Back to bug 2019952
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2021-11-03 17:08:54 UTC | Blocks | 2019953 | |
| Riccardo Schirone | 2021-11-04 10:36:27 UTC | Fixed In Version | grafana 8.2.3 | |
| Riccardo Schirone | 2021-11-04 10:44:55 UTC | Summary | CVE-2021-41174 grafana: XSS vulnerability on unauthenticated pages | CVE-2021-41174 grafana: XSS vulnerability on unauthenticated pages through interpolation binding expressions for AngularJS in URL |
| Riccardo Schirone | 2021-11-04 10:55:06 UTC | Doc Text | A cross-site scripting (XSS) vulnerability in Grafana allows an attacker to execute arbitrary JavaScript code in the browser of a victim user. An attacker may send a link referencing a page where the victim is unauthenticated and that contains the login button and including interpolation binding expressions (e.g. `{{` and `}}` in AngularJS) in the URL. | |
| Eric Christensen | 2021-11-04 15:28:41 UTC | Doc Text | A cross-site scripting (XSS) vulnerability in Grafana allows an attacker to execute arbitrary JavaScript code in the browser of a victim user. An attacker may send a link referencing a page where the victim is unauthenticated and that contains the login button and including interpolation binding expressions (e.g. `{{` and `}}` in AngularJS) in the URL. | A cross-site scripting (XSS) vulnerability in grafana allows an attacker to execute arbitrary JavaScript code in the browser of a victim user. An attacker may send a link referencing a page where the victim is unauthenticated and contains the login button and including interpolation binding expressions (e.g. `{{` and `}}` in AngularJS) in the URL. |
| Borja Tarraso | 2021-11-12 11:16:39 UTC | Depends On | 2022700 | |
| Red Hat Bugzilla | 2022-01-08 05:28:38 UTC | CC | jokerman | |
| Red Hat Bugzilla | 2022-03-10 13:36:04 UTC | CC | mgoodwin | |
| Red Hat Bugzilla | 2022-06-30 23:03:09 UTC | CC | erooth | |
| Red Hat Bugzilla | 2022-08-12 04:30:44 UTC | CC | amuller | |
| Red Hat Bugzilla | 2022-10-08 04:27:44 UTC | CC | gghezzo | |
| Red Hat Bugzilla | 2023-01-01 05:32:45 UTC | CC | amctagga | |
| Red Hat Bugzilla | 2023-01-01 05:47:14 UTC | CC | flucifre | |
| Red Hat Bugzilla | 2023-01-01 05:52:49 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-01-01 06:02:34 UTC | CC | bniver | |
| Red Hat Bugzilla | 2023-01-01 08:35:10 UTC | CC | mbenjamin | |
| Red Hat Bugzilla | 2023-01-01 08:44:25 UTC | CC | sostapov | |
| Red Hat Bugzilla | 2023-01-01 08:49:10 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 05:43:50 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 06:11:25 UTC | CC | bniver | |
| Alasdair Kergon | 2023-01-04 06:23:48 UTC | CC | mbenjamin | |
| Alasdair Kergon | 2023-01-04 06:43:51 UTC | CC | flucifre | |
| Alasdair Kergon | 2023-01-04 06:59:12 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 11:29:24 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-07-07 08:29:30 UTC | Assignee | security-response-team | nobody |
Back to bug 2019952