Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.9 views

Fedora 38 : grafana (2022-8e5d214237)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8e5d214237 advisory. Automatic update for grafana-9.0.9-1.fc38. Changelog Wed Sep 21 2022 Andreas Gerstmayr 9.0.9-1 - update to 9.0.9 tagged upstream community sources, see...

6.6CVSS7.6AI score0.01302EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 10:25 p.m.41 views

GHSA-FF5C-938W-8C9Q Grafana Escalation from admin to server admin when auth proxy is used

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: - Download Grafana 9.1.6 - Release not...

7.5CVSS7.2AI score0.01302EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/14 10:25 p.m.35 views

Grafana Escalation from admin to server admin when auth proxy is used

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: - Download Grafana 9.1.6 - Release not...

6.6CVSS7.1AI score0.01302EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:47 p.m.26 views

Security Bulletin: IBM Storage Ceph is vulnerable to authentication bypass by spoofing in Grafana (CVE-2022-35957)

Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-35957 Vulnerability Details CVEID: CVE-2022-35957 DESCRIPTION: Grafana could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially...

6.6CVSS6.5AI score0.01302EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/06/22 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2023:2578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.68603EPSS
Exploits9References19
OSV
OSV
added 2023/06/21 11:49 a.m.10 views

SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 Load network configuration even when missing protocol version bsc1210640...

9.8CVSS7.8AI score0.68603EPSS
Exploits9References32
Oracle linux
Oracle linux
added 2023/05/15 12:0 a.m.51 views

grafana security and enhancement update

9.0.9-2 - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws 9.0.9-1 - update to 9.0.9 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-35957 grafana: Escalation from...

7.5CVSS6.9AI score0.02607EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/05/14 12:0 a.m.38 views

AlmaLinux 9 : grafana (ALSA-2023:2167)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2167 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing i...

7.5CVSS7AI score0.02607EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/05/09 9:50 a.m.34 views

Moderate: Red Hat Security Advisory: grafana security and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.7AI score0.02607EPSS
Exploits1References9
OSV
OSV
added 2023/05/09 12:0 a.m.65 views

ALSA-2023:2167 Moderate: grafana security and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

7.5CVSS7AI score0.02607EPSS
Exploits1References12
ALT Linux
ALT Linux
added 2023/01/31 12:0 a.m.52 views

Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1

8.5.20-alt1 built Jan. 31, 2023 Alexey Shabalin in task 314152 Jan. 25, 2023 Alexey Shabalin - 8.5.20 - Fixes: + CVE-2022-39307 + CVE-2022-39306 + CVE-2022-39229 + CVE-2022-39201 + CVE-2022-36062 + CVE-2022-35957 + CVE-2022-31130 + CVE-2022-31123 + CVE-2022-31107 + CVE-2022-31097 + CVE-2022-29170...

4.9CVSS6.5AI score0.68603EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/12/14 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2022:4428-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.88849EPSS
Exploits45References4
Tenable Nessus
Tenable Nessus
added 2022/09/21 12:0 a.m.46 views

FreeBSD : Grafana -- Privilege escalation (95e6e6ca-3986-11ed-8e0c-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 95e6e6ca-3986-11ed-8e0c-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5....

6.6CVSS7.6AI score0.01302EPSS
Exploits0References3
Chainguard
Chainguard
added 2022/09/20 11:15 p.m.611 views

CVE-2022-35957 vulnerabilities

Vulnerabilities for packages: grafana-fips...

6.6CVSS6.9AI score0.01302EPSS
Exploits0
OSV
OSV
added 2022/09/20 11:15 p.m.2 views

UBUNTU-CVE-2022-35957

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

6.6CVSS7.2AI score0.01302EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/20 12:0 a.m.7 views

CVE-2022-35957 Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

6.6CVSS6.8AI score0.01302EPSS
Exploits0References3
CVE
CVE
added 2022/09/20 12:0 a.m.955 views

CVE-2022-35957

Grafana (versions prior to 9.1.6 and 8.5.13) is affected by CVE-2022-35957, an escalation from admin to server admin when an Auth Proxy is used. The issue arises because authentication may rely on headers (X-WEBAUTH-USER) trusted by Grafana, allowing a user with admin privileges to gain server-ad...

6.6CVSS7.2AI score0.01302EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/20 12:0 a.m.29 views

CVE-2022-35957 Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

6.6CVSS7.2AI score0.01302EPSS
Exploits0References3
Rows per page
Query Builder