CVE-2023-4399

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Grafana (affected versions not specified)

Description The issue is related to a bypass of the deny list in Grafana, which is an open-source platform for monitoring and observability. This bypass can be achieved by using punycode encoding of characters in the request address, allowing a remote attacker to circumvent existing access restrictions. The vulnerability is related to the Request security feature in Grafana Enterprise, which is designed to prevent the instance from calling specific hosts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-183

Related Identifiers

ALT-PU-2023-7440

ALT-PU-2024-12406

ALT-PU-2024-2190

ALT-PU-2024-7863

BDU:2024-02599

BIT-GRAFANA-2023-4399

CVE-2023-4399

Affected Products

Alt Linux

Grafana

Red Os

CVE-2023-4399

Weakness Enumeration

Related Identifiers

Affected Products

References · 20