12 matches found
Grafana API IDOR
Today we are releasing Grafana 8.3.5 and 7.5.14. This patch release includes MEDIUM severity security fix for Grafana Teams API IDOR. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5....
Important: Red Hat Security Advisory: grafana security, bug fix, and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2022:8057 Important: grafana security, bug fix, and enhancement update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 7.5.15. BZ2055349 Security Fixes: sanitize-url: XSS due to improper sanitization in sanitizeUrl function...
CentOS 8 : grafana (CESA-2022:7519)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:7519 advisory. - sanitize-url: XSS due to improper sanitization in sanitizeUrl function CVE-2021-23648 - golang: net/http: improper sanitization of Transfer-Encoding...
Moderate: Red Hat Security Advisory: grafana security, bug fix, and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
SUSE: Security Advisory (SUSE-SU-2022:2134-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for SUSE (SUSE-SU-2022:1396-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security fix for the ALT Linux 10 package grafana version 8.5.0-alt1
8.5.0-alt1 built May 5, 2022 Alexey Shabalin in task 299382 April 26, 2022 Alexey Shabalin - 8.5.0 - Use pre-builded frontend - Fixes: + CVE-2022-24812 + CVE-2022-21702 + CVE-2022-21703 + CVE-2022-21713 + CVE-2021-43813 + CVE-2021-43815 + CVE-2021-41244 + CVE-2021-41174...
Fedora: Security Advisory for grafana (FEDORA-2022-9dd03cab55)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for grafana (FEDORA-2022-83405f9d5b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-21713 Exposure of Sensitive Information in Grafana
Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID,...
CVE-2022-21713
Grafana CVE-2022-21713 is an information-disclosure issue due to improper authorization handling on Teams API endpoints. Specifically, an authenticated user could access data via /teams/:teamId, enumerate teams via /teams/:search, or view team members via /teams/:teamId/members when editors_can_a...