FLAT-KY14M – Vulnerability | Fluid Attacks Database

Database

Description

Grafana XSS in header column rename Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/grafana/grafana	>=0 <6.7.3	6.7.3
rpm rhel8	grafana	<0:6.7.4-3.el8	0:6.7.4-3.el8

Aliases

1. CVE-2020-122452. NVD-2020-122453. OSV-2020-122454. GCVE-2020-12245

References

1. https://github.com/grafana/grafana/pull/238162. https://github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88e3. https://community.grafana.com/t/release-notes-v6-7-x/271194. https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-235. https://security.netapp.com/advisory/ntap-20200511-00016. http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html7. http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html8. http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html9. http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.