Description

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the characters in the request address.

Remediation

References

CVE-2023-4399

Related Vulnerabilities

MySQL CVE-2016-0640 Vulnerability (CVE-2016-0640)

Backbone.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10537)

WordPress 'paged' Parameter SQL Injection Vulnerability (2.0.2 - 2.0.5)

WordPress Plugin WordPress Book List Arbitrary File Upload (5.0.11)

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)

Severity

High

Classification

CVE-2023-4399 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities