FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- Grafana DS proxy race condition

Affected packages
9.4.0 <= grafana < 9.4.12
9.5.0 <= grafana < 9.5.3
9.4.0 <= grafana9 < 9.4.12
9.5.0 <= grafana9 < 9.5.3

Details

VuXML ID 652064ef-056f-11ee-8e16-6c3be5272acd
Discovery 2023-06-06
Entry 2023-06-07

Grafana Labs reports:

We have discovered a vulnerability with Grafana’s data source query endpoints that could end up crashing a Grafana instance.

If you have public dashboards (PD) enabled, we are scoring this as a CVSS 7.5 High.

If you have disabled PD, this vulnerability is still a risk, but triggering the issue requires data source read privileges and access to the Grafana API through a developer script.

References

CVE Name CVE-2023-2801
URL CVE-2023-2801