CVE-2022-21703 (grafana)

admin February 12, 2022 1 min read

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Related Stories

CVE-2022-0781 (nirweb_support)

CVE-2022-1093 (wp_meta_seo)

CVE-2022-1192 (turn_off_all_comments)

You may have missed

hakoriginfinder: discovering the origin host behind a reverse proxy

ToRReZ Vendor “OnlyTheFinest” Enters Guilty Plea

The strange link between Industrial Spy and the Cuba ransomware operation

Reuters: Russia-linked APT behind Brexit leak website