Lucene search

K
oraclelinuxOracleLinuxELSA-2023-2784
HistoryMay 24, 2023 - 12:00 a.m.

grafana security update

2023-05-2400:00:00
linux.oracle.com
21

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

56.2%

[7.5.15-4]

  • resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in
  • resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
  • resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
  • resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
  • run integration tests in check phase
  • update FIPS patch with latest changes in Go packaging

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

56.2%

Related for ELSA-2023-2784