CVE-2023-4399 MEDIUM

CVE-2023-4399

Vendor Grafana
Product Grafana Enterprise
Weakness CWE-183
Published October 17, 2023
Last update February 13, 2025

CVSS base score

6.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the characters in the request address.

Key dates

02Disclosure timeline

October 17, 2023 CVE published
February 13, 2025 Record updated

Related vulnerabilities

04Related CVE