CVE-2023-2801 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-2801 PUBLISHED

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly. This might enable malicious users to crash Grafana instances through that endpoint. Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix.

EPSS 0.81% · 74.1th percentile

Risk Scores

EPSS Score

0.81%

74.1th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	9.4.0, 9.5.0
Bitnami	grafana	9.4.0, 9.5.0

Timeline

Jun 6, 2023 CVE Published
Jun 7, 2023 EPSS Score
Jul 12, 2023 EPSS Score
Aug 16, 2023 EPSS Score
Sep 21, 2023 EPSS Score
Oct 26, 2023 EPSS Score
Nov 30, 2023 EPSS Score
Jan 4, 2024 EPSS Score
Feb 8, 2024 EPSS Score
Apr 19, 2024 EPSS Score
May 24, 2024 EPSS Score
Jun 28, 2024 EPSS Score

References

Open in Interactive Console →