CVE-2023-4399

MEDIUM6.6

Grafana is an open-source platform for monitoring and observability

Published Oct 17, 2023

Modified 11 months ago

No fix available

Details

Grafana is an open-source platform for monitoring and observability.

In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts.

However, the restriction can be bypassed used punycode encoding of the characters in the request address.

References

WEBhttps://grafana.com/security/security-advisories/cve-2023-4399/WEBhttps://security.netapp.com/advisory/ntap-20231208-0003/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2023-4399

CVSS Analysis

CVSS v3.1

6.6

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

LowA:L

6.6/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L

Weakness Type (CWE)

Other

CWE-183

Ecosystems

Timeline

PublishedOct 17, 2023

ModifiedFeb 13, 2025