An XSS vulnerability was found in the way Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org. GitHub security advisory: https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g Grafana blog post: https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/
Upstream commit: v7.5.x: https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85 v8.3.x: https://github.com/grafana/grafana/commit/41c1cd2865fee195a76f4856905077dfff311169
Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2053453]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7519 https://access.redhat.com/errata/RHSA-2022:7519
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8057 https://access.redhat.com/errata/RHSA-2022:8057
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-21702