[FREEBSD:0859E6D5-0415-11ED-A53B-6C3BE5272ACD] Grafana -- OAuth Account Takeover

Severity High

Affected Packages 4

CVEs 1

Grafana Labs reports:

  It is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under some conditions.

Package	Affected Version
pkg:freebsd/grafana9	< 9.0.3
pkg:freebsd/grafana8	< 8.3.10
pkg:freebsd/grafana7
pkg:freebsd/grafana	< 8.3.10

ID

FREEBSD:0859E6D5-0415-11ED-A53B-6C3BE5272ACD

Severity

high

Severity from

CVE-2022-31107

URL

http://vuxml.freebsd.org/freebsd/0859e6d5-0415-11ed-a53b-6c3be5272acd.html

Published

2022-06-27T00:00:00
(2 years ago)

Modified

2022-07-15T00:00:00
(2 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/grafana9	grafana9	< 9.0.3
Affected	pkg:freebsd/grafana8	grafana8	< 8.3.10
Affected	pkg:freebsd/grafana7	grafana7
Affected	pkg:freebsd/grafana	grafana	< 8.3.10

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date