Lucene search
K

10 matches found

OSV
OSV
added 2024/05/14 10:29 p.m.40 views

GHSA-P978-56HQ-R492 Grafana folders admin only permission privilege escalation

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control RBAC. Release 9.1.6, latest patch, also containing security fix: - Download Grafana...

7.6CVSS6AI score0.00612EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/14 10:29 p.m.38 views

Grafana folders admin only permission privilege escalation

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control RBAC. Release 9.1.6, latest patch, also containing security fix: - Download Grafana...

7.6CVSS7AI score0.00612EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2023/06/22 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2023:2578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.68603EPSS
Exploits9References19
OSV
OSV
added 2023/06/21 11:49 a.m.9 views

SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 Load network configuration even when missing protocol version bsc1210640...

9.8CVSS7.8AI score0.68603EPSS
Exploits9References32
OSV
OSV
added 2023/06/21 11:42 a.m.9 views

SUSE-SU-2023:2575-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: grafana: - Version update from 8.5.22 to 9.5.1 jscPED-3694: Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip bsc1209645 - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request...

9.8CVSS7.7AI score0.68603EPSS
Exploits8References25
ALT Linux
ALT Linux
added 2023/01/31 12:0 a.m.52 views

Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1

8.5.20-alt1 built Jan. 31, 2023 Alexey Shabalin in task 314152 Jan. 25, 2023 Alexey Shabalin - 8.5.20 - Fixes: + CVE-2022-39307 + CVE-2022-39306 + CVE-2022-39229 + CVE-2022-39201 + CVE-2022-36062 + CVE-2022-35957 + CVE-2022-31130 + CVE-2022-31123 + CVE-2022-31107 + CVE-2022-31097 + CVE-2022-29170...

4.9CVSS6.5AI score0.68603EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/12/14 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2022:4428-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.88849EPSS
Exploits45References4
Chainguard
Chainguard
added 2022/09/22 6:15 p.m.44 views

CVE-2022-36062 vulnerabilities

Vulnerabilities for packages: grafana-fips...

7.6CVSS6.7AI score0.00612EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/09/22 12:0 a.m.5 views

CVE-2022-36062 Grafana folders admin only permission privilege escalation

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...

7.6CVSS7.6AI score0.00612EPSS
Exploits0References2
CVE
CVE
added 2022/09/22 12:0 a.m.425 views

CVE-2022-36062

Grafana vulnerability CVE-2022-36062: Improper preservation of permissions during RBAC migrations can grant Editors/Viewers access to folders/dashboards with Admin-only permissions, enabling privilege escalation. Affected versions prior to 8.5.13, 9.0.9, and 9.1.6; patches are in those versions. ...

7.6CVSS5.8AI score0.00612EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder