FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- XSS

Affected packages
6.0.0 <= grafana6
grafana7 < 7.5.15
grafana8 < 8.3.5


VuXML ID cecbc674-8b83-11ec-b369-6c3be5272acd
Discovery 2022-01-16
Entry 2022-02-12

Grafana Labs reports:

On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).


CVE Name CVE-2022-21702