CVE-2022-21703

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
Configurations

Configuration 1

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:3.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:3.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:3.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:3.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:3.0.0:beta7:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Information

Published : 2022-02-08 09:15

Updated : 2022-09-10 02:41


NVD link : CVE-2022-21703

Mitre link : CVE-2022-21703

Products Affected
No products.
CWE