Grafana is an open-source platform for monitoring and observability.
Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance.
The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly.
This might enable malicious users to crash Grafana instances through that endpoint.
Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix.
References
Link | Resource |
---|---|
https://grafana.com/security/security-advisories/cve-2023-2801/ | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20230706-0002/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GRAFANA
Published: 2023-06-06T18:03:32.459Z
Updated: 2023-06-06T18:03:32.459Z
Reserved: 2023-05-18T16:22:13.573Z
Link: CVE-2023-2801
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-06T19:15:11.413
Modified: 2023-07-06T19:15:10.383
Link: CVE-2023-2801
JSON object: View
Redhat Information
No data.