Lucene search
K

17 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 9:5 p.m.4 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Incorrect Authorization in Grafana (CVE-2023-6152)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-6152 Vulnerability Details CVEID:CVE-2023-6152 DESCRIPTION: A user changing their email after signing up and verifying it can change it...

5.4CVSS6.6AI score0.01385EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2023-6152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option verifyemailenable...

5.4CVSS7AI score0.01385EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.10 views

openSUSE Security Advisory (SUSE-SU-2024:1530-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.7AI score0.01385EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2025/02/18 12:0 a.m.12 views

openSUSE Security Advisory (SUSE-SU-2025:0545-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.04094EPSS
Exploits3References15
SUSE Linux
SUSE Linux
added 2025/02/14 7:24 a.m.5 views

Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 jscPED-11591,jscPED-11649: Security issues fixed: CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto bsc1234554 CVE-2023-3128: Fixed...

9.4CVSS8.3AI score0.04094EPSS
Exploits3References26
OpenVAS
OpenVAS
added 2024/06/29 12:0 a.m.26 views

openSUSE Security Advisory (SUSE-SU-2024:1530-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.7AI score0.01385EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/06/25 12:0 a.m.32 views

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-2 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: CVE-2024-1313: Require same...

6.5CVSS6.8AI score0.01385EPSS
Exploits1References7
OSV
OSV
added 2024/06/24 4:19 p.m.21 views

SUSE-SU-2024:1530-2 Security update for grafana and mybatis

This update for grafana and mybatis fixes the following issues: grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: CVE-2024-1313: Require same organisation when deleting snapshots bsc1222155 CVE-2023-6152: Add email verification when updating user email...

6.5CVSS6.3AI score0.01385EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/05/07 12:0 a.m.35 views

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-1 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: CVE-2024-1313: Require same...

6.5CVSS6.8AI score0.01385EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/05/07 12:0 a.m.41 views

SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:1508-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1508-1 advisory. golang-github-prometheus-nodeexporter: - Update to 1.7.0 jscPED-7893, jscPED-7928: FEATURE Add ZFS freebsd per dataset stats 2753...

6.5CVSS6.9AI score0.01385EPSS
Exploits1References8
NVD
NVD
added 2024/02/13 10:15 p.m.25 views

CVE-2023-6152

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...

5.4CVSS5.8AI score0.01385EPSS
Exploits1References3
Chainguard
Chainguard
added 2024/02/13 10:15 p.m.67 views

CVE-2023-6152 vulnerabilities

Vulnerabilities for packages: grafana...

5.4CVSS6.7AI score0.01385EPSS
Exploits1
Wolfi
Wolfi
added 2024/02/13 10:15 p.m.51 views

CVE-2023-6152 vulnerabilities

Vulnerabilities for packages: grafana...

5.4CVSS7.2AI score0.01385EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2024/02/13 10:15 p.m.36 views

CVE-2023-6152

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...

5.4CVSS6.8AI score0.01385EPSS
Exploits1References3
CVE
CVE
added 2024/02/13 9:38 p.m.378 views

CVE-2023-6152

CVE-2023-6152 describes an Incorrect Authorization flaw where a user can change their email after signup/verification without re-verification due to verify_email_enabled validating only at sign-up. Connected docs indicate Grafana/OpenTelemetry-Go Contrib prior to v0.46.0 contains a related issue ...

5.4CVSS5.4AI score0.01385EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/02/13 9:38 p.m.59 views

CVE-2023-6152

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...

5.4CVSS5.8AI score0.01385EPSS
Exploits1References2
OSV
OSV
added 2024/02/13 9:38 p.m.10 views

CVE-2023-6152

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...

5.4CVSS5.6AI score0.01385EPSS
Exploits1References5
Rows per page
Query Builder