Fluid Attacks Database

Description

Grafana XSS via a query alias for the ElasticSearch datasource Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/grafana/grafana	>=0 <7.1.0-beta1	7.1.0-beta1
rpm rhel8	grafana	<0:7.3.6-2.el8	0:7.3.6-2.el8

Aliases

1. CVE-2020-243032. NVD-2020-243033. OSV-2020-243034. GCVE-2020-24303

References

1. https://github.com/grafana/grafana/pull/254012. https://github.com/grafana/grafana/blob/master/CHANGELOG.md#710-beta-1-2020-07-013. https://security.netapp.com/advisory/ntap-20201123-0002

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.