Grafana is an open-source platform for monitoring and observability.
In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts.
However, the restriction can be bypassed used punycode encoding of the characters in the request address.
References
Link | Resource |
---|---|
https://grafana.com/security/security-advisories/cve-2023-4399/ | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20231208-0003/ |
Configurations
Configuration 1 (hide)
|
History
24 Oct 2023, 15:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | (MISC) https://grafana.com/security/security-advisories/cve-2023-4399/ - Vendor Advisory | |
First Time |
Grafana grafana
Grafana |
|
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CWE | NVD-CWE-noinfo |
17 Oct 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-17 08:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4399
Mitre link : CVE-2023-4399
CVE.ORG link : CVE-2023-4399
JSON object : View
Products Affected
grafana
- grafana
CWE