20 matches found
MiracleLinux 9 : grafana-9.0.9-3.el9 (AXSA:2023-6225:07)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6225:07 advisory. grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 Tenable has extracted the preceding description block directly from the MiracleLin...
openSUSE Security Advisory (SUSE-SU-2025:0545-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 jscPED-11591,jscPED-11649: Security issues fixed: CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto bsc1234554 CVE-2023-3128: Fixed...
openSUSE: Security Advisory for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5)
The remote host is missing an update for the Linux Kernel RT Live Patch 0 for SLE 15 SP5 packages announced via the SUSE-SU-2023:3136-1 advisory. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
CentOS 9 : grafana-9.2.10-4.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the grafana-9.2.10-4.el9 build changelog. - account takeover possible when using Azure AD OAuth CVE-2023-3128 Note that Nessus has not tested for this issue but has instead relied only on t...
Oracle Linux 8 : grafana (ELSA-2023-6972)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-6972 advisory. - resolve CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work - resolve CVE-2023-3128 grafana: account takeover possible when using Azure...
Moderate: Red Hat Security Advisory: grafana security and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Moderate: grafana security and enhancement update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
Oracle Linux 9 : grafana (ELSA-2023-4030)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-4030 advisory. 9.0.9-3 - resolve CVE-2023-3128 grafana: Remove Email Lookup from oauth integrations rhbz2213701 rhbz2213626 Tenable has extracted the preceding description blo...
grafana security update
9.0.9-3 - resolve CVE-2023-3128 grafana: Remove Email Lookup from oauth integrations rhbz2213701 rhbz2213626...
Rocky Linux 9 : grafana (RLSA-2023:4030)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4030 advisory. - Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to...
Critical: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RHEL 9 : grafana (RHSA-2023:4030)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4030 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: account takeov...
New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks
Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. Tracked as CVE-2023-33299, the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been...
FreeBSD : Grafana -- Account takeover / authentication bypass (fdbe9aec-118b-11ee-908a-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fdbe9aec-118b-11ee-908a-6c3be5272acd advisory. - Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email fiel...
SUSE CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...
CVE-2023-3128
creationtimestamp| type| source ---|---|--- 2023-06-23 00:27:51+00:00| seen| https://t.me/cibsecurity/65437 2023-07-06 08:19:47+00:00| published-proof-of-concept| https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp 2026-06-30 10:51:46+00:00| seen|...
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...
CVE-2023-3128
CVE-2023-3128 affects Grafana when using Azure AD OAuth with multi-tenant apps. The issue arises because the Azure AD profile email field is not unique and can be modified, allowing an attacker to bypass authentication and potentially take over accounts by exploiting how Grafana validates Azure A...