PT-2022-5682 · Grafana+3 · Grafana+3

Kminehart

Published

2022-07-15

Updated

2025-09-29

CVE-2022-31097

CVSS v3.1

8.7

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Grafana versions prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10

Description Grafana is an open-source platform for monitoring and observability. The issue is related to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this to escalate privilege from editor to admin by tricking an authenticated admin to click on a link.

Recommendations For versions prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10, update to versions 9.0.3, 8.5.9, 8.4.10, or 8.3.10 to resolve the issue. As a temporary workaround, consider disabling alerting or using legacy alerting until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2025_16880

ALT-PU-2022-3295

ALT-PU-2023-1161

ALT-PU-2023-4133

ALT-PU-2023-4346

ALT-PU-2023-4567

BDU:2022-07077

BIT-GRAFANA-2022-31097

CVE-2022-31097

GHSA-VW7Q-P2QG-4M5F

GO-2024-2857

OESA-2025-1186

OESA-2025-1187

OESA-2025-1188

OESA-2025-1189

OPENSUSE-SU-2022_3751-1

OPENSUSE-SU-2022_3765-1

OPENSUSE-SU-2022_4428-1

OPENSUSE-SU-2022_4437-1

OPENSUSE-SU-2024:12260-1

SUSE-SU-2022:3676-1

SUSE-SU-2022:3747-1

SUSE-SU-2022:3751-1

SUSE-SU-2022:3765-1

SUSE-SU-2022:4428-1

SUSE-SU-2022:4437-1

SUSE-SU-2022:4439-1

SUSE-SU-2022_3751-1

SUSE-SU-2023:2575-1

SUSE-SU-2023:2578-1

SUSE-SU-2023:2579-1

SUSE-SU-2024:0191-1

SUSE-SU-2024:0196-1

Affected Products

Alt Linux

Grafana

Red Os

Suse

PT-2022-5682 · Grafana+3 · Grafana+3

CVE-2022-31097

Weakness Enumeration

Related Identifiers

Affected Products

References · 207