Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.

According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 8.5.21, or 9.2.x earlier than 9.2.13, or 9.3.x earlier than 9.3.8. It is, therefore, affected by multiple vulnerabilities:

- A Cross-site Scripting vulnerability.

- A Cross-site Scripting vulnerability.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e7841611-b808-11ed-b695-6c3be5272acd advisory.

  - Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana     had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible     due the value of a span's attributes/resources were not properly sanitized and this will be rendered when     the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change     the value of a trace view visualization to contain JavaScript. This means that vertical privilege     escalation is possible, where a user with Editor role can change to a known password for a user having     Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may     upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. (CVE-2023-0594)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1904-1 advisory.

  - Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana     had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible     due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the     context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor     role in order to change a panel to include a map attribution containing JavaScript. This means that     vertical privilege escalation is possible, where a user with Editor role can change to a known password     for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a     dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. (CVE-2023-0507)

  - Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana     had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible     due the value of a span's attributes/resources were not properly sanitized and this will be rendered when     the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change     the value of a trace view visualization to contain JavaScript. This means that vertical privilege     escalation is possible, where a user with Editor role can change to a known password for a user having     Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may     upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. (CVE-2023-0594)

  - Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS     vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due     the value of the Function Description was not properly sanitized. An attacker needs to have control over     the Graphite data source in order to manipulate a function description and a Grafana admin needs to     configure the data source, later a Grafana user needs to select a tampered function and hover over the     description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. (CVE-2023-1410)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
114863	Grafana 9.3.x < 9.3.8 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
114862	Grafana 9.2.x < 9.2.13 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
114861	Grafana 8.5.x < 8.5.21 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
184461	FreeBSD : Grafana -- Stored XSS in TraceView panel (e7841611-b808-11ed-b695-6c3be5272acd)	Nessus	FreeBSD Local Security Checks	medium
174498	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:1904-1)	Nessus	SuSE Local Security Checks	medium

Detections

Analytics

CVE-2023-0594

medium

Tenable Plugins

medium

medium

medium

medium

medium