Lucene search
Veracode Vulnerability DatabaseVERACODE:37981HistoryNov 11, 2022 - 5:20 a.m.
Information Disclosure
2022-11-1105:20:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
27
0.001 Low
EPSS
Percentile
35.6%
github.com/grafana/grafana is vulnerable to information disclosure. The vulnerability is due to the SendResetPasswordEmail function in password.go exposing if a user does not exist in the database by an error message.
References
github.com/grafana/grafana/commit/11ab2c8b1b9238c7ca3470a6e254b5a0e9745e6e
github.com/grafana/grafana/commit/64017e8ca6825b79a2acb887a1c1d9088e47ed72
github.com/grafana/grafana/issues/596
github.com/grafana/grafana/issues/639
github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5
security.netapp.com/advisory/ntap-20221215-0004/
Related
alpinelinux
alpinelinux
CVE-2022-39307
2022-11-09 23:15:00
ubuntucve
ubuntucve
CVE-2022-39307
2022-11-09 00:00:00
nessus
nessus
cnvd
cnvd
Grafana Account Enumeration Vulnerability
2022-11-10 00:00:00
cve
cve
CVE-2022-39307
2022-11-09 23:15:12
prion
prion
Default credentials
2022-11-09 23:15:00
ibm
ibm
cgr
cgr
CVE-2022-39307 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
osv
osv
Grafana User enumeration via forget password in github.com/grafana/grafana
2024-06-05 15:10:42
CVE-2022-39307
2022-11-09 23:15:12
BIT-grafana-2022-39307
2024-03-06 10:54:48
nvd
nvd
CVE-2022-39307
2022-11-09 23:15:12
github
github
Grafana User enumeration via forget password
2024-05-14 22:29:31
openvas
openvas
Grafana < 8.5.15, 9 < 9.2.4 Multiple Vulnerabilities
2022-11-14 00:00:00
openSUSE: Security Advisory for grafana (SUSE-SU-2023:0362-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0362-1)
2023-02-13 00:00:00
redhatcve
redhatcve
freebsd
freebsd
Grafana -- Privilege escalation
2022-10-24 00:00:00
Grafana -- Privilege escalation
2022-11-08 00:00:00
Grafana -- Username enumeration
2022-10-24 00:00:00
oraclelinux
oraclelinux
grafana security and enhancement update
2023-11-11 00:00:00
almalinux
almalinux
Moderate: grafana security and enhancement update
2023-11-07 00:00:00
redhat
redhat
altlinux
altlinux
Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1
2023-01-31 00:00:00
redos
redos
ROS-20240404-01
2024-04-04 00:00:00