Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-21703

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Published

2022-02-08T21:15:20.150

Last Modified

2024-11-21T06:45:16.160

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-352
  • Type: Primary
    CWE-352
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application grafana grafana < 7.5.15 Yes
Application grafana grafana < 8.3.5 Yes
Application grafana grafana 3.0.0 Yes
Application grafana grafana 3.0.0 Yes
Application grafana grafana 3.0.0 Yes
Application grafana grafana 3.0.0 Yes
Application grafana grafana 3.0.0 Yes
Application grafana grafana 3.0.0 Yes
Application grafana grafana 3.0.0 Yes
Application netapp e-series_performance_analyzer < 3.0 Yes
Operating System fedoraproject fedora 34 Yes
Operating System fedoraproject fedora 35 Yes
Operating System fedoraproject fedora 36 Yes
References