Lucene search
K

9 matches found

OSV
OSV
added 2024/05/14 10:29 p.m.43 views

GHSA-2X6G-H2HG-RQ84 Grafana Email addresses and usernames can not be trusted

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download...

7.2CVSS8.2AI score0.0074EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/14 10:29 p.m.46 views

Grafana Email addresses and usernames can not be trusted

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download...

8.1CVSS7AI score0.0074EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.31 views

openSUSE: Security Advisory for grafana (SUSE-SU-2023:0362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.8AI score0.01228EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/07 8:59 a.m.48 views

Moderate: Red Hat Security Advisory: grafana security and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.7AI score0.05623EPSS
Exploits1References13
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:34 p.m.31 views

Security Bulletin: IBM Storage Ceph is vulnerable to improper input validation in Grafana (CVE-2022-39306)

Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-39306 Vulnerability Details CVEID: CVE-2022-39306 DESCRIPTION: Grafana could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper inp...

8.1CVSS6.3AI score0.0074EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/02/13 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2023:0362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.2AI score0.01228EPSS
Exploits0References2
ALT Linux
ALT Linux
added 2023/01/31 12:0 a.m.52 views

Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1

8.5.20-alt1 built Jan. 31, 2023 Alexey Shabalin in task 314152 Jan. 25, 2023 Alexey Shabalin - 8.5.20 - Fixes: + CVE-2022-39307 + CVE-2022-39306 + CVE-2022-39229 + CVE-2022-39201 + CVE-2022-36062 + CVE-2022-35957 + CVE-2022-31130 + CVE-2022-31123 + CVE-2022-31107 + CVE-2022-31097 + CVE-2022-29170...

4.9CVSS6.5AI score0.68603EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/13 12:0 a.m.37 views

FreeBSD : Grafana -- Privilege escalation (6eb6a442-629a-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6eb6a442-629a-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5....

8.1CVSS7.9AI score0.0074EPSS
Exploits0References3
CVE
CVE
added 2022/11/09 12:0 a.m.237 views

CVE-2022-39306

CVE-2022-39306 affects Grafana prior to 9.2.4 (and 8.5.x backport to 8.5.15). The issue is improper input validation during the invitation/sign-up flow that admins use to add members to an organization. An invite link can be used to sign up with arbitrary username/email, enabling an attacker to b...

8.1CVSS6.8AI score0.0074EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder