Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 9 : grafana-9.0.9-3.el9 (AXSA:2023-6225:07)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6225:07 advisory. grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 Tenable has extracted the preceding description block directly from the MiracleLin...

9.8CVSS8.2AI score0.04094EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/02/18 12:0 a.m.12 views

openSUSE Security Advisory (SUSE-SU-2025:0545-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.04094EPSS
Exploits3References15
SUSE Linux
SUSE Linux
added 2025/02/14 7:24 a.m.5 views

Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 jscPED-11591,jscPED-11649: Security issues fixed: CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto bsc1234554 CVE-2023-3128: Fixed...

9.4CVSS8.3AI score0.04094EPSS
Exploits3References26
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.16 views

openSUSE: Security Advisory for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5)

The remote host is missing an update for the Linux Kernel RT Live Patch 0 for SLE 15 SP5 packages announced via the SUSE-SU-2023:3136-1 advisory. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

9.8CVSS7.4AI score0.04094EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.22 views

CentOS 9 : grafana-9.2.10-4.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the grafana-9.2.10-4.el9 build changelog. - account takeover possible when using Azure AD OAuth CVE-2023-3128 Note that Nessus has not tested for this issue but has instead relied only on t...

9.8CVSS8.5AI score0.04094EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/21 12:0 a.m.57 views

Oracle Linux 8 : grafana (ELSA-2023-6972)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-6972 advisory. - resolve CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work - resolve CVE-2023-3128 grafana: account takeover possible when using Azure...

9.8CVSS7.8AI score0.99999EPSS
Exploits34References2
RedHat Linux
RedHat Linux
added 2023/11/14 3:53 p.m.46 views

Moderate: Red Hat Security Advisory: grafana security and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS7.4AI score0.04094EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2023/11/14 12:0 a.m.34 views

Moderate: grafana security and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

9.8CVSS7AI score0.04094EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/07/20 12:0 a.m.35 views

Oracle Linux 9 : grafana (ELSA-2023-4030)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-4030 advisory. 9.0.9-3 - resolve CVE-2023-3128 grafana: Remove Email Lookup from oauth integrations rhbz2213701 rhbz2213626 Tenable has extracted the preceding description blo...

9.8CVSS8.5AI score0.04094EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2023/07/19 12:0 a.m.29 views

grafana security update

9.0.9-3 - resolve CVE-2023-3128 grafana: Remove Email Lookup from oauth integrations rhbz2213701 rhbz2213626...

9.8CVSS7.1AI score0.04094EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/19 12:0 a.m.22 views

Rocky Linux 9 : grafana (RLSA-2023:4030)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4030 advisory. - Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to...

9.8CVSS8.4AI score0.04094EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/07/12 3:48 a.m.35 views

Critical: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS7.5AI score0.04094EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/12 12:0 a.m.36 views

RHEL 9 : grafana (RHSA-2023:4030)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4030 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: account takeov...

9.8CVSS8.5AI score0.04094EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/06/27 5:35 a.m.66 views

New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks

Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. Tracked as CVE-2023-33299, the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been...

9.8CVSS8.8AI score0.99815EPSS
Exploits17
Tenable Nessus
Tenable Nessus
added 2023/06/25 12:0 a.m.44 views

FreeBSD : Grafana -- Account takeover / authentication bypass (fdbe9aec-118b-11ee-908a-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fdbe9aec-118b-11ee-908a-6c3be5272acd advisory. - Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email fiel...

9.8CVSS8.4AI score0.04094EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/06/24 1:47 a.m.3 views

SUSE CVE-2023-3128

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

9.4CVSS9.6AI score0.04094EPSS
Exploits0References14
Circl
Circl
added 2023/06/23 12:27 a.m.5 views

CVE-2023-3128

creationtimestamp| type| source ---|---|--- 2023-06-23 00:27:51+00:00| seen| https://t.me/cibsecurity/65437 2023-07-06 08:19:47+00:00| published-proof-of-concept| https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp 2026-06-30 10:51:46+00:00| seen|...

9.8CVSS7.5AI score0.04094EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/06/22 9:15 p.m.22 views

CVE-2023-3128

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

9.8CVSS7.2AI score0.04094EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/22 8:14 p.m.18 views

CVE-2023-3128

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

9.4CVSS7AI score0.04094EPSS
Exploits0References3
CVE
CVE
added 2023/06/22 8:14 p.m.248 views

CVE-2023-3128

CVE-2023-3128 affects Grafana when using Azure AD OAuth with multi-tenant apps. The issue arises because the Azure AD profile email field is not unique and can be modified, allowing an attacker to bypass authentication and potentially take over accounts by exploiting how Grafana validates Azure A...

9.8CVSS9.6AI score0.04094EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder