{ "threat_severity" : "Important", "public_date" : "2025-05-15T03:49:32Z", "bugzilla" : { "description" : "grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect", "id" : "2364632", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2364632" }, "cvss3" : { "cvss3_base_score" : "7.6", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-79", "details" : [ "A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\nThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.", "A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious websites. This attack can be carried out without requiring elevated privileges if anonymous access is enabled." ], "statement" : "This Grafana vulnerability is Important due to its low exploitation barrier and high impact. Unlike typical XSS flaws, it can be triggered without authentication if anonymous access is enabled—a common setup in shared dashboards. It arises from improper handling of user-supplied paths in custom frontend plugins, leading to XSS and open redirect. When combined with the Grafana Image Renderer plugin, it enables full-read SSRF, exposing internal services and cloud metadata. This makes it a high-severity issue with serious real-world implications, especially in misconfigured or publicly exposed Grafana instances.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-05-19T00:00:00Z", "advisory" : "RHSA-2025:7892", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "grafana-0:10.2.6-17.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-05-19T00:00:00Z", "advisory" : "RHSA-2025:7894", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "grafana-0:9.2.10-23.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2025-06-09T00:00:00Z", "advisory" : "RHSA-2025:8684", "cpe" : "cpe:/a:redhat:rhel_aus:8.2", "package" : "grafana-0:6.3.6-7.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2025-06-09T00:00:00Z", "advisory" : "RHSA-2025:8683", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "grafana-0:7.3.6-9.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2025-06-09T00:00:00Z", "advisory" : "RHSA-2025:8679", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "grafana-0:7.5.11-6.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2025-06-09T00:00:00Z", "advisory" : "RHSA-2025:8679", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "grafana-0:7.5.11-6.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-06-09T00:00:00Z", "advisory" : "RHSA-2025:8679", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "grafana-0:7.5.11-6.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2025-06-09T00:00:00Z", "advisory" : "RHSA-2025:8685", "cpe" : "cpe:/a:redhat:rhel_tus:8.8", "package" : "grafana-0:7.5.15-7.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2025-06-09T00:00:00Z", "advisory" : "RHSA-2025:8685", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "grafana-0:7.5.15-7.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-19T00:00:00Z", "advisory" : "RHSA-2025:7893", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-0:10.2.6-13.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-06-09T00:00:00Z", "advisory" : "RHSA-2025:8681", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "grafana-0:7.5.11-10.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-06-09T00:00:00Z", "advisory" : "RHSA-2025:8680", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "grafana-0:9.0.9-8.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-06-09T00:00:00Z", "advisory" : "RHSA-2025:8665", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "grafana-0:9.2.10-23.el9_4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-4123\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4123\nhttps://grafana.com/grafana/plugins/instana-datasource/?tab=changelog" ], "name" : "CVE-2025-4123", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }