Bug 2160331 (CVE-2022-4729) - CVE-2022-4729 graphite-web: Cross-site scripting vulnerability
Summary: CVE-2022-4729 graphite-web: Cross-site scripting vulnerability
Keywords:
Status: NEW
Alias: CVE-2022-4729
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2160332 2160333 2160341
Blocks: 2156345
TreeView+ depends on / blocked
 
Reported: 2023-01-12 05:20 UTC by Avinash Hanwate
Modified: 2023-07-07 08:32 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the graphite-web package. Affected versions of this package are vulnerable to Cross-site scripting.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Avinash Hanwate 2023-01-12 05:20:37 UTC 
A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216743.

https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
https://vuldb.com/?id.216743
https://github.com/graphite-project/graphite-web/issues/2745
https://github.com/graphite-project/graphite-web/pull/2785
Comment 1 Avinash Hanwate 2023-01-12 05:21:39 UTC 
Created graphite-web tracking bugs for this issue:

Affects: epel-all [bug 2160333]
Affects: fedora-all [bug 2160332]
Note You need to log in before you can comment on or make changes to this bug.