CVE-2025-6023
HIGH7.6EPSS 7.1%Grafana is vulnerable to XSS attacks through open redirects and path traversal in github.com/grafana/grafana
發布日:2025/7/18修改日:2025/7/29
描述
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
受影響套件(3)
- Bitnami/grafana>= 11.3.0, < 11.6.3, >= 12.0.0, < 12.0.2
- Go/github.com/grafana/grafanafrom 0, < 1.9.2-0.20250521205822-0ba0b99665a9
- Go/github.com/grafana/grafanafrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
參考連結(12)
- ADVISORYhttps://github.com/advisories/GHSA-vqph-p5vc-g644
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-6023
- WEBhttps://github.com/grafana/grafana
- WEBhttps://github.com/grafana/grafana/commit/0ba0b99665a946cd96676ef85ec8bc83028cb1d7
- WEBhttps://github.com/grafana/grafana/commit/40ed88fe86d347bcde5ddaed6c4a20a95d2f0d55
- WEBhttps://github.com/grafana/grafana/commit/5b00e21638f565eed46acb4d0b7c009968df4c3b
- WEBhttps://github.com/grafana/grafana/commit/b6dd2b70c655c61b111b328f1a7dcca6b3954936
- WEBhttps://github.com/grafana/grafana/commit/e0ba4b480954f8a33aa2cff3229f6bcc05777bd9
- WEBhttps://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023
- WEBhttps://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/
- WEBhttps://grafana.com/security/security-advisories/cve-2025-6023
- WEBhttps://grafana.com/security/security-advisories/cve-2025-6023/