12 matches found
MiracleLinux 8 : grafana-9.2.10-7.el8.ML.1 (AXSA:2023-7309:12)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-7309:12 advisory. grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 Tenable has extracted the preceding description block directly from the MiracleLin...
CentOS 9 : grafana-9.2.10-4.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the grafana-9.2.10-4.el9 build changelog. - account takeover possible when using Azure AD OAuth CVE-2023-3128 Note that Nessus has not tested for this issue but has instead relied only on t...
grafana security and enhancement update
9.2.10-7 - resolve RHEL-12649 - resolve CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work - testing is turned off due to test failures caused by testing date mismatch 9.2.10-6 - Add /usr/share/grafana to systemd-sysusers --replace 9.2.10-5 - resolve CVE-2023-3128 grafana:...
Moderate: Red Hat Security Advisory: grafana security and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
ALSA-2023:6972 Moderate: grafana security and enhancement update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
Moderate: grafana security and enhancement update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
SUSE-SU-2023:2916-1 Security update for grafana
This update fixes the following issues: grafana: - Update to version 9.5.5: CVE-2023-3128: Fix authentication bypass using Azure AD OAuth bsc1212641, jscPED-3694 Bug fixes: Auth: Show invite button if disable login form is set to false. Azure: Fix Kusto auto-completion for Azure datasources. RBAC...
RLSA-2023:4030 Critical: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
grafana security update
An update is available for grafana. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...
Critical: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
AlmaLinux 9 : grafana (ALSA-2023:4030)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:4030 advisory. - Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to...
Critical: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...