20 matches found
GHSA-W7PM-9G55-MXFM stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment
Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...
OESA-2025-1189 grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...
OESA-2025-1186 grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...
GHSA-RHXJ-GH46-JVW8 Grafana Plugin signature bypass
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31123 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
BIT-GRAFANA-2022-31123 Grafana plugin signature bypass vulnerability
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...
RHEL 9 : grafana (RHSA-2023:6420)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6420 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana:...
SUSE CVE-2022-31123
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:0362-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0362-1 advisory. - Grafana is an open source observability and data visualization platform. Versions prior to 9.1...
openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:0353-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0353-1 advisory. - Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugi...
SUSE-SU-2023:0362-1 Security update for grafana
This update for grafana fixes the following issues: - Version update from 8.5.13 to 8.5.15 jscPED-2617: CVE-2022-39306: Security fix for privilege escalation bsc1205225 CVE-2022-39307: Omit error from http response when user does not exists bsc1205227 CVE-2022-39201: Do not forward login cookie i...
FreeBSD : Grafana -- Plugin signature bypass (4e60d660-6298-11ed-9ca2-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4e60d660-6298-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and...
CVE-2022-31123
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...
CVE-2022-31123
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...
Design/Logic Flaw
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...
CVE-2022-31123
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...
CVE-2022-31123
Grafana contains a plugin-signature verification bypass (CVE-2022-31123) due to a versioning flaw in signed/unsigned plugin handling. A local authenticated attacker could persuade a server admin to load a malicious unsigned plugin. Affected CTs: Grafana versions prior to 9.1.8 and 8.5.14. Remedia...
Plugin signature bypass
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...
Grafana -- Plugin signature bypass
Grafana Labs reports: On July 4th as a result of an internal security audit we have discovered a bypass in the plugin signature verification by exploiting a versioning flaw. We believe that this vulnerability is rated at CVSS 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L...
Adobe Reader Plugin Signature Bypass Vulnerability - Windows
Adobe Reader is prone to plugin signature bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Adobe Reader Plugin Signature Bypass Vulnerability - Mac OS X
Adobe Reader is prone to plugin signature bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...