In Grafana, when creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the Open original dashboard” button. Affected Versions - Grafana <=8.x - Grafana <=9.x
Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2166179]
This issue has been addressed in the following products: Red Hat Ceph Storage 6.1 Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6420 https://access.redhat.com/errata/RHSA-2023:6420