Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/github.com/grafana/grafana@0.0.1
Typepypi
Namespacegithub.com/grafana
Namegrafana
Version0.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-nm7f-bj7m-zybt
vulnerability_id VCID-nm7f-bj7m-zybt
summary 
Grafana Spoofing originalUrl of snapshots
To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient.
When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out:
• Snapshotname
• Expire
• Timeout(seconds)
After the user confirms creation of the snapshot (i.e. clicks the ”Local Snapshot” button) an HTTP POST request is sent to the Grafana server. The HTTP request contains additional parameters that are not visible in the web UI. The parameter originalUrl is not visible in the web UI, but sent in the HTTP POST request.

The value of the originalUrl parameter is automatically generated. The purpose of the presented originalUrl parameter is to provide a user that views the snapshot the possibility to click on the button in the Grafana web UI and be presented with the dashboard that the snapshot was made out of.

The value of the originalUrl parameter can be arbitrarily chosen by a malicious user that creates the snapshot (Note: by editing the query thanks to a web proxy like Burp)
When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The issue here is that the ”Open original dashboard” button no longer points to the to the real original dashboard but to the attacker’s (injected) URL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39324.json
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39324.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39324
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30549
published_at 2026-04-07T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30738
published_at 2026-04-04T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30691
published_at 2026-04-02T12:55:00Z
3
value 0.00154
scoring_system epss
scoring_elements 0.36208
published_at 2026-04-16T12:55:00Z
4
value 0.00154
scoring_system epss
scoring_elements 0.36166
published_at 2026-04-13T12:55:00Z
5
value 0.00154
scoring_system epss
scoring_elements 0.36191
published_at 2026-04-12T12:55:00Z
6
value 0.00154
scoring_system epss
scoring_elements 0.36223
published_at 2026-04-09T12:55:00Z
7
value 0.00154
scoring_system epss
scoring_elements 0.36205
published_at 2026-04-08T12:55:00Z
8
value 0.00154
scoring_system epss
scoring_elements 0.36228
published_at 2026-04-11T12:55:00Z
9
value 0.00154
scoring_system epss
scoring_elements 0.35911
published_at 2026-04-24T12:55:00Z
10
value 0.00154
scoring_system epss
scoring_elements 0.36141
published_at 2026-04-21T12:55:00Z
11
value 0.00154
scoring_system epss
scoring_elements 0.36192
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39324
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/grafana/grafana
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana
4
reference_url https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:24Z/
url https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a
5
reference_url https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:24Z/
url https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c
6
reference_url https://github.com/grafana/grafana/pull/60232
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:24Z/
url https://github.com/grafana/grafana/pull/60232
7
reference_url https://github.com/grafana/grafana/pull/60256
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:24Z/
url https://github.com/grafana/grafana/pull/60256
8
reference_url https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:24Z/
url https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39324
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39324
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2148252
reference_id 2148252
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2148252
11
reference_url https://github.com/advisories/GHSA-4724-7jwc-3fpw
reference_id GHSA-4724-7jwc-3fpw
reference_type
scores
url https://github.com/advisories/GHSA-4724-7jwc-3fpw
12
reference_url https://access.redhat.com/errata/RHSA-2023:3642
reference_id RHSA-2023:3642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3642
13
reference_url https://access.redhat.com/errata/RHSA-2023:6420
reference_id RHSA-2023:6420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6420
fixed_packages
0
url pkg:pypi/github.com/grafana/grafana@8.5.16
purl pkg:pypi/github.com/grafana/grafana@8.5.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/github.com/grafana/grafana@8.5.16
1
url pkg:pypi/github.com/grafana/grafana@9.2.8
purl pkg:pypi/github.com/grafana/grafana@9.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/github.com/grafana/grafana@9.2.8
aliases CVE-2022-39324, GHSA-4724-7jwc-3fpw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nm7f-bj7m-zybt
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/github.com/grafana/grafana@0.0.1