[FREEBSD:0A80F159-629B-11ED-9CA2-6C3BE5272ACD] Grafana -- Username enumeration
Severity
Medium
Affected Packages
3
CVEs
1
Grafana Labs reports:
When using the forget password on the login page, a POST request is made
to the /api/user/password/sent-reset-email URL. When the username
or email does not exist, a JSON response contains a “user not found” message.
The CVSS score for this vulnerability is 5.3 Moderate
Package | Affected Version |
---|---|
pkg:freebsd/grafana9 | < 9.2.4 |
pkg:freebsd/grafana8 | < 8.5.15 |
pkg:freebsd/grafana | < 8.5.15 |
- ID
- FREEBSD:0A80F159-629B-11ED-9CA2-6C3BE5272ACD
- Severity
- medium
- Severity from
- CVE-2022-39307
- URL
- http://vuxml.freebsd.org/freebsd/0a80f159-629b-11ed-9ca2-6c3be5272acd.html
- Published
-
2022-10-24T00:00:00
(23 months ago) - Modified
-
2022-11-12T00:00:00
(22 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |