Description

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the characters in the request address.

Remediation

References

CVE-2023-4399

Related Vulnerabilities

WordPress Plugin Contact Form 7 Arbitrary File Upload (5.3.1)

WordPress Plugin TubePress Cross-Site Scripting (1.6.0)

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)

WordPress Plugin Lazyest Backup 'xml_or_all' Parameter Cross-Site Scripting (0.2.1)

ZenCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-8352)

Severity

High

Classification

CVE-2023-4399 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities