Moderate: grafana security, bug fix, and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 6.7.4. BZ1807323 Security Fixes: grafana: XSS vulnerability via a column style on the "Dashboard Table Panel...

Fedora: Security Advisory for grafana (FEDORA-2020-e6e81a03d6)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: grafana-6.7.4-1.fc32

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

[SECURITY] Fedora 31 Update: grafana-6.7.4-1.fc31

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

[SECURITY] Fedora 32 Update: grafana-6.7.3-1.fc32

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

[SECURITY] Fedora 31 Update: grafana-6.7.3-1.fc31

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

Stored Cross-Site Scripting Vulnerability in Graphite Document Personal and Enterprise Editions

Graphite Document is an enterprise office service software that supports real-time collaboration in the cloud with features analogous to Google Docs and Quip, which enables multiple people to edit and discuss in real time on the same document and form at the same time, with a synchronized respons...

Moderate: Red Hat Security Advisory: grafana security, bug fix, and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Mail.ru: MCS Graphite SSRF: internal network access

Blind SSRF in mcs.mail.ru via unpatched Graphite...

SUSE-SU-2019:2803-1 Security update for graphite-web

This update for graphite-web fixes the following issues: - CVE-2017-18638: Fixed an SSRF vulnerability in sendemail bsc1154007...

GHSA-VFJ6-275Q-4PVM graphite.composer.views.send_email vulnerable to SSRF

Impact sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and the...

graphite.composer.views.send_email vulnerable to SSRF

Impact sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and the...

Debian: Security Advisory (DLA-1962-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1962-1 : graphite-web security update

The 'sendemail' function in graphite-web/webapp/graphite/composer/views.py in Graphite is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent...

[SECURITY] [DLA 1962-1] graphite-web security update

Package : graphite-web Version : 0.9.12+debian-6+deb8u1 CVE ID : CVE-2017-18638 The sendemail function in graphite-web/webapp/graphite/composer/views.py in Graphite is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource...

DLA-1962-1 graphite-web - security update

Bulletin has no description...

Server-Side Request Forgery (SSRF)

graphite-web is vulnerable to server-side request forgery SSRF. The sendemail function in graphite-web/webapp/graphite/composer/views.py can be used by an attacker to send a request on behalf of the Graphite web server. The corresponding response from the SSRF request is encoded into an image fil...

CVE-2017-18638

sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...

DEBIAN-CVE-2017-18638

sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...

CVE-2017-18638

sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...