CVE-2023-3010 - OpenCVE

Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Grafana	Worldmap Panel

Configuration 1 [-]

cpe:2.3:a:grafana:worldmap_panel:*:*:*:*:*:grafana:*:*

References

Link	Resource
https://grafana.com/security/security-advisories/cve-2023-3010/	Vendor Advisory
https://security.netapp.com/advisory/ntap-20240503-0001/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GRAFANA

Published: 2023-10-25T08:09:48.174Z

Updated: 2024-06-04T17:17:33.636Z

Reserved: 2023-05-31T11:52:43.685Z

Link: CVE-2023-3010

JSON object: View

NVD Information

Status : Modified

Published: 2023-10-25T18:17:29.993

Modified: 2024-05-03T13:15:20.697

Link: CVE-2023-3010

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3010", "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "state": "PUBLISHED", "assignerShortName": "GRAFANA", "dateReserved": "2023-05-31T11:52:43.685Z", "datePublished": "2023-10-25T08:09:48.174Z", "dateUpdated": "2024-06-04T17:17:33.636Z"}, "containers": {"cna": {"affected": [{"product": "worldmap-panel", "vendor": "Grafana", "versions": [{"lessThan": "1.0.4", "status": "affected", "version": "0.3.30", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Grafana is an open-source platform for monitoring and observability. </p><p>The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.</p>"}], "value": "Grafana is an open-source platform for monitoring and observability. \n\nThe WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.\n\n"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da", "shortName": "GRAFANA", "dateUpdated": "2023-10-25T08:09:48.174Z"}, "references": [{"url": "https://grafana.com/security/security-advisories/cve-2023-3010/"}, {"url": "https://security.netapp.com/advisory/ntap-20240503-0001/"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3010", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-14T15:56:56.390682Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:grafana:grafana:-:*:*:*:enterprise:*:*:*"], "vendor": "grafana", "product": "grafana", "versions": [{"status": "affected", "version": "0.3.30", "lessThan": "1.0.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:17:33.636Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:grafana:worldmap_panel:*:*:*:*:*:grafana:*:*", "matchCriteriaId": "106768FF-CEE9-451C-A97A-DACFF567C0EA", "versionEndExcluding": "1.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. \n\nThe WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.\n\n"}, {"lang": "es", "value": "Grafana es una plataforma de c\u00f3digo abierto para monitorizaci\u00f3n y observabilidad. El complemento del panel WorldMap, versiones anteriores a la 1.0.4, contiene una vulnerabilidad de DOM XSS."}], "id": "CVE-2023-3010", "lastModified": "2024-05-03T13:15:20.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "security@grafana.com", "type": "Secondary"}]}, "published": "2023-10-25T18:17:29.993", "references": [{"source": "security@grafana.com", "tags": ["Vendor Advisory"], "url": "https://grafana.com/security/security-advisories/cve-2023-3010/"}, {"source": "security@grafana.com", "url": "https://security.netapp.com/advisory/ntap-20240503-0001/"}], "sourceIdentifier": "security@grafana.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@grafana.com", "type": "Secondary"}]}