Back to bug 2181117
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-03-23 06:48:46 UTC | Fixed In Version | Grafana 8.5.22, 9.3.11, and 9.2.15 | Grafana 8.5.22, Grafana 9.3.11, Grafana 9.2.15 |
| Avinash Hanwate | 2023-03-23 06:49:01 UTC | Blocks | 2181118 | |
| Avinash Hanwate | 2023-03-23 06:50:39 UTC | CC | amctagga, aoconnor, bniver, flucifre, gmeno, gparvin, grafana-maint, jkurik, jwendell, mbenjamin, mhackett, nathans, njean, owatkins, pahickey, rcernich, scox, sostapov, stcannon, teagle, twalsh, vereddy | |
| Avinash Hanwate | 2023-03-23 07:05:03 UTC | Doc Text | A flaw was found in the Grafana. An attacker could host a Graphite instance with modified Function Descriptions containing XSS payloads. When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executed. | |
| Avinash Hanwate | 2023-03-23 07:14:02 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| Avinash Hanwate | 2023-03-23 07:14:45 UTC | Depends On | 2181123, 2181124 | |
| RaTasha Tillery-Smith | 2023-03-23 13:57:54 UTC | Doc Text | A flaw was found in the Grafana. An attacker could host a Graphite instance with modified Function Descriptions containing XSS payloads. When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executed. | A flaw was found in Grafana. This flaw allows an attacker to host a Graphite instance with modified Function Descriptions containing XSS payloads. When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executed. |
| TEJ RATHI | 2023-03-24 06:20:40 UTC | Depends On | 2181438 | |
| TEJ RATHI | 2023-03-24 06:21:17 UTC | Depends On | 2181439 | |
| Red Hat Bugzilla | 2023-07-07 08:34:10 UTC | Assignee | security-response-team | nobody |
Back to bug 2181117