IT News
55

CVE-2022-31097: 0-day vulnerability in open-source analytics Grafana






  11-Dec-2022 02:08:21



This flaw affects Grafana Alerting (previously referred to as Unified Alerting when it was introduced in Grafana 8.0). Grafana Alerting is activated by default in Grafana 9.0.

Details about the issue started to become public in July when Grafana Labs rolled out updates for affected versions 8.0.0- through 9.0.1.

“On Nov. 25, a Grafana community member reported a stored XSS vulnerability in Grafana Alerting. On further investigation, this vulnerability is a regression of CVE-2022-31097. As this issue was raised in our public repositories, we are treating this as a 0-day and are immediately releasing patches to the public,” read the Granfana security bulletin.

An attacker can exploit CVE-2022-31097 to escalate privilege from editor to admin by tricking an authenticated admin to click on a link.

Impact

An attacker can exploit this vulnerability in Grafana Alerting to escalate privilege from Editor to Admin by tricking an authenticated admin to click on a link.

Impacted versions

9.1.0-beta1 -> 9.3.0-beta1

See the original vulnerability for the original versions that were impacted.

Solutions and mitigations

To fully address CVE-2022-31097, please upgrade your Grafana instances. Appropriate patches have been applied to Grafana Cloud.

As a workaround, Grafana Alerting may be disabled or users may switch to legacy alerting. 

CVE detail : https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-31097 

Source : 

https://grafana.com/blog/2022/11/29/grafana-security-release-new-versions-with-high-severity-security-fix-for-cve-2022-31097/ 

https://securityonline.info/cve-2022-31097-0-day-vulnerability-in-open-source-analytics-grafana/ 


*Beware click the link!


DISCUSSION
Nothing comment here :(
Login for comment and discussion.
Login Here
Sponsored

Oppss... No sponsors yet

Popular Posts
Complete Basic Course in Kali...
Djie sam soe Djie sam soe
Linux
13410
3
Top

Gps Tracker Seccodeid Free Too...
Djie sam soe Djie sam soe
General
12721
173
Top

Free Proxy List
Sandidi Sandidi
Networking
3270
3
Top

Komintod (Ministry of Communic...
Murtad methamphetamine Murtad methamphetamine
Data Leak
2897
52
Top

Mass Reverse IP Unlimited
ImamWawe ImamWawe
Tools Hacking
2759
13
Top

Related Post

Youtube Video

Subscribe