blob: 0af71552b0bda625e24e229783bcdb644c3a690e [file] [log] [blame]
id: GO-2024-2857
modules:
- module: github.com/grafana/grafana
non_go_versions:
- introduced: 8.0.0
- fixed: 8.3.10
- introduced: 8.4.0
- fixed: 8.4.10
- introduced: 8.5.0
- fixed: 8.5.9
- introduced: 9.0.0
- fixed: 9.0.3
vulnerable_at: 5.4.5+incompatible
summary: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
cves:
- CVE-2022-31097
ghsas:
- GHSA-vw7q-p2qg-4m5f
unknown_aliases:
- BIT-grafana-2022-31097
references:
- advisory: https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-31097
- web: https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9
- web: https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3
- web: https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10
- web: https://security.netapp.com/advisory/ntap-20220901-0010
source:
id: GHSA-vw7q-p2qg-4m5f
created: 2024-06-04T14:26:57.952392-04:00
review_status: UNREVIEWED