{}

{}

{}

{"bugzilla": {"description": "grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect", "id": "2364632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364632"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "status": "draft"}, "cwe": "CWE-79", "details": ["A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious websites. This attack can be carried out without requiring elevated privileges if anonymous access is enabled."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-4123", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-15T03:49:32Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4123\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4123\nhttps://grafana.com/grafana/plugins/instana-datasource/?tab=changelog"], "statement": "This Grafana vulnerability is Important due to its low exploitation barrier and high impact. Unlike typical XSS flaws, it can be triggered without authentication if anonymous access is enabled\u2014a common setup in shared dashboards. It arises from improper handling of user-supplied paths in custom frontend plugins, leading to XSS and open redirect. When combined with the Grafana Image Renderer plugin, it enables full-read SSRF, exposing internal services and cloud metadata. This makes it a high-severity issue with serious real-world implications, especially in misconfigured or publicly exposed Grafana instances.", "threat_severity": "Important"}