CVE-2022-31097 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-31097 PUBLISHED

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.

EPSS 48.06% · 97.7th percentile

Risk Scores

EPSS Score

48.06%

97.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	9.0.0, 8.0.0, 8.4.0
Bitnami	grafana	8.0.0, 8.4.0, 8.5.0

Timeline

Jul 14, 2022 CVE Published
Jul 16, 2022 EPSS Score
Sep 22, 2023 EPSS Score
Jan 23, 2024 CVE Updated
Mar 17, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 7, 2025 EPSS Score
Apr 13, 2025 EPSS Score
May 4, 2025 EPSS Score
Jun 4, 2025 EPSS Score
Jul 1, 2025 EPSS Score
Jul 15, 2025 EPSS Score

References

Open in Interactive Console →