Back to bug 2158420
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-01-05 11:22:19 UTC | CC | security-response-team | |
| Avinash Hanwate | 2023-01-05 11:22:59 UTC | CC | agerstmayr, amctagga, aoconnor, bniver, flucifre, gmeno, gparvin, jkurik, jwendell, mbenjamin, mhackett, nathans, njean, ovanders, owatkins, pahickey, rcernich, scox, sostapov, stcannon, teagle, vereddy | |
| Sandipan Roy | 2023-01-05 15:13:34 UTC | Depends On | 2158486 | |
| Avinash Hanwate | 2023-01-12 04:52:16 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| Avinash Hanwate | 2023-01-12 04:54:30 UTC | Doc Text | A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-Site-Scripting where an attacker with an Editor role can add an SVG file containing malicious JavaScript code. When a user with an admin role later edits the GeoMap/Canvas panel, the Javascript is executed. | |
| RaTasha Tillery-Smith | 2023-01-12 12:32:43 UTC | Doc Text | A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-Site-Scripting where an attacker with an Editor role can add an SVG file containing malicious JavaScript code. When a user with an admin role later edits the GeoMap/Canvas panel, the Javascript is executed. | A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-site scripting, where an attacker with an Editor role can add an SVG file containing malicious JavaScript code. The Javascript is executed when a user with an admin role later edits the GeoMap/Canvas panel. |
| Marian Rehak | 2023-01-30 13:07:58 UTC | CC | grafana-maint | |
| Group | security, qe_staff | |||
| Summary | EMBARGOED CVE-2022-23552 grafana: persistent xss in grafana core plugins | CVE-2022-23552 grafana: persistent xss in grafana core plugins | ||
| Avinash Hanwate | 2023-02-01 05:14:26 UTC | Depends On | 2166183 | |
| Red Hat Bugzilla | 2023-02-03 23:11:36 UTC | CC | ovanders | |
| Red Hat Bugzilla | 2023-07-07 08:31:43 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team |
Back to bug 2158420