Attachment #241775 for bug #271086

View | Details | Raw Unified | Return to bug 271086 | Differences between
Collapse All | Expand All




  <vuln vid="0b85b1cd-e468-11ed-834b-6c3be5272acd">
    <topic>Grafana -- Critical vulnerability in golang</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><lt>8.5.24</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.17</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.13</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.9</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.5.24</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><lt>9.2.17</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.13</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/">
	  <p>An issue in how go handles backticks (`) with Javascript can lead to
	  an injection of arbitrary code into go templates. While Grafana Labs software
	  contains potentially vulnerable versions of go, we have not identified any
	  exploitable use cases at this time.</p>
	  <p>The CVSS score for this vulnerability is 0.0 (adjusted), 9.8 (base).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-24538</cvename>
      <url>https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/</url>
    </references>
    <dates>
      <discovery>2023-04-19</discovery>
      <entry>2023-04-26</entry>
    </dates>
  </vuln>

  <vuln vid="5e257b0d-e466-11ed-834b-6c3be5272acd">
    <topic>Grafana -- Exposure of sensitive information to an unauthorized actor</topic>
    <affects>
      <package>
	<name>grafana</name>
	<name>grafana9</name>
	<range><ge>9.1.0</ge><lt>9.2.17</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.13</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/">
	  <p>When setting up Grafana, there is an option to enable
	  <a href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/jwt/">
	  JWT authentication</a>. Enabling this will allow users to authenticate towards
	  the Grafana instance with a special header (default <code>X-JWT-Assertion</code>
	  ).</p>
	  <p>In Grafana, there is an additional way to authenticate using JWT called
	  <a href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/jwt/#url-login">
	  URL login</a> where the token is passed as a query parameter.</p>
	  <p>When using this option, a JWT token is passed to the data source as a header,
	  which leads to exposure of sensitive information to an unauthorized party.</p>
	  <p>The CVSS score for this vulnerability is 4.2 Medium</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-1387</cvename>
      <url>https://grafana.com/security/security-advisories/cve-2023-1387/</url>
    </references>
    <dates>
      <discovery>2023-04-26</discovery>
      <entry>2023-04-26</entry>
    </dates>
  </vuln>

  <vuln vid="c676bb1b-e3f8-11ed-b37b-901b0e9408dc">
    <topic>element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting</topic>
    <affects>

Return to bug 271086

Lines 1-3 Link Here

(-)b/security/vuxml/vuln/2023.xml (+82 lines)
		1	<vuln vid="0b85b1cd-e468-11ed-834b-6c3be5272acd">
		2	<topic>Grafana -- Critical vulnerability in golang</topic>
		3	<affects>
		4	<package>
		5	<name>grafana</name>
		6	<range><lt>8.5.24</lt></range>
		7	<range><ge>9.0.0</ge><lt>9.2.17</lt></range>
		8	<range><ge>9.3.0</ge><lt>9.3.13</lt></range>
		9	<range><ge>9.4.0</ge><lt>9.4.9</lt></range>
		10	</package>
		11	<package>
		12	<name>grafana8</name>
		13	<range><lt>8.5.24</lt></range>
		14	</package>
		15	<package>
		16	<name>grafana9</name>
		17	<range><lt>9.2.17</lt></range>
		18	<range><ge>9.3.0</ge><lt>9.3.13</lt></range>
		19	<range><ge>9.4.0</ge><lt>9.4.9</lt></range>
		20	</package>
		21	</affects>
		22	<description>
		23	<body xmlns="http://www.w3.org/1999/xhtml">
		24	<p>Grafana Labs reports:</p>
		25	<blockquote cite="https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/">
		26	<p>An issue in how go handles backticks (`) with Javascript can lead to
		27	an injection of arbitrary code into go templates. While Grafana Labs software
		28	contains potentially vulnerable versions of go, we have not identified any
		29	exploitable use cases at this time.</p>
		30	<p>The CVSS score for this vulnerability is 0.0 (adjusted), 9.8 (base).</p>
		31	</blockquote>
		32	</body>
		33	</description>
		34	<references>
		35	<cvename>CVE-2023-24538</cvename>
		36	<url>https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/</url>
		37	</references>
		38	<dates>
		39	<discovery>2023-04-19</discovery>
		40	<entry>2023-04-26</entry>
		41	</dates>
		42	</vuln>
		43
		44	<vuln vid="5e257b0d-e466-11ed-834b-6c3be5272acd">
		45	<topic>Grafana -- Exposure of sensitive information to an unauthorized actor</topic>
		46	<affects>
		47	<package>
		48	<name>grafana</name>
		49	<name>grafana9</name>
		50	<range><ge>9.1.0</ge><lt>9.2.17</lt></range>
		51	<range><ge>9.3.0</ge><lt>9.3.13</lt></range>
		52	<range><ge>9.4.0</ge><lt>9.4.9</lt></range>
		53	</package>
		54	</affects>
		55	<description>
		56	<body xmlns="http://www.w3.org/1999/xhtml">
		57	<p>Grafana Labs reports:</p>
		58	<blockquote cite="https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/">
		59	<p>When setting up Grafana, there is an option to enable
		60	<a href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/jwt/">
		61	JWT authentication</a>. Enabling this will allow users to authenticate towards
		62	the Grafana instance with a special header (default <code>X-JWT-Assertion</code>
		63	).</p>
		64	<p>In Grafana, there is an additional way to authenticate using JWT called
65	<a href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/jwt/#url-login">
66	URL login</a> where the token is passed as a query parameter.</p>
67	<p>When using this option, a JWT token is passed to the data source as a header,
68	which leads to exposure of sensitive information to an unauthorized party.</p>
69	<p>The CVSS score for this vulnerability is 4.2 Medium</p>
70	</blockquote>
71	</body>
72	</description>
73	<references>
74	<cvename>CVE-2023-1387</cvename>
75	<url>https://grafana.com/security/security-advisories/cve-2023-1387/</url>
76	</references>
77	<dates>
78	<discovery>2023-04-26</discovery>
79	<entry>2023-04-26</entry>
80	</dates>
81	</vuln>
82
1	<vuln vid="c676bb1b-e3f8-11ed-b37b-901b0e9408dc">	83	<vuln vid="c676bb1b-e3f8-11ed-b37b-901b0e9408dc">
2	<topic>element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting</topic>	84	<topic>element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting</topic>
3	<affects>	85	<affects>