VDB
CVE-2022-29170
CVE-2022-29170
PUBLISHED
Grafana Enterprise datasource network restrictions bypass via HTTP redirects
EPSS 0.10% · 27.1th percentile
Risk Scores
EPSS Score
0.10%
27.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | grafana | 7.4.0, 8.0.0 |
| Bitnami | grafana | 8.0.0, 7.4.0, 7.4.0 |
Exploit Intelligence
- Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5. CVE project by @Sn0wAlice (github-poc)
- Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5. CVE project by @Sn0wAlice (github-poc)
- Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5. CVE project by @Sn0wAlice (github-poc)
- Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5. CVE project by @Sn0wAlice (github-poc)
- Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5. CVE project by @Sn0wAlice (github-poc)
- Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5. CVE project by @Sn0wAlice (github-poc)
Timeline
- May 19, 2022 CVE Published
- May 21, 2022 EPSS Score
- May 30, 2022 CVE Updated
- Jul 9, 2022 EPSS Score
- Oct 16, 2022 EPSS Score
- Dec 4, 2022 EPSS Score
- Jan 22, 2023 EPSS Score
- Mar 12, 2023 EPSS Score
- Apr 30, 2023 EPSS Score
- Jun 17, 2023 EPSS Score
- Sep 23, 2023 EPSS Score
- Nov 11, 2023 EPSS Score
References
- https://github.com/grafana/grafana/pull/49240 url
- https://github.com/grafana/grafana/releases/tag/v7.5.16 url
- https://github.com/grafana/grafana/releases/tag/v8.5.3 url
- https://github.com/grafana/grafana/security/advisories/GHSA-9rrr-6fq2-4f99 url
- https://security.netapp.com/advisory/ntap-20220707-0005/ url
- https://nvd.nist.gov/vuln/detail/CVE-2022-29170 url