821460 – (CVE-2021-41174) <www-apps/grafana-bin-8.2.3: XSS vulnerability

Bug 821460 (CVE-2021-41174) - <www-apps/grafana-bin-8.2.3: XSS vulnerability

Summary: <www-apps/grafana-bin-8.2.3: XSS vulnerability

Status:	RESOLVED FIXED

Alias:	CVE-2021-41174

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:	https://www.openwall.com/lists/oss-se...
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:	CVE-2021-41244
Blocks:
	Show dependency tree

Reported:	2021-11-03 14:51 UTC by Kenton Groombridge
Modified:	2022-08-16 19:53 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kenton Groombridge gentoo-dev

2021-11-03 14:51:31 UTC

A cross-site scripting vulnerability was found in Grafana. An attacker may use this vulnerability to convince an unsuspecting user to visit a specially crafted URL in order to execute arbitrary JavaScript code in the context of the victim's web browser.

Reproducible: Always

Comment 1 John Helmert III archtester

2021-11-03 15:42:18 UTC

Thank you for reporting! Maintainer, please bump to 8.2.3.

Comment 2 John Helmert III archtester

2022-08-16 19:53:52 UTC

URL says this doesn't affect 7.x, so tree is clean.