[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-21703":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":36,"aliases":37,"duplicate_of":9,"upstream":40,"downstream":41,"duplicates":62,"related":63,"reserved_at":9,"published_at":71,"modified_at":72,"state":73,"summary":74,"references_raw":83,"kevs":149,"epss":150,"epss_history":153,"metrics":417,"affected":439},"CVE-2022-21703","Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-352","Cross-Site Request Forgery (CSRF)","The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.","weakness","Stable","Compound","Medium",[20,24,28,32],{"id":21,"name":22,"techniques":23},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":25,"name":26,"techniques":27},"CAPEC-462","Cross-Domain Search Timing",[],{"id":29,"name":30,"techniques":31},"CAPEC-467","Cross Site Identification",[],{"id":33,"name":34,"techniques":35},"CAPEC-62","Cross Site Request Forgery",[],[],[38,39],"GHSA-cmf4-h3xc-jw8w","BIT-grafana-2022-21703",[],[42,44,46,48,50,52,54,56,58,60],{"_key":43},"UBUNTU-CVE-2022-21703",{"_key":45},"SUSE-SU-2022:2134-1",{"_key":47},"SUSE-SU-2022:3676-1",{"_key":49},"SUSE-SU-2024:0191-1",{"_key":51},"SUSE-FU-2022:1419-1",{"_key":53},"SUSE-SU-2022:1396-1",{"_key":55},"SUSE-SU-2022:3765-1",{"_key":57},"OPENSUSE-SU-2024:11836-1",{"_key":59},"RHSA-2022:7519",{"_key":61},"RHSA-2022:8057",[],[64,65,66,67,68,69,70],{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},"2022-02-08T20:40:10.000Z","2025-04-23T19:06:44.591Z","Modified",{"cisa_kev":75,"cisa_ransomware":75,"cisa_vendor":9,"epss_severity":76,"epss_score":77,"severity":78,"severity_score":79,"severity_version":80,"severity_source":81,"severity_vector":82,"severity_status":73},false,"low",0.01869,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",[84,93,101,107,111,116,120,124,129,133,137,141,145],{"url":85,"sources":86,"tags":88},"https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/",[87,81],"cve.org",[89,90,91,92],"X Refsource MISC","Mitigation","Release Notes","Vendor Advisory",{"url":94,"sources":95,"tags":97},"https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w",[87,81,96],"osv_go",[98,90,91,99,100],"X Refsource CONFIRM","Third Party Advisory","WEB",{"url":102,"sources":103,"tags":104},"https://github.com/grafana/grafana/pull/45083",[87,81,96],[89,105,106,99,100],"Issue Tracking","Patch",{"url":108,"sources":109,"tags":110},"https://security.netapp.com/advisory/ntap-20220303-0005/",[87,81],[98,99],{"url":112,"sources":113,"tags":114},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/",[87,81],[92,115],"X Refsource FEDORA",{"url":117,"sources":118,"tags":119},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/",[87,81],[92,115],{"url":121,"sources":122,"tags":123},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/",[87,81],[92,115],{"url":125,"sources":126,"tags":127},"https://nvd.nist.gov/vuln/detail/CVE-2022-21703",[96],[128],"Advisory",{"url":130,"sources":131,"tags":132},"https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes",[96],[100],{"url":134,"sources":135,"tags":136},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D",[96],[100],{"url":138,"sources":139,"tags":140},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH",[96],[100],{"url":142,"sources":143,"tags":144},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ",[96],[100],{"url":146,"sources":147,"tags":148},"https://security.netapp.com/advisory/ntap-20220303-0005",[96],[100],[],{"date":151,"score":77,"percentile":152},"2026-06-04",0.83446,[154,157,160,163,166,169,172,175,178,181,184,187,189,192,195,199,202,205,208,211,214,217,220,222,224,227,230,234,238,241,243,246,249,252,255,258,261,264,267,270,273,276,278,281,284,287,290,293,296,299,301,304,307,310,314,317,320,323,326,329,331,334,337,340,343,346,349,352,355,358,360,362,365,368,371,374,377,379,381,384,387,390,393,396,398,401,404,407,409,413],{"date":155,"score":77,"percentile":156},"2025-11-04",0.82494,{"date":158,"score":77,"percentile":159},"2025-11-05",0.82498,{"date":161,"score":77,"percentile":162},"2025-11-06",0.82501,{"date":164,"score":77,"percentile":165},"2025-11-07",0.8251,{"date":167,"score":77,"percentile":168},"2025-11-08",0.82516,{"date":170,"score":77,"percentile":171},"2025-11-09",0.82512,{"date":173,"score":77,"percentile":174},"2025-11-10",0.82505,{"date":176,"score":77,"percentile":177},"2025-11-11",0.82514,{"date":179,"score":77,"percentile":180},"2025-11-12",0.82524,{"date":182,"score":77,"percentile":183},"2025-11-13",0.82527,{"date":185,"score":77,"percentile":186},"2025-11-14",0.82531,{"date":188,"score":77,"percentile":180},"2025-11-15",{"date":190,"score":77,"percentile":191},"2025-11-16",0.82528,{"date":193,"score":77,"percentile":194},"2025-11-17",0.82526,{"date":196,"score":197,"percentile":198},"2025-11-18",0.00628,0.6782,{"date":200,"score":197,"percentile":201},"2025-11-19",0.67827,{"date":203,"score":197,"percentile":204},"2025-11-20",0.67822,{"date":206,"score":77,"percentile":207},"2025-11-21",0.82538,{"date":209,"score":77,"percentile":210},"2025-11-22",0.8254,{"date":212,"score":77,"percentile":213},"2025-11-23",0.82533,{"date":215,"score":77,"percentile":216},"2025-11-24",0.82532,{"date":218,"score":77,"percentile":219},"2025-11-25",0.82529,{"date":221,"score":77,"percentile":219},"2025-11-26",{"date":223,"score":77,"percentile":186},"2025-11-27",{"date":225,"score":77,"percentile":226},"2025-11-28",0.82518,{"date":228,"score":77,"percentile":229},"2025-11-29",0.82522,{"date":231,"score":232,"percentile":233},"2025-11-30",0.01377,0.79682,{"date":235,"score":236,"percentile":237},"2025-12-01",0.00828,0.73867,{"date":239,"score":236,"percentile":240},"2025-12-02",0.73875,{"date":242,"score":236,"percentile":240},"2025-12-03",{"date":244,"score":232,"percentile":245},"2025-12-04",0.79686,{"date":247,"score":232,"percentile":248},"2025-12-05",0.79691,{"date":250,"score":232,"percentile":251},"2025-12-06",0.79694,{"date":253,"score":232,"percentile":254},"2025-12-07",0.79697,{"date":256,"score":232,"percentile":257},"2025-12-08",0.79701,{"date":259,"score":232,"percentile":260},"2025-12-09",0.79716,{"date":262,"score":232,"percentile":263},"2025-12-10",0.79742,{"date":265,"score":232,"percentile":266},"2025-12-11",0.79754,{"date":268,"score":232,"percentile":269},"2025-12-12",0.79772,{"date":271,"score":232,"percentile":272},"2025-12-13",0.79773,{"date":274,"score":232,"percentile":275},"2025-12-14",0.79774,{"date":277,"score":232,"percentile":269},"2025-12-15",{"date":279,"score":232,"percentile":280},"2025-12-16",0.79781,{"date":282,"score":232,"percentile":283},"2025-12-17",0.79791,{"date":285,"score":232,"percentile":286},"2025-12-18",0.7981,{"date":288,"score":232,"percentile":289},"2025-12-19",0.79819,{"date":291,"score":232,"percentile":292},"2025-12-20",0.79812,{"date":294,"score":232,"percentile":295},"2025-12-21",0.79804,{"date":297,"score":232,"percentile":298},"2025-12-22",0.79805,{"date":300,"score":232,"percentile":298},"2025-12-23",{"date":302,"score":232,"percentile":303},"2025-12-24",0.79821,{"date":305,"score":232,"percentile":306},"2025-12-25",0.79841,{"date":308,"score":232,"percentile":309},"2025-12-26",0.79837,{"date":311,"score":312,"percentile":313},"2025-12-27",0.01319,0.7947,{"date":315,"score":232,"percentile":316},"2025-12-28",0.79825,{"date":318,"score":232,"percentile":319},"2025-12-29",0.79822,{"date":321,"score":232,"percentile":322},"2025-12-30",0.79827,{"date":324,"score":232,"percentile":325},"2025-12-31",0.79839,{"date":327,"score":236,"percentile":328},"2026-01-01",0.74102,{"date":330,"score":236,"percentile":328},"2026-01-02",{"date":332,"score":236,"percentile":333},"2026-01-03",0.74104,{"date":335,"score":232,"percentile":336},"2026-01-04",0.79828,{"date":338,"score":232,"percentile":339},"2026-01-05",0.79826,{"date":341,"score":232,"percentile":342},"2026-01-06",0.7983,{"date":344,"score":232,"percentile":345},"2026-01-07",0.79835,{"date":347,"score":232,"percentile":348},"2026-01-08",0.79843,{"date":350,"score":232,"percentile":351},"2026-01-09",0.79845,{"date":353,"score":232,"percentile":354},"2026-01-10",0.79844,{"date":356,"score":232,"percentile":357},"2026-01-11",0.79836,{"date":359,"score":232,"percentile":303},"2026-01-12",{"date":361,"score":232,"percentile":289},"2026-01-13",{"date":363,"score":232,"percentile":364},"2026-01-14",0.7984,{"date":366,"score":232,"percentile":367},"2026-01-15",0.79842,{"date":369,"score":232,"percentile":370},"2026-01-16",0.79851,{"date":372,"score":232,"percentile":373},"2026-01-17",0.79859,{"date":375,"score":232,"percentile":376},"2026-01-18",0.7985,{"date":378,"score":232,"percentile":354},"2026-01-19",{"date":380,"score":232,"percentile":351},"2026-01-20",{"date":382,"score":232,"percentile":383},"2026-01-21",0.79853,{"date":385,"score":232,"percentile":386},"2026-01-22",0.79863,{"date":388,"score":232,"percentile":389},"2026-01-23",0.79892,{"date":391,"score":232,"percentile":392},"2026-01-24",0.79903,{"date":394,"score":232,"percentile":395},"2026-01-25",0.79893,{"date":397,"score":232,"percentile":389},"2026-01-26",{"date":399,"score":232,"percentile":400},"2026-01-27",0.79894,{"date":402,"score":232,"percentile":403},"2026-01-28",0.7989,{"date":405,"score":232,"percentile":406},"2026-01-29",0.79889,{"date":408,"score":232,"percentile":389},"2026-01-30",{"date":410,"score":411,"percentile":412},"2026-01-31",0.01791,0.8234,{"date":414,"score":415,"percentile":416},"2026-02-01",0.0108,0.7752,[418,424,434],{"source":87,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":419,"cvss_v4_0":9},{"baseScore":420,"baseSeverity":421,"vectorString":422,"impactScore":4,"exploitabilityScore":423},6.3,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",5.4,{"source":81,"cvss_v2_0":425,"cvss_v3_0":9,"cvss_v3_1":430,"cvss_v4_0":9},{"baseScore":426,"baseSeverity":9,"vectorString":427,"impactScore":428,"exploitabilityScore":429},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":79,"baseSeverity":431,"vectorString":82,"impactScore":432,"exploitabilityScore":433},"HIGH",9.8,7.2,{"source":96,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":435,"cvss_v4_0":9},{"baseScore":426,"baseSeverity":9,"vectorString":436,"impactScore":437,"exploitabilityScore":438},"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",8.7,4.1,[440,452,471,496],{"ecosystem":9,"name":441,"vendor":442,"product":441,"cpe_part":443,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":444},"fedora","fedoraproject","o",[445,448,450],{"version":446,"is_range":75,"range_type":447,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34","cpe",{"version":449,"is_range":75,"range_type":447,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35",{"version":451,"is_range":75,"range_type":447,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"36",{"ecosystem":453,"name":454,"vendor":455,"product":456,"cpe_part":9,"purl_type":457,"purl_namespace":455,"purl_name":456,"source":9,"versions":458},"Go","github.com/grafana/grafana/pkg/web","github.com/grafana/grafana/pkg","web","golang",[459,467],{"version":460,"is_range":461,"range_type":462,"version_start":463,"version_start_type":464,"version_end":465,"version_end_type":466,"fixed_in":9},"gte3_0_beta1_lt7_5_15",true,"semver","3.0-beta1","including","7.5.15","excluding",{"version":468,"is_range":461,"range_type":462,"version_start":469,"version_start_type":464,"version_end":470,"version_end_type":466,"fixed_in":9},"gte8_0_0_lt8_3_5","8.0.0","8.3.5",{"ecosystem":9,"name":472,"vendor":472,"product":472,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"grafana","a",[475,477,480,482,484,486,488,490,492,494],{"version":476,"is_range":461,"range_type":87,"version_start":463,"version_start_type":464,"version_end":465,"version_end_type":466,"fixed_in":9},">= 3.0-beta1, \u003C 7.5.15",{"version":478,"is_range":461,"range_type":447,"version_start":479,"version_start_type":464,"version_end":465,"version_end_type":466,"fixed_in":9},"gte3.0.1_lt7.5.15","3.0.1",{"version":481,"is_range":461,"range_type":447,"version_start":469,"version_start_type":464,"version_end":470,"version_end_type":466,"fixed_in":9},"gte8.0.0_lt8.3.5",{"version":483,"is_range":75,"range_type":447,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.0:beta1",{"version":485,"is_range":75,"range_type":447,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.0:beta2",{"version":487,"is_range":75,"range_type":447,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.0:beta3",{"version":489,"is_range":75,"range_type":447,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.0:beta4",{"version":491,"is_range":75,"range_type":447,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.0:beta5",{"version":493,"is_range":75,"range_type":447,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.0:beta6",{"version":495,"is_range":75,"range_type":447,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.0:beta7",{"ecosystem":9,"name":497,"vendor":498,"product":499,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":500},"e-series performance analyzer","netapp","e-series_performance_analyzer",[501],{"version":502,"is_range":461,"range_type":447,"version_start":9,"version_start_type":9,"version_end":503,"version_end_type":466,"fixed_in":9},"lt3.0","3.0"]