First published: Tue May 16 2023(Updated: )
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. <br>Security Fix(es):<br><li> golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)</li> <li> golang: net/<a href="http:" target="_blank">http:</a> handle server errors after sending GOAWAY (CVE-2022-27664)</li> <li> grafana: using email as a username can block other users from signing in (CVE-2022-39229)</li> <li> golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/grafana | <7.5.15-4.el8 | 7.5.15-4.el8 |
redhat/grafana | <7.5.15-4.el8 | 7.5.15-4.el8 |
redhat/grafana-debuginfo | <7.5.15-4.el8 | 7.5.15-4.el8 |
redhat/grafana-debuginfo | <7.5.15-4.el8 | 7.5.15-4.el8 |
redhat/grafana | <7.5.15-4.el8 | 7.5.15-4.el8 |
redhat/grafana-debuginfo | <7.5.15-4.el8 | 7.5.15-4.el8 |
redhat/grafana | <7.5.15-4.el8.aa | 7.5.15-4.el8.aa |
redhat/grafana-debuginfo | <7.5.15-4.el8.aa | 7.5.15-4.el8.aa |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.