CVE-2022-39306

HIGH Year: 2022
CVSS v3 Score
8.1
High
Weakness Type
CWE-20
View all →

Vulnerability Description

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds.

Related Vulnerabilities

CVE-2007-5928

HIGH
CVSS:8.1(High)

OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is...

CWE-202007

CVE-2012-2248

HIGH
CVSS:8.1(High)

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

CWE-202012

CVE-2013-4751

HIGH
CVSS:8.1(High)

php-symfony2-Validator has loss of information during serialization

CWE-202013

CVE-2014-2271

HIGH
CVSS:8.1(High)

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, w...

CWE-202014

CVE-2014-5282

HIGH
CVSS:8.1(High)

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

CWE-202014