Published: 18/01/2022 Updated: 07/11/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grafana grafana
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36

Synopsis Important: grafana security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for grafana is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rate ...

Synopsis Important: Red Hat OpenShift Service Mesh 231 Containers security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 231 ContainersRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...

Synopsis Moderate: New container image for Red Hat Ceph Storage 52 Security update Type/Severity Security Advisory: Moderate Topic A new container image for Red Hat Ceph Storage 52 is now available in the Red Hat Ecosystem CatalogRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Grafana is an open-source platform for monitoring and observability In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user This can allow API token holders to ret ...

NVD-CWE-Other https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4 https://github.com/grafana/grafana/releases/tag/v8.3.4 https://github.com/grafana/grafana/releases/tag/v7.5.13 https://security.netapp.com/advisory/ntap-20220303-0004/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:8057

CVE-2022-21673

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect