Skip to content

Potential Open Redirect in Grafana Instance #894

New issue
New issue
Open
Open
Potential Open Redirect in Grafana Instance#894
@evandrosaturnino

Description

@evandrosaturnino
evandrosaturnino
opened on Sep 2, 2025

Summary

Our public Grafana appears affected by CVE‑2025‑4123 (open redirect + client‑side path traversal leading to XSS; when chained, can enable full‑read SSRF). A crafted request to a static route returned a 302 redirect to an external destination. No payloads were executed; PoC withheld.
Grafana Labs

Scope / Affected

Asset: Public Grafana monitoring dashboard: https://monitoring.threshold.network

Auth: Behavior reproducible without authentication.

Impact

Open redirect → phishing/session risk.

When chained (custom frontend plugin or Image Renderer installed), can lead to stored XSS and full‑read SSRF against internal services/metadata.

Remediation

  • Upgrade Grafana immediately to a patched release or later
  • If Image Renderer plugin is present, update to the fixed version or remove if unnecessary.
  • Disable anonymous access; require SSO.
  • Restrict public exposure (VPN/allowlist) and add WAF rules to block traversal/redirect patterns under /public (hardening).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions