Vtorosyan

**Name of the Vulnerable Software and Affected Versions** Grafana versions prior to 9.2.10 Grafana versions prior to 9.3.4 **Description** The issue is related to the caching of datasource queries in Grafana, which includes caching of the `grafana session` header. This allows any user querying a datasource with caching enabled to potentially acquire another user's session. **Recommendations** For versions prior to 9.2.10, disable datasource query caching for all datasources as a mitigation measure. For versions prior to 9.3.4, disable datasource query caching for all datasources as a mitigation measure. As a temporary workaround, consider disabling the datasource query caching for all datasources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Grafana versions prior to 9.2.10 Grafana versions prior to 9.3.4 **Description** The issue is related to a stored XSS vulnerability affecting the core plugin "Text" in Grafana. This vulnerability requires several user interactions to be fully exploited and is possible due to React's render cycle passing through unsanitized HTML code. An attacker needs to have the Editor role to change a Text panel to include JavaScript, and another user needs to edit the same Text panel and click on "Markdown" or "HTML" for the code to be executed. This allows for vertical privilege escalation, where a user with Editor role can change a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. **Recommendations** Update your Grafana instance to version 9.2.10 or later. Update your Grafana instance to version 9.3.4 or later. As a temporary workaround, consider restricting the Editor role to minimize the risk of exploitation. Restrict access to the "Text" plugin to minimize the risk of exploitation. Avoid using the "Markdown" or "HTML" options in the Text panel until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Grafana versions 8.1 through 8.5.15 Grafana versions 9.2.0 through 9.2.9 Grafana versions 9.3.0 through 9.3.3 **Description** Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. **Recommendations** For versions 8.1 through 8.5.15, upgrade to version 8.5.16 to receive a fix. For versions 9.2.0 through 9.2.9, upgrade to version 9.2.10 to receive a fix. For versions 9.3.0 through 9.3.3, upgrade to version 9.3.4 to receive a fix.

**Name of the Vulnerable Software and Affected Versions** Grafana versions prior to 8.5.16 and 9.2.8 **Description** The issue allows a malicious user to create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the real original dashboard but to the attacker’s injected URL. **Recommendations** For versions prior to 8.5.16, update to version 8.5.16 or later. For versions prior to 9.2.8, update to version 9.2.8 or later. As a temporary workaround, consider restricting access to the snapshot feature until a patch is available. Avoid using the `originalUrl` parameter in the affected API endpoint until the issue is resolved.

**Nome do software vulnerável e versões afetadas** Versões do Grafana anteriores à 8.5.15 Versões do Grafana 9.0.0 a 9.2.3 **Descrição** O Grafana é uma plataforma de código aberto para monitoramento e observabilidade. Ao usar a opção “Esqueci a senha” na página de login, é enviada uma solicitação POST para a URL “/api/user/password/sent-reset-email”. Quando o `username` ou o `email` não existe, uma resposta JSON contém a mensagem “usuário não encontrado”. Isso vaza informações para usuários não autenticados e representa um risco à segurança. **Recomendações** Para versões do Grafana anteriores à 8.5.15, atualize para a versão 8.5.15 ou posterior. Para versões do Grafana de 9.0.0 a 9.2.3, atualize para a versão 9.2.4 ou posterior. Como solução temporária, considere restringir o acesso ao endpoint da API `/api/user/password/sent-reset-email` até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** Versões do Grafana anteriores à 8.5.13 Versões do Grafana anteriores à 9.0.9 Versões do Grafana anteriores à 9.1.6 **Descrição** O problema está relacionado à preservação inadequada de permissões, resultando em escalonamento de privilégios em algumas pastas nas quais “Admin” é a única permissão definida. Isso ocorre quando o RBAC foi desativado e depois reativado, pois as migrações que convertem permissões de pastas legadas para permissões RBAC não levam em conta o cenário em que a única permissão de usuário na pasta é “Admin”. Como resultado, o RBAC adiciona permissões para “Editores” e “Visualizadores”, permitindo que eles editem e visualizem pastas. **Recomendações** Para versões anteriores à 8.5.13, atualize para a versão 8.5.13 ou posterior. Para versões anteriores à 9.0.9, atualize para a versão 9.0.9 ou posterior. Para versões anteriores à 9.1.6, atualize para a versão 9.1.6 ou posterior. Como solução alternativa temporária, quando a pasta/painel afetado for identificado, considere remover manualmente as permissões adicionais.