CVE-2022-39324 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-39324 PUBLISHED

Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.

EPSS 0.12% · 30.5th percentile

Risk Scores

EPSS Score

0.12%

30.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	0, 9.0.0
Bitnami	grafana	0, 9.0.0

Timeline

Jan 25, 2023 CVE Published
Jan 28, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 9, 2023 EPSS Score
Apr 17, 2023 EPSS Score
May 27, 2023 EPSS Score
Aug 14, 2023 EPSS Score
Sep 23, 2023 EPSS Score
Nov 2, 2023 EPSS Score
Dec 12, 2023 EPSS Score
Jan 20, 2024 EPSS Score
Jan 23, 2024 CVE Updated

References

Open in Interactive Console →