Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. References: https://community.grafana.com/t/release-notes-v6-7-x/27119 https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23 https://github.com/grafana/grafana/pull/23816
Created grafana tracking bugs for this issue: Affects: fedora-all [bug 1848644]
Keeping OpenShift and ServiceMesh at Moderate, as I feel even tho the components are behind OAuth a logged in user can still be tricked to perform XSS. ServiceMesh packages a vulnerable version of grafana: - ServiceMesh 1.0.x grafana v6.2.2 - ServiceMesh 1.1.x grafana v6.4.3 OpenShift packages a vulnerable version of grafana: - OpenShift 3.11 grafana v5.4.3 - OpenShift 4.x grafana v6.5.3
Upstream commit: https://github.com/grafana/grafana/pull/23816 <- wrong the above commit is the correct one.
This issue has been addressed in the following products: OpenShift Service Mesh 1.1 Via RHSA-2020:2796 https://access.redhat.com/errata/RHSA-2020:2796
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12245
This issue has been addressed in the following products: OpenShift Service Mesh 1.0 Via RHSA-2020:2861 https://access.redhat.com/errata/RHSA-2020:2861
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2020:4298 https://access.redhat.com/errata/RHSA-2020:4298
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4682 https://access.redhat.com/errata/RHSA-2020:4682