6 matches found
Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1
8.5.20-alt1 built Jan. 31, 2023 Alexey Shabalin in task 314152 Jan. 25, 2023 Alexey Shabalin - 8.5.20 - Fixes: + CVE-2022-39307 + CVE-2022-39306 + CVE-2022-39229 + CVE-2022-39201 + CVE-2022-36062 + CVE-2022-35957 + CVE-2022-31130 + CVE-2022-31123 + CVE-2022-31107 + CVE-2022-31097 + CVE-2022-29170...
SUSE: Security Advisory (SUSE-SU-2022:4428-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2022-1711 grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way s...
Grafana Datasource Network Restriction Bypass Vulnerability (GHSA-9rrr-6fq2-4f99)
Grafana is prone to a datasource network restriction bypass vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
CVE-2022-29170 Grafana Enterprise datasource network restrictions bypass via HTTP redirects
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and...
CVE-2022-29170
Grafana Enterprise contains a vulnerability where, if the Request security allow list is used and a custom datasource returns an HTTP redirect to a forbidden host, Grafana could blindly follow redirects and expose secure information. Affected versions run from 7.4.0-beta1 up to, but not including...