Kazeruch

Name of the Vulnerable Software and Affected Versions: Volkov Labs Business Links panel for Grafana versions prior to 2.4.0 Description: The Volkov Labs Business Links panel for Grafana allows navigation using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary administrative actions. This is possible due to arbitrary JavaScript code injection in the `URL` field within the [Layout] → [Link] → [URL] configuration. Recommendations: Update to version 2.4.0 or later.