PT-2019-7242 · Grafana · Grafana Piechart-Panel Plugin

Feroz Salamon

Published

2019-02-06

Updated

2019-06-11

CVE-2015-9282

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Grafana Pie Chart Panel plugin versions prior to 2019-01-02

Description The issue allows an attacker to gain remote unauthenticated access to a Grafana dashboard when a chart is included. This is possible due to XSS via legend data or tooltip data.

Recommendations For versions prior to 2019-01-02, update the Pie Chart Panel plugin to a version released after 2019-01-02 to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-9282

Affected Products

Grafana Piechart-Panel Plugin

PT-2019-7242 · Grafana · Grafana Piechart-Panel Plugin

CVE-2015-9282

Weakness Enumeration

Related Identifiers

Affected Products

References · 5