Attachment #241231 for bug #270562

View | Details | Raw Unified | Return to bug 270562 | Differences between
Collapse All | Expand All




  <vuln vid="955eb3cc-ce0b-11ed-825f-6c3be5272acd">
    <topic>Grafana -- Stored XSS in Graphite FunctionDescription tooltip</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><lt>8.5.22</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.15</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.11</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.7</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.5.22</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><lt>9.2.15</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.11</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/03/22/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-1410/">
	  <p>When a user adds a Graphite data source, they can then use the data source
	  in a dashboard. This capability contains a feature to use Functions. Once
	  a function is selected, a small tooltip appears when hovering over the name
	  of the function. This tooltip allows you to delete the selected Function
	  from your query or show the Function Description. However, no sanitization
	  is done when adding this description to the DOM.</p>
	  <p>Since it is not uncommon to connect to public data sources, an attacker
	  could host a Graphite instance with modified Function Descriptions containing
	  XSS payloads. When the victim uses it in a query and accidentally hovers
	  over the Function Description, an attacker-controlled XSS payload
	  will be executed.</p>
	  <p>The severity of this vulnerability is of CVSSv3.1 5.7 Medium
	  (CVSS: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N (5.7)).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-1410</cvename>
      <url>https://grafana.com/security/security-advisories/cve-2023-1410/</url>
    </references>
    <dates>
      <discovery>2023-03-14</discovery>
      <entry>2023-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="5b0ae405-cdc7-11ed-bb39-901b0e9408dc">
    <topic>Matrix clients -- Prototype pollution in matrix-js-sdk</topic>
    <affects>

Return to bug 270562

Lines 1-3 Link Here

(-)b/security/vuxml/vuln/2023.xml (+51 lines)
		1	<vuln vid="955eb3cc-ce0b-11ed-825f-6c3be5272acd">
		2	<topic>Grafana -- Stored XSS in Graphite FunctionDescription tooltip</topic>
		3	<affects>
		4	<package>
		5	<name>grafana</name>
		6	<range><lt>8.5.22</lt></range>
		7	<range><ge>9.0.0</ge><lt>9.2.15</lt></range>
		8	<range><ge>9.3.0</ge><lt>9.3.11</lt></range>
		9	<range><ge>9.4.0</ge><lt>9.4.7</lt></range>
		10	</package>
		11	<package>
		12	<name>grafana8</name>
		13	<range><lt>8.5.22</lt></range>
		14	</package>
		15	<package>
		16	<name>grafana9</name>
		17	<range><lt>9.2.15</lt></range>
		18	<range><ge>9.3.0</ge><lt>9.3.11</lt></range>
		19	<range><ge>9.4.0</ge><lt>9.4.7</lt></range>
		20	</package>
		21	</affects>
		22	<description>
		23	<body xmlns="http://www.w3.org/1999/xhtml">
		24	<p>Grafana Labs reports:</p>
		25	<blockquote cite="https://grafana.com/blog/2023/03/22/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-1410/">
		26	<p>When a user adds a Graphite data source, they can then use the data source
		27	in a dashboard. This capability contains a feature to use Functions. Once
		28	a function is selected, a small tooltip appears when hovering over the name
		29	of the function. This tooltip allows you to delete the selected Function
		30	from your query or show the Function Description. However, no sanitization
		31	is done when adding this description to the DOM.</p>
		32	<p>Since it is not uncommon to connect to public data sources, an attacker
		33	could host a Graphite instance with modified Function Descriptions containing
		34	XSS payloads. When the victim uses it in a query and accidentally hovers
		35	over the Function Description, an attacker-controlled XSS payload
		36	will be executed.</p>
		37	<p>The severity of this vulnerability is of CVSSv3.1 5.7 Medium
		38	(CVSS: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N (5.7)).</p>
		39	</blockquote>
		40	</body>
		41	</description>
		42	<references>
		43	<cvename>CVE-2023-1410</cvename>
		44	<url>https://grafana.com/security/security-advisories/cve-2023-1410/</url>
		45	</references>
		46	<dates>
		47	<discovery>2023-03-14</discovery>
		48	<entry>2023-03-29</entry>
		49	</dates>
		50	</vuln>
		51
1	<vuln vid="5b0ae405-cdc7-11ed-bb39-901b0e9408dc">	52	<vuln vid="5b0ae405-cdc7-11ed-bb39-901b0e9408dc">
2	<topic>Matrix clients -- Prototype pollution in matrix-js-sdk</topic>	53	<topic>Matrix clients -- Prototype pollution in matrix-js-sdk</topic>
3	<affects>	54	<affects>