PT-2020-3007 · Grafana+5 · Grafana+5

Published

2020-04-23

Updated

2024-06-28

CVE-2020-12245

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Grafana versions prior to 6.7.3

Description The issue is related to insufficient protection of the web page structure in the Grafana data visualization tool, specifically in the column.title and cellLinkTooltip components. This can allow a remote attacker to perform cross-site scripting (XSS) attacks.

Recommendations For versions prior to 6.7.3, update to version 6.7.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the column.title and cellLinkTooltip components until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2020:4682

ALT-PU-2020-1966

ALT-PU-2020-2204

BDU:2020-03230

BIT-GRAFANA-2020-12245

CESA-2020_4682

CVE-2020-12245

ECHO-BE23-584D-FAEA

GHSA-CCMG-W4XM-P28V

GO-2024-2517

OPENSUSE-SU-2020:0892-1

OPENSUSE-SU-2020:1105-1

OPENSUSE-SU-2020:1611-1

OPENSUSE-SU-2020:1646-1

OPENSUSE-SU-2020_0892-1

OPENSUSE-SU-2020_1105-1

OPENSUSE-SU-2024:10818-1

RHSA-2020:2796

RHSA-2020:2861

RHSA-2020:4682

RHSA-2020_4682

SUSE-SU-2020:1715-1

SUSE-SU-2020:1718-1

SUSE-SU-2020:1970-1

SUSE-SU-2020:1972-1

SUSE-SU-2021:1233-1

Affected Products

Alt Linux

Almalinux

Centos

Grafana

Red Hat

Suse

PT-2020-3007 · Grafana+5 · Grafana+5

CVE-2020-12245

Weakness Enumeration

Related Identifiers

Affected Products

References · 90