.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:46:39.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/releases/tag/v7.5.13"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/releases/tag/v8.3.4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220303-0004/"
          },
          {
            "name": "FEDORA-2022-83405f9d5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"
          },
          {
            "name": "FEDORA-2022-9dd03cab55",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"
          },
          {
            "name": "FEDORA-2022-c5383675d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T14:12:04.035353Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T19:11:00.141Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grafana",
          "vendor": "grafana",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.2.0, \u003c 7.5.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.3.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-07T07:06:34.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grafana/grafana/releases/tag/v7.5.13"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grafana/grafana/releases/tag/v8.3.4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220303-0004/"
        },
        {
          "name": "FEDORA-2022-83405f9d5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"
        },
        {
          "name": "FEDORA-2022-9dd03cab55",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"
        },
        {
          "name": "FEDORA-2022-c5383675d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"
        }
      ],
      "source": {
        "advisory": "GHSA-8wjh-59cw-9xh4",
        "discovery": "UNKNOWN"
      },
      "title": "OAuth Identity Token exposure in Grafana",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-21673",
          "STATE": "PUBLIC",
          "TITLE": "OAuth Identity Token exposure in Grafana"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grafana",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 7.2.0, \u003c 7.5.13"
                          },
                          {
                            "version_value": "\u003e= 8.0.0, \u003c 8.3.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "grafana"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4",
              "refsource": "CONFIRM",
              "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4"
            },
            {
              "name": "https://github.com/grafana/grafana/releases/tag/v7.5.13",
              "refsource": "MISC",
              "url": "https://github.com/grafana/grafana/releases/tag/v7.5.13"
            },
            {
              "name": "https://github.com/grafana/grafana/releases/tag/v8.3.4",
              "refsource": "MISC",
              "url": "https://github.com/grafana/grafana/releases/tag/v8.3.4"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220303-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220303-0004/"
            },
            {
              "name": "FEDORA-2022-83405f9d5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"
            },
            {
              "name": "FEDORA-2022-9dd03cab55",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"
            },
            {
              "name": "FEDORA-2022-c5383675d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-8wjh-59cw-9xh4",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-21673",
    "datePublished": "2022-01-18T21:35:10.000Z",
    "dateReserved": "2021-11-16T00:00:00.000Z",
    "dateUpdated": "2025-04-23T19:11:00.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41244 (GCVE-0-2021-41244)

Vulnerability from cvelistv5

Published

2021-11-15 20:05

Modified

2024-08-04 03:08

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Summary

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.

References

►

URL

Tags

	https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx	x_refsource_CONFIRM
	https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2021/11/15/1	mailing-list, x_refsource_MLIST
	https://security.netapp.com/advisory/ntap-20211223-0001/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	grafana	grafana	Version: >= 8.0.0, < 8.2.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:08:31.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/"
          },
          {
            "name": "[oss-security] 20211115 Grafana 8.2.4 released with security fixes",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/11/15/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211223-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grafana",
          "vendor": "grafana",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.2.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users\u2019 roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users\u0027 roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-23T12:07:05",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/"
        },
        {
          "name": "[oss-security] 20211115 Grafana 8.2.4 released with security fixes",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/11/15/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211223-0001/"
        }
      ],
      "source": {
        "advisory": "GHSA-mpwp-42x6-4wmx",
        "discovery": "UNKNOWN"
      },
      "title": "Cross organization admin control in Grafana",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41244",
          "STATE": "PUBLIC",
          "TITLE": "Cross organization admin control in Grafana"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grafana",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 8.0.0, \u003c 8.2.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "grafana"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users\u2019 roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users\u0027 roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx",
              "refsource": "CONFIRM",
              "url": "https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx"
            },
            {
              "name": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/",
              "refsource": "MISC",
              "url": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/"
            },
            {
              "name": "[oss-security] 20211115 Grafana 8.2.4 released with security fixes",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/11/15/1"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211223-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211223-0001/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-mpwp-42x6-4wmx",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41244",
    "datePublished": "2021-11-15T20:05:11",
    "dateReserved": "2021-09-15T00:00:00",
    "dateUpdated": "2024-08-04T03:08:31.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3711 (GCVE-0-2021-3711)

Vulnerability from cvelistv5

Published

2021-08-24 14:50

Modified

2024-09-16 18:29

Severity ?

CWE

Buffer overflow

Summary

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

References

►

URL

Tags

	https://www.openssl.org/news/secadv/20210824.txt
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
	https://www.debian.org/security/2021/dsa-4963	vendor-advisory
	https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E	mailing-list
	http://www.openwall.com/lists/oss-security/2021/08/26/2	mailing-list
	https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E	mailing-list
	https://security.netapp.com/advisory/ntap-20210827-0010/
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://www.tenable.com/security/tns-2021-16
	https://www.oracle.com/security-alerts/cpujan2022.html
	https://security.netapp.com/advisory/ntap-20211022-0003/
	https://www.tenable.com/security/tns-2022-02
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
	https://security.gentoo.org/glsa/202209-02	vendor-advisory
	https://security.gentoo.org/glsa/202210-02	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20210824.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
          },
          {
            "name": "DSA-4963",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4963"
          },
          {
            "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
          },
          {
            "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2022-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "name": "GLSA-202209-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-02"
          },
          {
            "name": "GLSA-202210-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "John Ouyang"
        }
      ],
      "datePublic": "2021-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#High",
              "value": "High"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:59.573968",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20210824.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
        },
        {
          "name": "DSA-4963",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4963"
        },
        {
          "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
        },
        {
          "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-16"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2022-02"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "name": "GLSA-202209-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-02"
        },
        {
          "name": "GLSA-202210-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-02"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "SM2 Decryption Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-3711",
    "datePublished": "2021-08-24T14:50:13.114745Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-16T18:29:03.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2024:11816-1

Vulnerability from csaf_opensuse

CVE-2021-43798 (GCVE-0-2021-43798)

Vulnerability from cvelistv5

CVE-2021-36222 (GCVE-0-2021-36222)

Vulnerability from cvelistv5

CVE-2021-41174 (GCVE-0-2021-41174)

Vulnerability from cvelistv5

CVE-2022-21673 (GCVE-0-2022-21673)

Vulnerability from cvelistv5

CVE-2021-41244 (GCVE-0-2021-41244)

Vulnerability from cvelistv5

CVE-2021-3711 (GCVE-0-2021-3711)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature