Stored XSS in TraceView Panel
CVE ID: CVE-2023-0594
Date Published: 2023-02-28
Description:Grafana is an open-source platform for monitoring and observability.
Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization.
The stored XSS vulnerability was possible due the value of a span’s attributes/resources were not properly sanitized and this will be rendered when the span’s attributes/resources are expanded.
Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.