Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 821460 (CVE-2021-41174) - <www-apps/grafana-bin-8.2.3: XSS vulnerability
Summary: <www-apps/grafana-bin-8.2.3: XSS vulnerability
Status: RESOLVED FIXED
Alias: CVE-2021-41174
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: ~4 [noglsa]
Keywords:
Depends on: CVE-2021-41244
Blocks:
  Show dependency tree
 
Reported: 2021-11-03 14:51 UTC by Kenton Groombridge
Modified: 2022-08-16 19:53 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kenton Groombridge gentoo-dev 2021-11-03 14:51:31 UTC 
A cross-site scripting vulnerability was found in Grafana. An attacker may use this vulnerability to convince an unsuspecting user to visit a specially crafted URL in order to execute arbitrary JavaScript code in the context of the victim's web browser.

Reproducible: Always
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-11-03 15:42:18 UTC 
Thank you for reporting! Maintainer, please bump to 8.2.3.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-16 19:53:52 UTC 
URL says this doesn't affect 7.x, so tree is clean.