CVE-2022-4729: Graphite Web Template Name cross site scripting
First published: Sat Dec 24 2022(Updated: )
A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216743.
Credit: cna@vuldb.com cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/graphite-web | <1.0.2+ | 1.0.2+ |
| ubuntu/graphite-web | <1.1.4-5ubuntu0.1 | 1.1.4-5ubuntu0.1 |
| ubuntu/graphite-web | <1.1.8-1ubuntu0.22.04.1 | 1.1.8-1ubuntu0.22.04.1 |
| ubuntu/graphite-web | <0.9.12+ | 0.9.12+ |
| ubuntu/graphite-web | <0.9.15+ | 0.9.15+ |
| debian/graphite-web | <=1.1.4-3+deb10u1 | 1.1.4-3+deb10u2 1.1.8-2 1.1.10-1 |
| Graphite |
Remedy
https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
- https://github.com/graphite-project/graphite-web/issues/2745
- https://github.com/graphite-project/graphite-web/pull/2785
- https://vuldb.com/?id.216743
- https://launchpad.net/bugs/cve/CVE-2022-4729
- https://security-tracker.debian.org/tracker/CVE-2022-4729
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4729
- https://ubuntu.com/security/notices/USN-6243-1
- https://nvd.nist.gov/vuln/detail/CVE-2022-4729
- https://ubuntu.com/security/CVE-2022-4729
Frequently Asked Questions
What is the severity of CVE-2022-4729?
CVE-2022-4729 is classified as a problematic vulnerability that can lead to cross-site scripting.
How do I fix CVE-2022-4729?
To fix CVE-2022-4729, upgrade Graphite Web to the recommended versions specific to your Ubuntu or Debian distribution.
Which versions of Graphite Web are affected by CVE-2022-4729?
CVE-2022-4729 affects Graphite Web versions prior to 1.0.2+, 1.1.4-5ubuntu0.1, 1.1.8-1ubuntu0.22.04.1, 0.9.12+, and 0.9.15+ among others.
Is remote exploitation possible with CVE-2022-4729?
Yes, remote exploitation of CVE-2022-4729 is possible since the vulnerability can be triggered remotely.
What component is primarily affected by CVE-2022-4729?
CVE-2022-4729 primarily affects the Template Name Handler component of Graphite Web.
- collector/usn-cve
- collector/launchpad-cve
- collector/security-tracker-debian
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- package-manager/ubuntu
- package-manager/debian
- vendor/graphite project
- canonical/graphite