CVE-2023-3010 - OpenCVE

Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Grafana	Worldmap Panel

Configuration 1 [-]

cpe:2.3:a:grafana:worldmap_panel:*:*:*:*:*:grafana:*:*

No data.

References

Link	Providers
https://grafana.com/security/security-advisories/cve-2023-3010/
https://security.netapp.com/advisory/ntap-20240503-0001/

History

No history.

MITRE

Status: PUBLISHED

Assigner: GRAFANA

Published: 2023-10-25T08:09:48.174Z

Updated: 2024-08-02T06:41:04.120Z

Reserved: 2023-05-31T11:52:43.685Z

Link: CVE-2023-3010

Vulnrichment

Updated: 2024-08-02T06:41:04.120Z

NVD

Status : Modified

Published: 2023-10-25T18:17:29.993

Modified: 2024-05-03T13:15:20.697

Link: CVE-2023-3010

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3010", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "state": "PUBLISHED", "assignerShortName": "GRAFANA", "dateReserved": "2023-05-31T11:52:43.685Z", "datePublished": "2023-10-25T08:09:48.174Z", "dateUpdated": "2024-08-02T06:41:04.120Z"}, "containers": {"cna": {"affected": [{"product": "worldmap-panel", "vendor": "Grafana", "versions": [{"lessThan": "1.0.4", "status": "affected", "version": "0.3.30", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Grafana is an open-source platform for monitoring and observability. </p><p>The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.</p>"}], "value": "Grafana is an open-source platform for monitoring and observability. \n\nThe WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.\n\n"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2023-10-25T08:09:48.174Z"}, "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-3010/"}, {"url": "https://security.netapp.com/advisory/ntap-20240503-0001/"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3010", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-14T15:56:56.390682Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:grafana:grafana:-:*:*:*:enterprise:*:*:*"], "vendor": "grafana", "product": "grafana", "versions": [{"status": "affected", "version": "0.3.30", "lessThan": "1.0.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:17:33.636Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:41:04.120Z"}, "title": "CVE Program Container", "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-3010/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240503-0001/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-3010/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240503-0001/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:41:04.120Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3010", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-14T15:56:56.390682Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:grafana:grafana:-:*:*:*:enterprise:*:*:*"], "vendor": "grafana", "product": "grafana", "versions": [{"status": "affected", "version": "0.3.30", "lessThan": "1.0.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T15:56:05.683Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Grafana", "product": "worldmap-panel", "versions": [{"status": "affected", "version": "0.3.30", "lessThan": "1.0.4", "versionType": "semver"}]}], "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-3010/"}, {"url": "https://security.netapp.com/advisory/ntap-20240503-0001/"}], "descriptions": [{"lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. \n\nThe WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Grafana is an open-source platform for monitoring and observability. </p><p>The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79"}]}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2023-10-25T08:09:48.174Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3010", "state": "PUBLISHED", "dateUpdated": "2024-08-02T06:41:04.120Z", "dateReserved": "2023-05-31T11:52:43.685Z", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "datePublished": "2023-10-25T08:09:48.174Z", "assignerShortName": "GRAFANA"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:grafana:worldmap_panel:*:*:*:*:*:grafana:*:*", "matchCriteriaId": "106768FF-CEE9-451C-A97A-DACFF567C0EA", "versionEndExcluding": "1.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. \n\nThe WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.\n\n"}, {"lang": "es", "value": "Grafana es una plataforma de c\u00f3digo abierto para monitorizaci\u00f3n y observabilidad. El complemento del panel WorldMap, versiones anteriores a la 1.0.4, contiene una vulnerabilidad de DOM XSS."}], "id": "CVE-2023-3010", "lastModified": "2024-05-03T13:15:20.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "security@grafana.com", "type": "Secondary"}]}, "published": "2023-10-25T18:17:29.993", "references": [{"source": "security@grafana.com", "tags": ["Vendor Advisory"], "url": "https://grafana.com/security/security-advisories/cve-2023-3010/"}, {"source": "security@grafana.com", "url": "https://security.netapp.com/advisory/ntap-20240503-0001/"}], "sourceIdentifier": "security@grafana.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@grafana.com", "type": "Secondary"}]}