SB2023101245 - cvat update for Grafana

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023101245

SB2023101245 - cvat update for Grafana

Published: October 12, 2023

Security Bulletin ID SB2023101245
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 20% Medium 20% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Stored cross-site scripting (CVE-ID: CVE-2023-0594)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the trace view visualization. A remote user the Editor role can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


2) Stored cross-site scripting (CVE-ID: CVE-2023-0507)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the GeoMap plugin. A remote user with the Editor role can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


3) Information disclosure (CVE-ID: CVE-2023-1387)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to application allows users to login with a JWT token passed in the URL query parameter auth_token. A remote attacker can intercept the query and gain unauthorized access to the application.


4) Stored cross-site scripting (CVE-ID: CVE-2023-1410)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Graphite FunctionDescription tooltip. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


5) Improper Authentication (CVE-ID: CVE-2023-3128)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in Azure AD OAuth implementation. Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. A remote attacker can modify their profile and provide the email address of  an existing Grafana user, bypass authentication process and gain unauthorized access to the application.

The vulnerability affects Grafana installations with Azure AD OAuth configured for a multi-tenant app.



Remediation

Install update from vendor's website.

References