10 matches found
GHSA-3P62-42X7-GXG5 Grafana User enumeration via forget password
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download Grafana 9.2...
Grafana User enumeration via forget password
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download Grafana 9.2...
openSUSE: Security Advisory for grafana (SUSE-SU-2023:0362-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: grafana security and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Security Bulletin: IBM Storage Ceph is vulnerable to exposure of sensitive information to an unauthorized actor in Grafana (CVE-2022-39307)
Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-39307 Vulnerability Details CVEID: CVE-2022-39307 DESCRIPTION: Grafana could allow a remote attacker to obtain sensitive information, caused by an error related to the use of the...
SUSE: Security Advisory (SUSE-SU-2023:0362-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1
8.5.20-alt1 built Jan. 31, 2023 Alexey Shabalin in task 314152 Jan. 25, 2023 Alexey Shabalin - 8.5.20 - Fixes: + CVE-2022-39307 + CVE-2022-39306 + CVE-2022-39229 + CVE-2022-39201 + CVE-2022-36062 + CVE-2022-35957 + CVE-2022-31130 + CVE-2022-31123 + CVE-2022-31107 + CVE-2022-31097 + CVE-2022-29170...
FreeBSD : Grafana -- Username enumeration (0a80f159-629b-11ed-9ca2-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a80f159-629b-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. When using the forget password o...
CVE-2022-39307 vulnerabilities
Vulnerabilities for packages: grafana-fips...
CVE-2022-39307
Grafana exposes user-enumeration via the forget-password flow. A POST to /api/user/password/sent-reset-email leaks whether a username/email exists by returning a “user not found” message, enabling information disclosure to unauthenticated users. Affected are Grafana installations (versions <= ...