Bug 1848089 (CVE-2020-12052) - CVE-2020-12052 grafana: XSS annotation popup vulnerability
Summary: CVE-2020-12052 grafana: XSS annotation popup vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-12052
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1848428 1848429 1848430 1848461 1848805 1848806 1850399
Blocks: 1848091
TreeView+ depends on / blocked
 
Reported: 2020-06-17 16:31 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-09-20 14:23 UTC (History)
33 users (show)

Fixed In Version: grafana 6.7.3
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in grafana. The software is vulnerable to an annotation popup XSS.
Clone Of:
Environment:
Last Closed: 2020-07-01 19:27:59 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:2796 0 None None None 2020-07-01 18:46:11 UTC
Red Hat Product Errata RHSA-2020:2861 0 None None None 2020-07-07 19:33:47 UTC
Red Hat Product Errata RHSA-2020:4298 0 None None None 2020-10-27 16:24:13 UTC
Red Hat Product Errata RHSA-2020:4682 0 None None None 2020-11-04 02:59:39 UTC

Description Guilherme de Almeida Suckevicz 2020-06-17 16:31:03 UTC 
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.

Reference:
https://community.grafana.com/t/release-notes-v6-7-x/27119
Comment 5 Przemyslaw Roguski 2020-06-18 13:48:34 UTC 
Upstream commit: 
https://github.com/grafana/grafana/pull/23813/commits
Comment 8 Mark Cooper 2020-06-19 02:51:31 UTC 
Statement:

This issue affects the version of the grafana package as shipped with Red Hat Ceph Storage (RHCS) version 2. Ceph-2 has reached End of Extended Life Cycle Support and no longer fixing moderates/lows.
Comment 9 Mark Cooper 2020-06-19 03:05:50 UTC 
Keeping OpenShift and ServiceMesh at Moderate, as I feel even tho the components are behind OAuth a logged in user can still be tricked to perform XSS.

ServiceMesh packages a vulnerable version of grafana:
  - ServiceMesh 1.0.x grafana v6.2.2
  - ServiceMesh 1.1.x grafana v6.4.3

OpenShift packages a vulnerable version of grafana:
  - OpenShift 3.11 grafana v5.4.3
  - OpenShift 4.x  grafana v6.5.3

In addition, have checked source to ensure the patch hasn't be back-ported.
Comment 13 errata-xmlrpc 2020-07-01 18:46:08 UTC 
This issue has been addressed in the following products:

  OpenShift Service Mesh 1.1

Via RHSA-2020:2796 https://access.redhat.com/errata/RHSA-2020:2796
Comment 14 Product Security DevOps Team 2020-07-01 19:27:59 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12052
Comment 15 errata-xmlrpc 2020-07-07 19:33:44 UTC 
This issue has been addressed in the following products:

  OpenShift Service Mesh 1.0

Via RHSA-2020:2861 https://access.redhat.com/errata/RHSA-2020:2861
Comment 16 errata-xmlrpc 2020-10-27 16:24:07 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2020:4298 https://access.redhat.com/errata/RHSA-2020:4298
Comment 17 errata-xmlrpc 2020-11-04 02:59:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4682 https://access.redhat.com/errata/RHSA-2020:4682
Note You need to log in before you can comment on or make changes to this bug.