CVE-2022-4728: Graphite Web Cookie cross site scripting
First published: Sat Dec 24 2022(Updated: )
A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. VDB-216742 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/graphite-web | <1.0.2+ | 1.0.2+ |
| ubuntu/graphite-web | <1.1.4-5ubuntu0.1 | 1.1.4-5ubuntu0.1 |
| ubuntu/graphite-web | <1.1.8-1ubuntu0.22.04.1 | 1.1.8-1ubuntu0.22.04.1 |
| ubuntu/graphite-web | <0.9.12+ | 0.9.12+ |
| ubuntu/graphite-web | <0.9.15+ | 0.9.15+ |
| debian/graphite-web | <=1.1.4-3+deb10u1 | 1.1.4-3+deb10u2 1.1.8-2 1.1.10-1 |
| Graphite2 |
Remedy
https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
- https://github.com/graphite-project/graphite-web/issues/2744
- https://github.com/graphite-project/graphite-web/pull/2785
- https://vuldb.com/?id.216742
- https://launchpad.net/bugs/cve/CVE-2022-4728
- https://security-tracker.debian.org/tracker/CVE-2022-4728
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4728
- https://ubuntu.com/security/notices/USN-6243-1
- https://nvd.nist.gov/vuln/detail/CVE-2022-4728
- https://ubuntu.com/security/CVE-2022-4728
Frequently Asked Questions
What is the severity of CVE-2022-4728?
CVE-2022-4728 is classified as a problematic vulnerability with potential for cross-site scripting attacks.
Which versions of Graphite Web are affected by CVE-2022-4728?
CVE-2022-4728 affects specific versions of Graphite Web including versions prior to 1.0.2+ and 1.1.4-5ubuntu0.1 among others.
How can I fix CVE-2022-4728?
To resolve CVE-2022-4728, upgrade Graphite Web to the latest advised version recommended for your distribution.
Can the CVE-2022-4728 vulnerability be exploited remotely?
Yes, CVE-2022-4728 allows for remote exploitation through cross-site scripting.
What component of Graphite Web does CVE-2022-4728 affect?
CVE-2022-4728 affects the Cookie Handler component of Graphite Web.
- collector/usn-cve
- collector/launchpad-cve
- collector/security-tracker-debian
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-cve
- package-manager/ubuntu
- package-manager/debian
- vendor/graphite project
- canonical/graphite2