Home > Vulnerability Database > CVE-2023-2801

Mend.io Vulnerability Database

CVE-2023-2801

Good to know:

Date: June 6, 2023

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly. This might enable malicious users to crash Grafana instances through that endpoint. Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix.

Language: Go

Severity Score

5.3

Related Resources (5)

Url: https://access.redhat.com/security/cve/CVE-2023-2801

Url: https://grafana.com/security/security-advisories/cve-2023-2801/

Url: https://security.netapp.com/advisory/ntap-20230706-0002/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-2801

Url: https://www.mend.io/vulnerability-database/CVE-2023-2801

Severity Score

5.3

Weakness Type (CWE)

Improper Synchronization

CWE-662

Top Fix

Upgrade Version

Upgrade to version v9.4.12,v9.5.3

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-2801

Good to know:

Date: June 6, 2023

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?