Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:12 a.m.66 views

Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in Grafana (CVE-2023-1387)

Summary Grafana is used by IBM Storage Ceph in the dashboard. CVE-2023-1387 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-1387 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive informatio...

7.5CVSS5.4AI score0.01504EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-1387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL...

7.5CVSS7.9AI score0.01504EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/06/22 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2023:2578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.68603EPSS
Exploits9References19
OSV
OSV
added 2023/06/21 11:49 a.m.10 views

SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 Load network configuration even when missing protocol version bsc1210640...

9.8CVSS7.8AI score0.68603EPSS
Exploits9References32
OSV
OSV
added 2023/06/21 11:42 a.m.9 views

SUSE-SU-2023:2575-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: grafana: - Version update from 8.5.22 to 9.5.1 jscPED-3694: Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip bsc1209645 - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request...

9.8CVSS7.7AI score0.68603EPSS
Exploits8References25
OpenVAS
OpenVAS
added 2023/04/27 12:0 a.m.16 views

Grafana 9.1.0 < 9.2.17, 9.3.x < 9.3.13, 9.4.x < 9.4.9 Information Disclosure Vulnerability

Grafana is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:grafana:grafana"; if...

7.5CVSS7.3AI score0.01504EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/04/26 2:15 p.m.61 views

CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...

7.5CVSS7.1AI score0.01504EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/04/26 1:47 p.m.11 views

CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...

4.2CVSS5.7AI score0.01504EPSS
Exploits1References3
Rows per page
Query Builder