OESA-2024-2260 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attemp...

GHSA-4VC8-PG5C-VG4X Keycloak's improper input validation allows using email as username

Keycloak allows the use of email as a username and doesn't check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails...

SUSE CVE-2022-39229

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user's username and email address are unique fields, th...

The vulnerability of the Grafana monitoring and observation platform lies in its parallel execution, which occurs when using a shared resource with incorrect synchronization. This allows attackers to escalate their privileges.

The vulnerability of the Grafana monitoring and observation platform relates to the registration of another person’s email address as a user name. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability of the Grafana monitoring and observation platform, related to incorrect authentication, allows attackers to block attempts to access the system.

The vulnerability of the Grafana monitoring and observation platform lies in the registration of another person’s email address as a user name. Exploiting this vulnerability could allow a malicious actor to block attempts to access the system remotely...

UBUNTU-CVE-2022-39229

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields, th...

Using email as a username can block other users from signing in

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user’s login attempt by registering someone else’e email address as a username. A Grafana user’s username and email address are unique fields, th...

Grafana 授权问题漏洞

Grafana is Grafana Labs open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. A denial-of-service vulnerability exists in Grafana versions prior to 8.5.14, 9.0.0 and...

UBUNTU-CVE-2021-37517

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service...

Dolibarr ERP/CRM 安全漏洞

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A security vulnerability exists in Dolibarr ERP/CRM 13.0.2,...

PT-2007-6975 · Oracle · Javamail

Name of the Vulnerable Software and Affected Versions: Javamail affected versions not specified Description: The issue arises when Javamail fails to properly handle a series of invalid login attempts where the same e-mail address is used as both the username and password. Specifically, if the...