TencentOS Server 4: grafana (TSSA-2024:0906)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0906 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

OESA-2024-2260 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attemp...

GHSA-GJ7M-853R-289R Grafana when using email as a username can block other users from signing in

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39229 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

Grafana when using email as a username can block other users from signing in

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39229 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

openSUSE: Security Advisory for grafana (SUSE-SU-2023:0362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : grafana (ELSA-2023-2784)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2784 advisory. - resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in - resolve CVE-2022-27664 golang: net/http: handle...

grafana security update

7.5.15-4 - resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in - resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY - resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps - resolve...

AlmaLinux 8 : grafana (ALSA-2023:2784)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2784 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing i...

Moderate: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 8 : grafana (RHSA-2023:2784)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2784 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang:...

ALSA-2023:2784 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

grafana security and enhancement update

9.0.9-2 - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws 9.0.9-1 - update to 9.0.9 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-35957 grafana: Escalation from...

AlmaLinux 9 : grafana (ALSA-2023:2167)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2167 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing i...

Moderate: Red Hat Security Advisory: grafana security and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2023:2167 Moderate: grafana security and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

SUSE: Security Advisory (SUSE-SU-2023:0362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1

8.5.20-alt1 built Jan. 31, 2023 Alexey Shabalin in task 314152 Jan. 25, 2023 Alexey Shabalin - 8.5.20 - Fixes: + CVE-2022-39307 + CVE-2022-39306 + CVE-2022-39229 + CVE-2022-39201 + CVE-2022-36062 + CVE-2022-35957 + CVE-2022-31130 + CVE-2022-31123 + CVE-2022-31107 + CVE-2022-31097 + CVE-2022-29170...

FreeBSD : Grafana -- Improper authentication (909a80ba-6294-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 909a80ba-6294-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior t...

CVE-2022-39229

A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email...

CVE-2022-39229

creationtimestamp| type| source ---|---|--- 2022-10-14 02:28:21+00:00| seen| https://t.me/cibsecurity/51378...