PT-2020-8638 · Grafana+3 · Grafana+3

Noasand

Published

2020-06-02

Updated

2024-06-28

CVE-2018-18624

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 7.0.0 Grafana version 5.3.1

Description: The issue is related to a XSS vulnerability via a column style on the "Dashboard > Table Panel" screen. This problem exists due to an incomplete fix for a previous issue.

Recommendations: For Grafana version 5.3.1, consider updating to a version later than 5.3.1 to resolve the issue. For Grafana versions prior to 7.0.0, update to version 7.0.0 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the "Dashboard > Table Panel" screen until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2020:4682

CESA-2020_4682

CVE-2018-18624

ECHO-7D81-FCB1-B8A3

GHSA-9HV8-4FRF-CPRF

GO-2024-2516

RHSA-2020:4682

RHSA-2020_4682

SUSE-SU-2020:2876-1

SUSE-SU-2020:2911-1

SUSE-SU-2020:3309-1

SUSE-SU-2021:1962-1

Affected Products

Almalinux

Centos

Grafana

Red Hat

PT-2020-8638 · Grafana+3 · Grafana+3

CVE-2018-18624

Weakness Enumeration

Related Identifiers

Affected Products

References · 190