Lucene search
K

10 matches found

OSV
OSV
added 2024/05/14 10:29 p.m.32 views

GHSA-3P62-42X7-GXG5 Grafana User enumeration via forget password

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download Grafana 9.2...

7.3CVSS6.7AI score0.00696EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/14 10:29 p.m.37 views

Grafana User enumeration via forget password

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download Grafana 9.2...

6.7CVSS6.8AI score0.00696EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.31 views

openSUSE: Security Advisory for grafana (SUSE-SU-2023:0362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.8AI score0.01228EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/07 8:59 a.m.48 views

Moderate: Red Hat Security Advisory: grafana security and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.7AI score0.05623EPSS
Exploits1References13
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:40 p.m.29 views

Security Bulletin: IBM Storage Ceph is vulnerable to exposure of sensitive information to an unauthorized actor in Grafana (CVE-2022-39307)

Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-39307 Vulnerability Details CVEID: CVE-2022-39307 DESCRIPTION: Grafana could allow a remote attacker to obtain sensitive information, caused by an error related to the use of the...

6.7CVSS6.3AI score0.00696EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/02/13 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2023:0362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.2AI score0.01228EPSS
Exploits0References2
ALT Linux
ALT Linux
added 2023/01/31 12:0 a.m.52 views

Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1

8.5.20-alt1 built Jan. 31, 2023 Alexey Shabalin in task 314152 Jan. 25, 2023 Alexey Shabalin - 8.5.20 - Fixes: + CVE-2022-39307 + CVE-2022-39306 + CVE-2022-39229 + CVE-2022-39201 + CVE-2022-36062 + CVE-2022-35957 + CVE-2022-31130 + CVE-2022-31123 + CVE-2022-31107 + CVE-2022-31097 + CVE-2022-29170...

4.9CVSS6.5AI score0.68603EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/13 12:0 a.m.37 views

FreeBSD : Grafana -- Username enumeration (0a80f159-629b-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a80f159-629b-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. When using the forget password o...

6.7CVSS7.2AI score0.00696EPSS
Exploits0References3
Chainguard
Chainguard
added 2022/11/09 11:15 p.m.587 views

CVE-2022-39307 vulnerabilities

Vulnerabilities for packages: grafana-fips...

6.7CVSS6.8AI score0.00696EPSS
Exploits0
CVE
CVE
added 2022/11/09 12:0 a.m.940 views

CVE-2022-39307

Grafana exposes user-enumeration via the forget-password flow. A POST to /api/user/password/sent-reset-email leaks whether a username/email exists by returning a “user not found” message, enabling information disclosure to unauthenticated users. Affected are Grafana installations (versions <= ...

6.7CVSS6.1AI score0.00696EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder