9 matches found
GHSA-2X6G-H2HG-RQ84 Grafana Email addresses and usernames can not be trusted
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download...
Grafana Email addresses and usernames can not be trusted
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download...
openSUSE: Security Advisory for grafana (SUSE-SU-2023:0362-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: grafana security and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Security Bulletin: IBM Storage Ceph is vulnerable to improper input validation in Grafana (CVE-2022-39306)
Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-39306 Vulnerability Details CVEID: CVE-2022-39306 DESCRIPTION: Grafana could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper inp...
SUSE: Security Advisory (SUSE-SU-2023:0362-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1
8.5.20-alt1 built Jan. 31, 2023 Alexey Shabalin in task 314152 Jan. 25, 2023 Alexey Shabalin - 8.5.20 - Fixes: + CVE-2022-39307 + CVE-2022-39306 + CVE-2022-39229 + CVE-2022-39201 + CVE-2022-36062 + CVE-2022-35957 + CVE-2022-31130 + CVE-2022-31123 + CVE-2022-31107 + CVE-2022-31097 + CVE-2022-29170...
FreeBSD : Grafana -- Privilege escalation (6eb6a442-629a-11ed-9ca2-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6eb6a442-629a-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5....
CVE-2022-39306
CVE-2022-39306 affects Grafana prior to 9.2.4 (and 8.5.x backport to 8.5.15). The issue is improper input validation during the invitation/sign-up flow that admins use to add members to an organization. An invite link can be used to sign up with arbitrary username/email, enabling an attacker to b...