Lucene search
RedHatRHSA-2023:5863HistoryOct 18, 2023 - 9:56 p.m.
(RHSA-2023:5863) Moderate: grafana security update
2023-10-1821:56:20
access.redhat.com
24
grafana
security update
moderate
cve-2023-39325
cve-2023-44487
http/2
ddos attack
0.72 High
EPSS
Percentile
98.0%
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
-
grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
-
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | s390x | grafana-debuginfo | < 7.5.15-5.el8_8 | grafana-debuginfo-7.5.15-5.el8_8.s390x.rpm |
| RedHat | 8 | x86_64 | grafana | < 7.5.15-5.el8_8 | grafana-7.5.15-5.el8_8.x86_64.rpm |
| RedHat | 8 | ppc64le | grafana-debuginfo | < 7.5.15-5.el8_8 | grafana-debuginfo-7.5.15-5.el8_8.ppc64le.rpm |
| RedHat | 8 | aarch64 | grafana | < 7.5.15-5.el8_8 | grafana-7.5.15-5.el8_8.aarch64.rpm |
| RedHat | 8 | x86_64 | grafana-debuginfo | < 7.5.15-5.el8_8 | grafana-debuginfo-7.5.15-5.el8_8.x86_64.rpm |
| RedHat | 8 | s390x | grafana | < 7.5.15-5.el8_8 | grafana-7.5.15-5.el8_8.s390x.rpm |
| RedHat | 8 | aarch64 | grafana-debuginfo | < 7.5.15-5.el8_8 | grafana-debuginfo-7.5.15-5.el8_8.aarch64.rpm |
| RedHat | 8 | ppc64le | grafana | < 7.5.15-5.el8_8 | grafana-7.5.15-5.el8_8.ppc64le.rpm |
Related
nessus
nessus
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:5721)
2023-10-17 00:00:00
RHEL 9 : grafana (RHSA-2023:5867)
2023-10-19 00:00:00
RHEL 9 : toolbox (RHSA-2023:6077)
2023-10-24 00:00:00
oraclelinux
oraclelinux
olcne security update
2023-12-07 00:00:00
conmon security update
2023-12-19 00:00:00
conmon security update
2023-12-19 00:00:00
almalinux
almalinux
Moderate: grafana security update
2023-10-18 00:00:00
Moderate: grafana security update
2023-10-18 00:00:00
Important: go-toolset:rhel8 security update
2023-10-16 00:00:00
redhat
redhat
osv
osv
Traefik vulnerable to HTTP/2 request causing denial of service
2023-10-17 02:37:42
Moderate: grafana security update
2023-10-24 18:35:47
Moderate: grafana security update
2023-10-18 00:00:00
openvas
openvas
openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:4069-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:4068-1)
2024-03-04 00:00:00
Fedora: Security Advisory for golang (FEDORA-2023-4bf641255e)
2023-10-29 00:00:00
rocky
rocky
grafana security update
2023-10-24 18:35:47
toolbox security update
2023-11-11 23:00:15
go-toolset:rhel8 security update
2023-10-24 18:35:47
ubuntucve
ubuntucve
CVE-2023-44487
2023-10-10 00:00:00
CVE-2024-4438
2024-05-08 00:00:00
ibm
ibm
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP/2 "Rapid Reset" Denial of Service (CVE-2023-44487, CVE-2023-39325)
2023-10-26 17:35:42
freebsd
freebsd
traefik -- Resource exhaustion by malicious HTTP/2 client
2023-10-10 00:00:00
redhatcve
redhatcve
github
github
Traefik vulnerable to HTTP/2 request causing denial of service
2023-10-17 02:37:42
amazon
amazon
Important: golang
2023-10-16 13:45:00
Important: golang
2023-10-16 13:45:00
Low: containerd
2023-11-10 17:32:00
cve
cve
CVE-2024-4438
2024-05-08 09:15:09
CVE-2023-6596
2024-04-25 16:15:10
fedora
fedora
[SECURITY] Fedora 39 Update: golang-1.21.3-1.fc39
2023-11-03 19:02:38
[SECURITY] Fedora 38 Update: golang-1.20.10-2.fc38
2023-10-29 01:34:45
[SECURITY] Fedora 37 Update: golang-1.20.10-3.fc37
2023-10-29 01:47:29
cvelist
cvelist
cbl_mariner
cbl_mariner
cgr
cgr
CVE-2023-39325 vulnerabilities
2024-05-19 03:07:16