Kminehart

**Name of the Vulnerable Software and Affected Versions** Grafana versions prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 **Description** Grafana is an open-source platform for monitoring and observability. The issue is related to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. **Recommendations** For versions prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10, update to versions 9.0.3, 8.5.9, 8.4.10, or 8.3.10 to resolve the issue. As a temporary workaround, consider disabling alerting or using legacy alerting until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Grafana versions 5.3 through 9.0.3 Grafana versions 8.3 through 8.3.10 Grafana versions 8.4 through 8.4.10 Grafana versions 8.5 through 8.5.9 **Description** The issue is related to an authorization problem in the Grafana platform, allowing a malicious user to take over another user's account. This can happen when the malicious user is authorized to log in via a configured OAuth IdP, their external user ID and email address are not associated with a Grafana account, and they know the target user's Grafana username. The malicious user can then set their username in the OAuth provider to that of the target user and log in to Grafana, gaining access to the target user's account. **Recommendations** For versions 5.3 through 9.0.3, update to version 9.0.3 or later. For versions 8.3 through 8.3.10, update to version 8.3.10 or later. For versions 8.4 through 8.4.10, update to version 8.4.10 or later. For versions 8.5 through 8.5.9, update to version 8.5.9 or later. As a temporary workaround, consider disabling OAuth login to the Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.

**Name of the Vulnerable Software and Affected Versions** Grafana versions prior to 7.5.13 Grafana versions prior to 8.3.4 **Description** The issue is related to the Forward OAuth Identity feature in Grafana, which can allow API token holders to retrieve data for which they may not have intended access. This occurs when a data source has the Forward OAuth Identity feature enabled and a query is sent to that data source with an API token and no other user credentials, forwarding the OAuth Identity of the most recently logged-in user. The attack relies on specific conditions, including the presence of data sources that support the Forward OAuth Identity feature, the feature being toggled on for a data source, OAuth being enabled, and the presence of usable API keys. **Recommendations** For versions prior to 7.5.13, update to version 7.5.13 or later. For versions prior to 8.3.4, update to version 8.3.4 or later. As a temporary workaround, consider disabling the Forward OAuth Identity feature for all data sources until a patch is applied. Restrict access to data sources that support the Forward OAuth Identity feature to minimize the risk of exploitation. Avoid using API tokens for queries to data sources with the Forward OAuth Identity feature enabled until the issue is resolved.