17 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to the Incorrect Authorization in Grafana (CVE-2023-6152)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-6152 Vulnerability Details CVEID:CVE-2023-6152 DESCRIPTION: A user changing their email after signing up and verifying it can change it...
Linux Distros Unpatched Vulnerability : CVE-2023-6152
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option verifyemailenable...
openSUSE Security Advisory (SUSE-SU-2024:1530-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:0545-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 jscPED-11591,jscPED-11649: Security issues fixed: CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto bsc1234554 CVE-2023-3128: Fixed...
openSUSE Security Advisory (SUSE-SU-2024:1530-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-2 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: CVE-2024-1313: Require same...
SUSE-SU-2024:1530-2 Security update for grafana and mybatis
This update for grafana and mybatis fixes the following issues: grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: CVE-2024-1313: Require same organisation when deleting snapshots bsc1222155 CVE-2023-6152: Add email verification when updating user email...
SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-1 advisory. grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: CVE-2024-1313: Require same...
SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:1508-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1508-1 advisory. golang-github-prometheus-nodeexporter: - Update to 1.7.0 jscPED-7893, jscPED-7928: FEATURE Add ZFS freebsd per dataset stats 2753...
CVE-2023-6152
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...
CVE-2023-6152 vulnerabilities
Vulnerabilities for packages: grafana...
CVE-2023-6152 vulnerabilities
Vulnerabilities for packages: grafana...
CVE-2023-6152
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...
CVE-2023-6152
CVE-2023-6152 describes an Incorrect Authorization flaw where a user can change their email after signup/verification without re-verification due to verify_email_enabled validating only at sign-up. Connected docs indicate Grafana/OpenTelemetry-Go Contrib prior to v0.46.0 contains a related issue ...
CVE-2023-6152
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...
CVE-2023-6152
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...