10 matches found
SUSE CVE-2020-27846
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
NewStart CGSL MAIN 6.02 : grafana Multiple Vulnerabilities (NS-SA-2022-0053)
The remote NewStart CGSL host, running version MAIN 6.02, has grafana packages installed that are affected by multiple vulnerabilities: - Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. CVE-2020-24303 - A signature verification vulnerability exists in...
Oracle Linux 8 : grafana (ELSA-2021-1859)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-1859 advisory. 7.3.6-2 - change working dir to in grafana-cli wrapper fixes Red Hat BZ 1916083 - add pcp-redis-datasource to allowloadingunsignedplugins config option...
RHEL 8 : grafana (RHSA-2021:1859)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1859 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have be...
Moderate: Red Hat Security Advisory: grafana security, bug fix, and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update
Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Fedora: Security Advisory for grafana (FEDORA-2020-968067abfa)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 32 : grafana (2020-968067abfa)
update to upstream 7.3.6 Note regarding CVE-2020-27846: SAML is not supported in the open source version of Grafana, however the dependency on crewjam/saml is also present in the open source version. This update removes this dependency altogether. Note that Tenable Network Security has extracted...
Fedora 33 : grafana (2020-64e54abd9f)
update to upstream 7.3.6 Note regarding CVE-2020-27846: SAML is not supported in the open source version of Grafana, however the dependency on crewjam/saml is also present in the open source version. This update removes this dependency altogether. Note that Tenable Network Security has extracted...
CVE-2020-27846
CVE-2020-27846 is a signature verification vulnerability in crewjam/saml that can allow bypass of SAML authentication. The issue affects Grafana deployments including affected Grafana versions referenced in multiple advisories (e.g., Red Hat RHSA-2021:1859) and is scored with a high/critical impa...