First published: Tue May 09 2023(Updated: )
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. <br>Security Fix(es):<br><li> golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)</li> <li> golang: net/<a href="http:" target="_blank">http:</a> handle server errors after sending GOAWAY (CVE-2022-27664)</li> <li> grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)</li> <li> grafana: using email as a username can block other users from signing in (CVE-2022-39229)</li> <li> golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/grafana | <9.0.9-2.el9 | 9.0.9-2.el9 |
redhat/grafana | <9.0.9-2.el9 | 9.0.9-2.el9 |
redhat/grafana-debuginfo | <9.0.9-2.el9 | 9.0.9-2.el9 |
redhat/grafana-debugsource | <9.0.9-2.el9 | 9.0.9-2.el9 |
redhat/grafana-debuginfo | <9.0.9-2.el9 | 9.0.9-2.el9 |
redhat/grafana-debugsource | <9.0.9-2.el9 | 9.0.9-2.el9 |
redhat/grafana | <9.0.9-2.el9 | 9.0.9-2.el9 |
redhat/grafana-debuginfo | <9.0.9-2.el9 | 9.0.9-2.el9 |
redhat/grafana-debugsource | <9.0.9-2.el9 | 9.0.9-2.el9 |
redhat/grafana | <9.0.9-2.el9.aa | 9.0.9-2.el9.aa |
redhat/grafana-debuginfo | <9.0.9-2.el9.aa | 9.0.9-2.el9.aa |
redhat/grafana-debugsource | <9.0.9-2.el9.aa | 9.0.9-2.el9.aa |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.