Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-4728: Fix XSS in some dashboards queries (#2785) · graphite-project/graphite-web@2f178f4

A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability.

CVE
#xss#vulnerability#web#js#auth

@@ -16,6 +16,7 @@ from graphite.render.views import renderView from graphite.util import json from graphite.user_util import isAuthenticated from graphite.errors import handleInputParameterError, str_param
fieldRegex = re.compile(r’<([^>]+)>’) defaultScheme = { @@ -108,7 +109,9 @@ def load(self): config = DashboardConfig()

@handleInputParameterError def dashboard(request, name=None): name = str_param('name’, name) dashboard_conf_missing = False
try: @@ -155,7 +158,9 @@ def dashboard(request, name=None): return render(request, "dashboard.html", context)

@handleInputParameterError def template(request, name, val): name = str_param('name’, name) template_conf_missing = False
try: @@ -221,7 +226,10 @@ def getPermissions(user): return permissions

@handleInputParameterError def save(request, name): name = str_param('name’, name)
if ‘change’ not in getPermissions(request.user): return json_response( dict(error="Must be logged in with appropriate permissions to save") ) # Deserialize and reserialize as a validation step @@ -238,7 +246,11 @@ def save(request, name): return json_response( dict(success=True) )

@handleInputParameterError def save_template(request, name, key): name = str_param('name’, name) key = str_param('key’, key)
if ‘change’ not in getPermissions(request.user): return json_response( dict(error="Must be logged in with appropriate permissions to save the template") ) # Deserialize and reserialize as a validation step @@ -257,7 +269,9 @@ def save_template(request, name, key): return json_response( dict(success=True) )

@handleInputParameterError def load(request, name): name = str_param('name’, name) try: dashboard = Dashboard.objects.get(name=name) except Dashboard.DoesNotExist: @@ -266,7 +280,9 @@ def load(request, name): return json_response( dict(state=json.loads(dashboard.state)) )

@handleInputParameterError def load_template(request, name, val): name = str_param('name’, name) try: template = Template.objects.get(name=name) except Template.DoesNotExist: @@ -277,7 +293,9 @@ def load_template(request, name, val): return json_response( dict(state=state) )

@handleInputParameterError def delete(request, name): name = str_param('name’, name) if ‘delete’ not in getPermissions(request.user): return json_response( dict(error="Must be logged in with appropriate permissions to delete") )
@@ -290,7 +308,9 @@ def delete(request, name): return json_response( dict(success=True) )

@handleInputParameterError def delete_template(request, name): name = str_param('name’, name) if ‘delete’ not in getPermissions(request.user): return json_response( dict(error="Must be logged in with appropriate permissions to delete the template") )

Related news

Ubuntu Security Notice USN-6243-2

Ubuntu Security Notice 6243-2 - USN-6243-1 fixed vulnerabilities in Graphite-Web. It was discovered that the applied fix was incomplete. This update fixes the problem. It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Ubuntu Security Notice USN-6243-1

Ubuntu Security Notice 6243-1 - It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information.

GHSA-3c5x-4hvx-qrrr: Graphite Web Cross-site Scripting vulnerability

A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907