FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e6281d88-a7a7-11ed-8d6a-6c3be5272acdGrafana -- Spoofing originalUrl of snapshots

Grafana Labs reports:

A third-party penetration test of Grafana found a vulnerability in the snapshot functionality. The value of the originalUrl parameter is automatically generated. The purpose of the presented originalUrl parameter is to provide a user who views the snapshot with the possibility to click on the Local Snapshot button in the Grafana web UI and be presented with the dashboard that the snapshot captured. The value of the originalUrl parameter can be arbitrarily chosen by a malicious user that creates the snapshot. (Note: This can be done by editing the query thanks to a web proxy like Burp.)

We have assessed this vulnerability as having a CVSS score of 6.7 MEDIUM (CVSS:6.7/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).


Discovery 2023-01-25
Entry 2023-02-09
grafana
ge 8.0.0 lt 8.5.16

ge 9.0.0 lt 9.2.10

ge 9.3.0 lt 9.3.4

grafana8
ge 8.0.0 lt 8.5.16

grafana9
ge 9.0.0 lt 9.2.10

ge 9.3.0 lt 9.3.4

CVE-2022-39324
https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw
6eb6a442-629a-11ed-9ca2-6c3be5272acdGrafana -- Privilege escalation

Grafana Labs reports:

Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization.

The CVSS score for this vulnerability is 6.4 Moderate


Discovery 2022-10-24
Entry 2022-11-12
grafana
ge 8.0.0 lt 8.5.15

ge 9.0.0 lt 9.2.4

grafana8
ge 8.0.0 lt 8.5.15

grafana9
ge 9.0.0 lt 9.2.4

CVE-2022-39306
https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84
a994ff7d-5b3f-11ec-8398-6c3be5272acdGrafana -- Directory Traversal

GitHub Security Labs reports:

A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrary .csv files through directory traversal. Thanks to our defense-in-depth approach, at no time has Grafana Cloud been vulnerable.

The vulnerable URL path is: /api/plugins/.*/markdown/.* for .md files


Discovery 2021-12-09
Entry 2021-12-12
grafana
ge 5.0.0 lt 7.5.12

ge 8.0.0 lt 8.3.2

grafana6
ge 6.0.0

grafana7
ge 7.0.0 lt 7.5.12

grafana8
ge 8.0.0 lt 8.3.2

CVE-2021-43813
https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/
c2a7de31-5b42-11ec-8398-6c3be5272acdGrafana -- Directory Traversal

GitHub Security Labs reports:

A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrary .csv files through directory traversal. Thanks to our defense-in-depth approach, at no time has Grafana Cloud been vulnerable.

The vulnerable URL path is: /api/ds/query


Discovery 2021-12-09
Entry 2021-12-12
grafana
grafana8
ge 8.0.0 lt 8.3.2

CVE-2021-43815
https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/
4b478274-47a0-11ec-bd24-6c3be5272acdGrafana -- XSS

Grafana Labs reports:

If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim’s browser.

The user visiting the malicious link must be unauthenticated, and the link must be for a page that contains the login button in the menu bar.

There are two ways an unauthenticated user can open a page in Grafana that contains the login button:

  • Anonymous authentication is enabled. This means all pages in Grafana would be open for the attack.
  • The link is to an unauthenticated page. The following pages are vulnerable:
    • /dashboard-solo/snapshot/*
    • /dashboard/snapshot/*
    • /invite/:code

The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }}

An example of an expression would be: {{constructor.constructor(‘alert(1)’)()}}. This can be included in the link URL like this:

https://play.grafana.org/dashboard/snapshot/%7B%7Bconstructor.constructor('alert(1)')()%7D%7D?orgId=1

When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated, and the AngularJS rendering engine will execute the JavaScript expression contained in the URL.


Discovery 2021-10-21
Entry 2021-12-11
grafana8
grafana
ge 8.0.0 lt 8.2.3

CVE-2021-41174
https://grafana.com/blog/2021/11/03/grafana-8.2.3-released-with-medium-severity-security-fix-cve-2021-41174-grafana-xss/
909a80ba-6294-11ed-9ca2-6c3be5272acdGrafana -- Improper authentication

Grafana Labs reports:

On September 7, as a result of an internal security audit, we discovered a security vulnerability in Grafana’s basic authentication related to the usage of username and email address.

n Grafana, a user’s username and email address are unique fields, which means no other user can have the same username or email address as another user.

In addition, a user can have an email address as a username, and the Grafana login allows users to sign in with either username or email address. This creates an unusual behavior, where user_1 can register with one email address and user_2 can register their username as user_1’s email address. As a result, user_1 would be prevented from signing in to Grafana, since user_1 password won’t match with user_2 email address.

The CVSS score for this vulnerability is 4.3 moderate (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).


Discovery 2022-09-07
Entry 2022-11-12
grafana
ge 8.0.0 lt 8.5.14

ge 9.0.0 lt 9.1.8

grafana8
ge 8.0.0 lt 8.5.14

grafana9
ge 9.0.0 lt 9.1.8

CVE-2022-39229
https://github.com/grafana/grafana/security/advisories/GHSA-gj7m-853r-289r
6f6c9420-6297-11ed-9ca2-6c3be5272acdGrafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana Labs reports:

On June 26 a security researcher contacted Grafana Labs to disclose a vulnerability with the GitLab data source plugin that could leak the API key to GitLab. After further analysis the vulnerability impacts data source and plugin proxy endpoints with authentication tokens but under some conditions.

We believe that this vulnerability is rated at CVSS 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)


Discovery 2022-06-26
Entry 2022-11-12
grafana
ge 7.0.0 lt 8.5.14

ge 9.0.0 lt 9.1.8

grafana7
ge 7.0.0

grafana8
ge 8.0.0 lt 8.5.14

grafana9
ge 9.0.0 lt 9.1.8

CVE-2022-31130
https://github.com/grafana/grafana/security/advisories/GHSA-jv32-5578-pxjc
e7841611-b808-11ed-b695-6c3be5272acdGrafana -- Stored XSS in TraceView panel

Grafana Labs reports:

During an internal audit of Grafana on January 30, a member of the engineering team found a stored XSS vulnerability affecting the TraceView panel.

The stored XSS vulnerability was possible because the value of a span’s attributes/resources were not properly sanitized, and this will be rendered when the span’s attributes/resources are expanded.

The CVSS score for this vulnerability is 7.3 High (CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).


Discovery 2023-01-30
Entry 2023-03-01
grafana
< 8.5.21

ge 9.0.0 lt 9.2.13

ge 9.3.0 lt 9.3.8

grafana8
< 8.5.21

grafana9
ge 9.0.0 lt 9.2.13

ge 9.3.0 lt 9.3.8

CVE-2023-0594
https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/
0a80f159-629b-11ed-9ca2-6c3be5272acdGrafana -- Username enumeration

Grafana Labs reports:

When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message.

The CVSS score for this vulnerability is 5.3 Moderate


Discovery 2022-10-24
Entry 2022-11-12
grafana
ge 8.0.0 lt 8.5.15

ge 9.0.0 lt 9.2.4

grafana8
ge 8.0.0 lt 8.5.15

grafana9
ge 9.0.0 lt 9.2.4

CVE-2022-39307
https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5
d4284c2e-8b83-11ec-b369-6c3be5272acdGrafana -- CSRF

Grafana Labs reports:

On Jan. 18, security researchers @jub0bs and @abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).


Discovery 2022-01-18
Entry 2022-02-12
grafana6
ge 6.0.0

grafana7
< 7.5.15

grafana8
< 8.3.5

CVE-2022-21703
https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/
0b85b1cd-e468-11ed-834b-6c3be5272acdGrafana -- Critical vulnerability in golang

Grafana Labs reports:

An issue in how go handles backticks (`) with Javascript can lead to an injection of arbitrary code into go templates. While Grafana Labs software contains potentially vulnerable versions of go, we have not identified any exploitable use cases at this time.

The CVSS score for this vulnerability is 0.0 (adjusted), 9.8 (base).


Discovery 2023-04-19
Entry 2023-04-26
grafana
< 8.5.24

ge 9.0.0 lt 9.2.17

ge 9.3.0 lt 9.3.13

ge 9.4.0 lt 9.4.9

grafana8
< 8.5.24

grafana9
< 9.2.17

ge 9.3.0 lt 9.3.13

ge 9.4.0 lt 9.4.9

CVE-2023-24538
https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/
955eb3cc-ce0b-11ed-825f-6c3be5272acdGrafana -- Stored XSS in Graphite FunctionDescription tooltip

Grafana Labs reports:

When a user adds a Graphite data source, they can then use the data source in a dashboard. This capability contains a feature to use Functions. Once a function is selected, a small tooltip appears when hovering over the name of the function. This tooltip allows you to delete the selected Function from your query or show the Function Description. However, no sanitization is done when adding this description to the DOM.

Since it is not uncommon to connect to public data sources, an attacker could host a Graphite instance with modified Function Descriptions containing XSS payloads. When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executed.

The severity of this vulnerability is of CVSSv3.1 5.7 Medium (CVSS: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N (5.7)).


Discovery 2023-03-14
Entry 2023-03-29
grafana
< 8.5.22

ge 9.0.0 lt 9.2.15

ge 9.3.0 lt 9.3.11

ge 9.4.0 lt 9.4.7

grafana8
< 8.5.22

grafana9
< 9.2.15

ge 9.3.0 lt 9.3.11

ge 9.4.0 lt 9.4.7

CVE-2023-1410
https://grafana.com/security/security-advisories/cve-2023-1410/
d71d154a-8b83-11ec-b369-6c3be5272acdGrafana -- Teams API IDOR

Grafana Labs reports:

On Jan. 18, an external security researcher, Kürşad ALSAN from NSPECT.IO (@nspectio on Twitter), contacted Grafana to disclose an IDOR (Insecure Direct Object Reference) vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints:

  • /teams/:teamId - an authenticated attacker can view unintended data by querying for the specific team ID.
  • /teams/:search - an authenticated attacker can search for teams and see the total number of available teams, including for those teams that the user does not have access to.
  • /teams/:teamId/members - when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.

We believe that this vulnerability is rated at CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).


Discovery 2022-01-18
Entry 2022-02-12
grafana6
ge 6.0.0

grafana7
< 7.5.15

grafana8
< 8.3.5

CVE-2022-21713
https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/
e2a8e2bd-b808-11ed-b695-6c3be5272acdGrafana -- Stored XSS in geomap panel plugin via attribution

Grafana Labs reports:

During an internal audit of Grafana on January 25, a member of the security team found a stored XSS vulnerability affecting the core geomap plugin.

The stored XSS vulnerability was possible because map attributions weren’t properly sanitized, allowing arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance.

The CVSS score for this vulnerability is 7.3 High (CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).


Discovery 2023-01-25
Entry 2023-03-01
grafana
< 8.5.21

ge 9.0.0 lt 9.2.13

ge 9.3.0 lt 9.3.8

grafana8
< 8.5.21

grafana9
ge 9.0.0 lt 9.2.13

ge 9.3.0 lt 9.3.8

CVE-2023-0507
https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/
4e60d660-6298-11ed-9ca2-6c3be5272acdGrafana -- Plugin signature bypass

Grafana Labs reports:

On July 4th as a result of an internal security audit we have discovered a bypass in the plugin signature verification by exploiting a versioning flaw.

We believe that this vulnerability is rated at CVSS 6.1 (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L).


Discovery 2022-07-04
Entry 2022-11-12
grafana
ge 7.0.0 lt 8.5.14

ge 9.0.0 lt 9.1.8

grafana7
ge 7.0.0

grafana8
ge 8.0.0 lt 8.5.14

grafana9
ge 9.0.0 lt 9.1.8

CVE-2022-31123
https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8
6877e164-6296-11ed-9ca2-6c3be5272acdGrafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana Labs reports:

On September 7th as a result of an internal security audit we have discovered that Grafana could leak the authentication cookie of users to plugins. After further analysis the vulnerability impacts data source and plugin proxy endpoints under certain conditions.

We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)


Discovery 2022-09-07
Entry 2022-11-12
grafana
ge 5.0.0 lt 8.5.14

ge 9.0.0 lt 9.1.8

grafana7
ge 7.0.0

grafana8
ge 8.0.0 lt 8.5.14

grafana9
ge 9.0.0 lt 9.1.8

CVE-2022-39201
https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr
757ee63b-269a-11ec-a616-6c3be5272acdGrafana -- Snapshot authentication bypass

Grafana Labs reports:

Unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths:

  • /dashboard/snapshot/:key, or
  • /api/snapshots/:key

If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path:

  • /api/snapshots-delete/:deleteKey

Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths:

  • /api/snapshots/:key, or
  • /api/snapshots-delete/:deleteKey

The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss.


Discovery 2021-09-15
Entry 2021-10-06
grafana8
grafana7
grafana6
grafana
ge 8.0.0 lt 8.1.6

ge 2.0.1 lt 7.5.11

CVE-2021-39226
https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/
e33880ed-5802-11ec-8398-6c3be5272acdGrafana -- Path Traversal

Grafana Labs reports:

Grafana is vulnerable to directory traversal, allowing access to local files. We have confirmed this for versions v8.0.0-beta1 to v8.3.0. Thanks to our defense-in-depth approach, at no time has Grafana Cloud been vulnerable.

The vulnerable URL path is: /public/plugins/<“plugin-id”> where <“plugin-id”> is the plugin ID for any installed plugin.

Every Grafana instance comes with pre-installed plugins like the Prometheus plugin or MySQL plugin so the following URLs are vulnerable for every instance:

  • /public/plugins/alertlist/
  • /public/plugins/annolist/
  • /public/plugins/barchart/
  • /public/plugins/bargauge/
  • /public/plugins/candlestick/
  • /public/plugins/cloudwatch/
  • /public/plugins/dashlist/
  • /public/plugins/elasticsearch/
  • /public/plugins/gauge/
  • /public/plugins/geomap/
  • /public/plugins/gettingstarted/
  • /public/plugins/grafana-azure-monitor-datasource/
  • /public/plugins/graph/
  • /public/plugins/heatmap/
  • /public/plugins/histogram/
  • /public/plugins/influxdb/
  • /public/plugins/jaeger/
  • /public/plugins/logs/
  • /public/plugins/loki/
  • /public/plugins/mssql/
  • /public/plugins/mysql/
  • /public/plugins/news/
  • /public/plugins/nodeGraph/
  • /public/plugins/opentsdb
  • /public/plugins/piechart/
  • /public/plugins/pluginlist/
  • /public/plugins/postgres/
  • /public/plugins/prometheus/
  • /public/plugins/stackdriver/
  • /public/plugins/stat/
  • /public/plugins/state-timeline/
  • /public/plugins/status-history/
  • /public/plugins/table/
  • /public/plugins/table-old/
  • /public/plugins/tempo/
  • /public/plugins/testdata/
  • /public/plugins/text/
  • /public/plugins/timeseries/
  • /public/plugins/welcome/
  • /public/plugins/zipkin/

Discovery 2021-12-03
Entry 2021-12-11
grafana8
grafana
ge 8.0.0 lt 8.0.7

ge 8.1.0 lt 8.1.8

ge 8.2.0 lt 8.2.7

ge 8.3.0 lt 8.3.1

CVE-2021-43798
https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/
95e6e6ca-3986-11ed-8e0c-6c3be5272acdGrafana -- Privilege escalation

Grafana Labs reports:

On August 9 an internal security review identified a vulnerability in the Grafana which allows an escalation from Admin privileges to Server Admin when Auth proxy authentication is used.

Auth proxy allows to authenticate a user by only providing the username (or email) in a X-WEBAUTH-USER HTTP header: the trust assumption is that a front proxy will take care of authentication and that Grafana server is publicly reachable only with this front proxy.

Datasource proxy breaks this assumption:

  • it is possible to configure a fake datasource pointing to a localhost Grafana install with a X-WEBAUTH-USER HTTP header containing admin username.
  • This fake datasource can be called publicly via this proxying feature.

The CVSS score for this vulnerability is 6.6 Moderate (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).


Discovery 2022-08-09
Entry 2022-09-21
grafana
ge 2.1.0 lt 8.5.13

ge 9.0.0 lt 9.0.9

ge 9.1.0 lt 9.1.6

grafana7
ge 7.0

grafana8
ge 8.0.0 lt 8.5.13

grafana9
ge 9.0.0 lt 9.0.9

ge 9.1.0 lt 9.1.6

CVE-2022-35957
https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q
99bff2bd-4852-11ec-a828-6c3be5272acdGrafana -- Incorrect Access Control

Grafana Labs reports:

When the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin.


Discovery 2021-11-02
Entry 2021-12-11
grafana8
grafana
ge 8.0.0 lt 8.2.4

CVE-2021-41244
https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/
cecbc674-8b83-11ec-b369-6c3be5272acdGrafana -- XSS

Grafana Labs reports:

On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).


Discovery 2022-01-16
Entry 2022-02-12
grafana6
ge 6.0.0

grafana7
< 7.5.15

grafana8
< 8.3.5

CVE-2022-21702
https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/