Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 821460 (CVE-2021-41174)

Summary: <www-apps/grafana-bin-8.2.3: XSS vulnerability
Product: Gentoo Security Reporter: Kenton Groombridge <concord>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: patrick
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.openwall.com/lists/oss-security/2021/11/03/1
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 823874    
Bug Blocks:    

Description Kenton Groombridge gentoo-dev 2021-11-03 14:51:31 UTC 
A cross-site scripting vulnerability was found in Grafana. An attacker may use this vulnerability to convince an unsuspecting user to visit a specially crafted URL in order to execute arbitrary JavaScript code in the context of the victim's web browser.

Reproducible: Always
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-11-03 15:42:18 UTC 
Thank you for reporting! Maintainer, please bump to 8.2.3.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-16 19:53:52 UTC 
URL says this doesn't affect 7.x, so tree is clean.