CVE-2018-18625

MEDIUM6.1EPSS 0.83%

Grafana XSS via adding a link in General feature

發布日:2024/1/30修改日:2024/6/28

也稱為:GHSA-6wh2-8hw7-jw94GO-2024-2483

描述

Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

受影響套件(2)

Go/github.com/grafana/grafanafrom 0, < 6.0.0-beta1
Go/github.com/grafana/grafanafrom 0, < 6.0.0-beta1+incompatible

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(5)

ADVISORYhttps://github.com/advisories/GHSA-6wh2-8hw7-jw94
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-18625
WEBhttps://github.com/grafana/grafana/pull/11813
WEBhttps://github.com/grafana/grafana/pull/14984
WEBhttps://security.netapp.com/advisory/ntap-20200608-0008