Lucene search
OracleLinuxELSA-2023-2167HistoryMay 15, 2023 - 12:00 a.m.
grafana security and enhancement update
2023-05-1500:00:00
linux.oracle.com
16
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
61.3%
[9.0.9-2]
- resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in
- resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws
[9.0.9-1] - update to 9.0.9 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530)
[9.0.8-2] - bump NVR
[9.0.8-1] - update to 9.0.8 tagged upstream community sources, see CHANGELOG
- do not list /usr/share/grafana/conf twice
- drop makefile in favor of create_bundles.sh script
- sync provides/obsoletes with CentOS versions
- drop husky patch
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 9 | src | grafana | < 9.0.9-2.el9 | grafana-9.0.9-2.el9.src.rpm |
| oracle linux | 9 | aarch64 | grafana | < 9.0.9-2.el9 | grafana-9.0.9-2.el9.aarch64.rpm |
| oracle linux | 9 | src | grafana | < 9.0.9-2.el9 | grafana-9.0.9-2.el9.src.rpm |
| oracle linux | 9 | x86_64 | grafana | < 9.0.9-2.el9 | grafana-9.0.9-2.el9.x86_64.rpm |
Related
osv
osv
Moderate: grafana security and enhancement update
2023-05-09 00:00:00
Moderate: grafana security update
2023-05-16 00:00:00
Moderate: Image Builder security, bug fix, and enhancement update
2023-05-16 00:00:00
nessus
nessus
AlmaLinux 9 : grafana (ALSA-2023:2167)
2023-05-14 00:00:00
Oracle Linux 9 : grafana (ELSA-2023-2167)
2023-05-15 00:00:00
RHEL 9 : grafana (RHSA-2023:2167)
2023-05-13 00:00:00
redhat
redhat
(RHSA-2023:2167) Moderate: grafana security and enhancement update
2023-05-09 05:02:10
(RHSA-2023:2784) Moderate: grafana security update
2023-05-16 05:54:36
(RHSA-2023:0708) Moderate: Release of OpenShift Serverless Client kn 1.27.0
2023-02-09 09:22:38
almalinux
almalinux
Moderate: grafana security and enhancement update
2023-05-09 00:00:00
Moderate: grafana security update
2023-05-16 00:00:00
Moderate: Image Builder security, bug fix, and enhancement update
2023-05-09 00:00:00
oraclelinux
oraclelinux
grafana security update
2023-05-24 00:00:00
Image Builder security, bug fix, and enhancement update
2023-05-15 00:00:00
Image Builder security, bug fix, and enhancement update
2023-05-24 00:00:00
ibm
ibm
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.18.7-alt1
2022-10-18 00:00:00
suse
suse
Security update for go1.18 (important)
2022-10-20 00:00:00
Security update for go1.19 (important)
2022-10-20 00:00:00
openvas
openvas
Fedora: Security Advisory for golang (FEDORA-2022-59a20edab2)
2022-10-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3669-1)
2022-10-20 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1505)
2023-03-09 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0273
2022-11-02 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0273
2022-11-02 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2022-10-04 00:00:00
rocky
rocky
go-toolset and golang security and bug fix update
2023-01-23 14:30:17
go-toolset:rhel8 security and bug fix update
2023-01-25 08:59:15
fedora
fedora
[SECURITY] Fedora 37 Update: golang-1.19.2-1.fc37
2022-10-17 22:55:43
[SECURITY] Fedora 37 Update: grafana-9.0.9-1.fc37
2022-09-27 00:16:46
veracode
veracode
Authentication Bypass
2022-10-17 08:35:54
Privilege Escalation
2022-09-21 07:49:44
Denial Of Service (DoS)
2022-10-14 04:05:34
mageia
mageia
Updated golang packages fix security vulnerability
2022-10-19 02:14:56
alpinelinux
alpinelinux
cnvd
cnvd
Grafana Denial of Service Vulnerability
2022-10-14 00:00:00
prion
prion
Design/Logic Flaw
2022-10-13 23:15:00
Design/Logic Flaw
2022-09-20 23:15:00
Memory corruption
2022-10-14 15:16:00
cve
cve
cgr
cgr
CVE-2022-39229 vulnerabilities
2024-04-27 03:20:18
CVE-2022-35957 vulnerabilities
2024-04-27 03:20:18
redhatcve
redhatcve
ubuntucve
ubuntucve
cbl_mariner
cbl_mariner
CVE-2022-41715 affecting package golang for versions less than 1.19.5-1
2024-02-25 03:00:06
CVE-2022-41715 affecting package golang 1.17.13-2
2024-04-26 21:08:17
CVE-2022-27664 affecting package golang 1.17.13-2
2024-04-26 21:08:17
debiancve
debiancve
github
github
golang.org/x/net/http2 Denial of Service vulnerability
2022-09-07 00:01:51
wolfi
wolfi
CVE-2022-27664 vulnerabilities
2024-04-27 03:16:47
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
61.3%
Related for ELSA-2023-2167