[FEDORA-2022-c5383675d9] Fedora 36: grafana
Severity
High
Affected Packages
1
CVEs
6
- update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible
Package | Affected Version |
---|---|
pkg:rpm/fedora/grafana?distro=fedora-36 | < 7.5.15.2.fc36 |
- ID
- FEDORA-2022-c5383675d9
- Severity
- high
- Severity from
- CVE-2022-21703
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2022-c5383675d9
- Published
-
2022-05-07T04:56:19
(2 years ago) - Modified
-
2022-05-07T04:56:19
(2 years ago) - Rights
- Copyright 2022 Red Hat, Inc.
- Other Advisories
-
- ALPINE:CVE-2022-21673
- ALPINE:CVE-2022-21698
- ALPINE:CVE-2022-21702
- ALPINE:CVE-2022-21703
- ALPINE:CVE-2022-21713
- ALSA-2022:1762
- ALSA-2022:7519
- ALSA-2022:7529
- ALSA-2022:8057
- ELSA-2022-1762
- ELSA-2022-7519
- ELSA-2022-7529
- ELSA-2022-8057
- FEDORA-2022-13ad572b5a
- FEDORA-2022-2067702f06
- FEDORA-2022-3969b64d4b
- FEDORA-2022-396c568c5e
- FEDORA-2022-5038c3236c
- FEDORA-2022-5e637f6cc6
- FEDORA-2022-5f253807ce
- FEDORA-2022-6043a7b938
- FEDORA-2022-6c4cb64314
- FEDORA-2022-739c7a0058
- FEDORA-2022-741325e9a0
- FEDORA-2022-83405f9d5b
- FEDORA-2022-92ef43c439
- FEDORA-2022-9dd03cab55
- FEDORA-2022-a7d438b30b
- FEDORA-2022-c87047f163
- FEDORA-2022-e244ad73d6
- FEDORA-2022-eda0e65b01
- FEDORA-2022-fae3ecee19
- FREEBSD:CECBC674-8B83-11EC-B369-6C3BE5272ACD
- FREEBSD:D4284C2E-8B83-11EC-B369-6C3BE5272ACD
- FREEBSD:D71D154A-8B83-11EC-B369-6C3BE5272ACD
- GO-2022-0322
- MS:CVE-2022-21698
- NPM:GHSA-HQQ7-2Q2V-82XQ
- RHSA-2022:1762
- RHSA-2022:7519
- RHSA-2022:7529
- RHSA-2022:8057
- RLSA-2022:1762
- RLSA-2022:7519
- RLSA-2022:7529
- RLSA-2022:8057
- SUSE-SU-2022:0751-1
- SUSE-SU-2022:1396-1
- SUSE-SU-2022:1433-1
- SUSE-SU-2022:1434-1
- SUSE-SU-2022:1435-1
- SUSE-SU-2022:1531-1
- SUSE-SU-2022:1545-1
- SUSE-SU-2022:2134-1
- SUSE-SU-2022:2137-1
- SUSE-SU-2022:2139-1
- SUSE-SU-2022:2140-1
- SUSE-SU-2022:2145-1
- SUSE-SU-2022:2834-1
- SUSE-SU-2022:2839-1
- SUSE-SU-2022:2839-2
- SUSE-SU-2022:3676-1
- SUSE-SU-2022:3745-1
- SUSE-SU-2022:3747-1
- SUSE-SU-2022:3765-1
- SUSE-SU-2024:0191-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 2053454 | Bug #2053454 - CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2053454 |
Bugzilla | 2066482 | Bug #2066482 - CVE-2021-23648 grafana: sanitize-url: XSS [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2066482 |
Bugzilla | 2067414 | Bug #2067414 - CVE-2022-21698 grafana: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2067414 |
Bugzilla | 2053455 | Bug #2053455 - CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2053455 |
Bugzilla | 2046615 | Bug #2046615 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2046615 |
Bugzilla | 2053453 | Bug #2053453 - CVE-2022-21702 grafana: XSS vulnerability in data source handling [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2053453 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/grafana?distro=fedora-36 | fedora | grafana | < 7.5.15.2.fc36 | fedora-36 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |