Description
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin bSuite Cross-Site Scripting (4.0.7)
Ruby on Rails Other Vulnerability (CVE-2021-22904)
Joomla! Core 1.5.x Multiple SQL Injection Vulnerabilities (1.5.0 - 1.5.21)
WordPress Plugin MAC PHOTO GALLERY Multiple Security Bypass Vulnerabilities (3.0)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.5.54)