CVE-2023-4399

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the characters in the request address.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*

History

24 Oct 2023, 15:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2
References (MISC) https://grafana.com/security/security-advisories/cve-2023-4399/ - (MISC) https://grafana.com/security/security-advisories/cve-2023-4399/ - Vendor Advisory
First Time Grafana grafana
Grafana
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CWE NVD-CWE-noinfo

17 Oct 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-17 08:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4399

Mitre link : CVE-2023-4399

CVE.ORG link : CVE-2023-4399


JSON object : View

Products Affected

grafana

  • grafana
CWE
NVD-CWE-noinfo CWE-183

Permissive List of Allowed Inputs