PT-2022-7303 · Grafana+7 · Grafana+7

Abrahack

Published

2022-02-08

Updated

2025-09-29

CVE-2022-21703

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Grafana versions prior to the fixed version

Description The issue is related to a cross-site request forgery vulnerability that allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users, such as Editors or Admins. An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.

Recommendations Upgrade to a version that contains a fix for this issue as soon as possible. As a temporary workaround, consider restricting the ability of authenticated users to invite new users with high privileges until a patch is available. Avoid using features that allow inviting new users with high privileges in the affected Grafana versions until the issue is resolved.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALSA-2022:7519

ALSA-2022:8057

ALSA-2025_16880

ALT-PU-2022-1806

ALT-PU-2022-1820

ALT-PU-2023-4567

BDU:2024-02597

BIT-GRAFANA-2022-21703

CESA-2022_7519

CVE-2022-21703

GHSA-CMF4-H3XC-JW8W

OESA-2022-1688

OPENSUSE-SU-2022_1396-1

OPENSUSE-SU-2022_3765-1

OPENSUSE-SU-2024:11836-1

RHSA-2022:7519

RHSA-2022:8057

RHSA-2022_7519

RHSA-2022_8057

RLSA-2022:7519

RLSA-2022:8057

SUSE-FU-2022:1419-1

SUSE-SU-2022:0751-1

SUSE-SU-2022:1396-1

SUSE-SU-2022:2134-1

SUSE-SU-2022:3676-1

SUSE-SU-2022:3765-1

SUSE-SU-2024:0191-1

Affected Products

Alt Linux

Almalinux

Centos

Grafana

Red Hat

Red Os

Rocky Linux

Suse

PT-2022-7303 · Grafana+7 · Grafana+7

CVE-2022-21703

Weakness Enumeration

Related Identifiers

Affected Products

References · 234