Grafana Email addresses and usernames can not be trusted

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download...

GHSA-2X6G-H2HG-RQ84 Grafana Email addresses and usernames can not be trusted

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download...

Grafana < 8.5.15, 9 < 9.2.4 Multiple Vulnerabilities

Grafana is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Default credentials

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

UBUNTU-CVE-2022-39306

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...

Atlassian Jira 输入验证错误漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all kinds of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server that allows remote attackers to redirect users to malicious URLs...

Atlassian Jira < 8.5.15 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.15, 8.6.x 8.13.7 or 8.14.x 8.17.0. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability in the CardLayoutConfigTable componen...

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed vulnerabilities in Jira Server. A remote malicious party could exploit the vulnerabilities to perform a cross-site scripting XSS attack. Such an attack can result in the execution of arbitrary code in the context of the victim's browser. Atlassian has released updates to addre...

Reverse tabnapping via Project Shortcuts feature - CVE-2021-39112

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0...

Apache Tomcat 8.5.x < 8.5.15 Remote Error Page Manipulation

Binary data 700690.pasl...

Drupal 8.x < 8.5.15 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Several flaws exist in third-party Symfony PHP framework. - A flaw exists in third-party jQuery JavaScript library. Note that the scanner has not tested for these issues but...

Drupal jQuery XSS Vulnerability (SA-CORE-2019-006) - Windows

Drupal is prone to a cross-site scripting vulnerability in jQuery. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"...

KYOCERA Net Admin 3.4 Cross Site Request Forgery

KYOCERA Net Admin 3.4 CSRF Add Admin Exploit input type="hidden" name="addUserForm:lo...

Apache Tomcat 8.5.0 < 8.5.15

The version of Tomcat installed on the remote host is prior to 8.5.15. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.15security-8 advisory. - The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error pag...