{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-39324", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-09-02T14:16:35.872Z", "datePublished": "2023-01-27T22:42:01.550Z", "dateUpdated": "2024-08-03T12:00:44.040Z"}, "containers": {"cna": {"title": "Grafana vulnerable to spoofing originalUrl of snapshots", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw"}, {"name": "https://github.com/grafana/grafana/pull/60232", "tags": ["x_refsource_MISC"], "url": "https://github.com/grafana/grafana/pull/60232"}, {"name": "https://github.com/grafana/grafana/pull/60256", "tags": ["x_refsource_MISC"], "url": "https://github.com/grafana/grafana/pull/60256"}, {"name": "https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a", "tags": ["x_refsource_MISC"], "url": "https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a"}, {"name": "https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c", "tags": ["x_refsource_MISC"], "url": "https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c"}], "affected": [{"vendor": "grafana", "product": "grafana", "versions": [{"version": "< 8.5.16", "status": "affected"}, {"version": ">= 9.0.0, < 9.2.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-27T22:42:01.550Z"}, "descriptions": [{"lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker\u2019s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8."}], "source": {"advisory": "GHSA-4724-7jwc-3fpw", "discovery": "UNKNOWN"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20230309-0010/"}, {"name": "https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw"}, {"name": "https://github.com/grafana/grafana/pull/60232", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/grafana/grafana/pull/60232"}, {"name": "https://github.com/grafana/grafana/pull/60256", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/grafana/grafana/pull/60256"}, {"name": "https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a"}, {"name": "https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:44.040Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T15:45:24.258579Z", "id": "CVE-2022-39324", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T15:45:36.804Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20230309-0010/"}, {"url": "https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw", "name": "https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/grafana/grafana/pull/60232", "name": "https://github.com/grafana/grafana/pull/60232", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/grafana/grafana/pull/60256", "name": "https://github.com/grafana/grafana/pull/60256", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a", "name": "https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c", "name": "https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:44.040Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-39324", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T15:45:24.258579Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T15:45:33.233Z"}}], "cna": {"title": "Grafana vulnerable to spoofing originalUrl of snapshots", "source": {"advisory": "GHSA-4724-7jwc-3fpw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "grafana", "product": "grafana", "versions": [{"status": "affected", "version": "< 8.5.16"}, {"status": "affected", "version": ">= 9.0.0, < 9.2.8"}]}], "references": [{"url": "https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw", "name": "https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/grafana/grafana/pull/60232", "name": "https://github.com/grafana/grafana/pull/60232", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/grafana/grafana/pull/60256", "name": "https://github.com/grafana/grafana/pull/60256", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a", "name": "https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c", "name": "https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker\u2019s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-27T22:42:01.550Z"}}}, "cveMetadata": {"cveId": "CVE-2022-39324", "state": "PUBLISHED", "dateUpdated": "2024-08-03T12:00:44.040Z", "dateReserved": "2022-09-02T14:16:35.872Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-01-27T22:42:01.550Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", "matchCriteriaId": "777B6454-25E4-4999-8CD8-650913FF7566", "versionEndExcluding": "8.5.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A9BAE29-AD6B-44E0-9FCE-2857E432FE2A", "versionEndExcluding": "9.2.8", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker\u2019s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8."}, {"lang": "es", "value": "Grafana es una plataforma de c\u00f3digo abierto para monitoreo y observabilidad. Antes de las versiones 8.5.16 y 9.2.8, los usuarios malintencionados pod\u00edan crear una instant\u00e1nea y elegir arbitrariamente el par\u00e1metro \"originalUrl\" editando la consulta, gracias a un proxy web. Cuando otro usuario abra la URL de la instant\u00e1nea, se le presentar\u00e1 la interfaz web normal proporcionada por el servidor confiable de Grafana. El bot\u00f3n \"Abrir panel original\" ya no apunta al panel original real sino a la URL inyectada por el atacante. Este problema se solucion\u00f3 en las versiones 8.5.16 y 9.2.8."}], "id": "CVE-2022-39324", "lastModified": "2023-02-07T20:17:46.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-01-27T23:15:08.723", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/grafana/grafana/pull/60232"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/grafana/grafana/pull/60256"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"acknowledgement": "Upstream acknowledges Grafana Security Team as the original reporter.", "affected_release": [{"advisory": "RHSA-2023:3642", "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9", "package": "rhceph/rhceph-6-dashboard-rhel9:6-75", "product_name": "Red Hat Ceph Storage 6.1", "release_date": "2023-06-15T00:00:00Z"}, {"advisory": "RHSA-2023:6420", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "grafana-0:9.2.10-7.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "grafana: Spoofing of the originalUrl parameter of snapshots", "id": "2148252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148252"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "status": "verified"}, "cwe": "CWE-472", "details": ["Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker\u2019s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.", "A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the \"Open original dashboard\" button."], "name": "CVE-2022-39324", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-view-plugin-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Will not fix", "package_name": "openshift-service-mesh/grafana-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Out of support scope", "package_name": "openshift-service-mesh/grafana-rhel8", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Out of support scope", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Will not fix", "package_name": "openshift-service-mesh/grafana-rhel8", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Will not fix", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/acm-grafana-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Out of support scope", "package_name": "grafana", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Affected", "package_name": "rhceph/rhceph-4-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift3/grafana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-monitoring-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-prometheus", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-prometheus-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-thanos-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/gitops-rhel8-operator", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Storage 3"}], "public_date": "2023-01-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-39324\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39324\nhttps://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/"], "statement": "OpenShift Service Mesh containers include the Grafana RPM from RHEL and consume CVE fixes for Grafana from RHEL channels. The servicemesh-grafana RPM shipped in early versions of OpenShift Service Mesh 2.1 is no longer maintained.", "threat_severity": "Moderate", "upstream_fix": "grafana 9.2.6.1, grafana 9.1.8.2, grafana 8.5.16"}