Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-352"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21703.json"
}{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"cpe:2.3:a:grafana:grafana:3.0.0:beta6:*:*:*:*:*:*",
"cpe:2.3:a:grafana:grafana:3.0.0:beta7:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "3.0.1"
},
{
"fixed": "7.5.15"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.3.5"
},
{
"introduced": "3.0.0-beta6"
},
{
"last_affected": "3.0.0-beta6"
},
{
"introduced": "3.0.0-beta7"
},
{
"last_affected": "3.0.0-beta7"
}
]
}