CVE-2023-1410 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-1410 PUBLISHED

Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.

EPSS 1.22% · 79.0th percentile

Risk Scores

EPSS Score

1.22%

79.0th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	8.0.0, 9.2.0, 9.3.0
Bitnami	grafana	8.0.0, 9.2.0, 9.3.0

Timeline

Mar 22, 2023 CVE Published
Mar 23, 2023 EPSS Score
Apr 30, 2023 EPSS Score
Jun 7, 2023 EPSS Score
Jul 14, 2023 EPSS Score
Aug 21, 2023 EPSS Score
Sep 28, 2023 EPSS Score
Nov 5, 2023 EPSS Score
Dec 13, 2023 EPSS Score
Jan 20, 2024 EPSS Score
Jan 23, 2024 CVE Updated
Feb 26, 2024 EPSS Score

References

Open in Interactive Console →