A critical vulnerability exists in the Volkov Labs Business Links panel for Grafana, a tool used for dashboard navigation. This flaw could allow a malicious actor to execute arbitrary code within a user's web browser, potentially leading to the theft of session credentials and complete compromise of an administrator's account. Successful exploitation could grant an attacker full control over the Grafana instance, posing a severe risk to data confidentiality and integrity.

The vulnerability is a stored Cross-Site Scripting (XSS) flaw within the Business Links panel. An attacker with permissions to edit a Grafana dashboard can inject a malicious script into a panel configuration, such as a custom link or dropdown menu item. When another user, particularly an administrator, views the dashboard containing the compromised panel, the malicious script executes in their browser, allowing the attacker to steal session cookies, perform actions on behalf of the user, or redirect them to a phishing site.

This vulnerability is rated as critical severity with a CVSS score of 9. Exploitation could lead to a full compromise of the Grafana monitoring platform. The business impact includes the potential for unauthorized access to and exfiltration of sensitive business metrics, operational data, and system credentials displayed on dashboards. An attacker could also manipulate dashboard data to mislead operations teams, disrupt monitoring capabilities, or use the compromised Grafana instance as a pivot point to attack other internal systems, posing a significant risk to data confidentiality, integrity, and operational continuity.

Immediate Action: Immediately update the Volkov Labs Business Links panel to version 2.4.0 or later on all Grafana instances to patch the vulnerability. After updating, conduct a thorough review of Grafana access logs and audit logs for any signs of suspicious activity or unauthorized changes to dashboards.

Proactive Monitoring: Implement enhanced monitoring of Grafana logs, specifically looking for unusual or malformed HTML/JavaScript content within dashboard JSON models. Monitor for unexpected actions performed by user accounts, such as sudden changes to permissions or data sources. Network monitoring should be configured to detect and alert on anomalous outbound connections from the Grafana server.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Strictly limit permissions for editing dashboards to a small group of highly trusted administrators.
• Deploy a Web Application Firewall (WAF) with rules designed to detect and block common XSS payloads.
• Enforce a strict Content Security Policy (CSP) on the Grafana web server to prevent the execution of untrusted inline scripts.

Public Exploit Available: false

Given the critical CVSS score of 9, this vulnerability requires immediate attention. We strongly recommend that all affected instances of the Volkov Labs Business Links panel be updated to the latest version without delay. Although this CVE is not currently on the CISA KEV list, its high severity rating indicates a significant risk of account compromise and potential takeover of the entire monitoring environment. Prioritize patching this vulnerability to protect sensitive operational data and prevent its use as an entry point for broader network intrusion.