[FREEBSD:0A80F159-629B-11ED-9CA2-6C3BE5272ACD] Grafana -- Username enumeration

Severity Medium

Affected Packages 3

CVEs 1

Grafana Labs reports:

  When using the forget password on the login page, a POST request is made
  to the /api/user/password/sent-reset-email URL. When the username
  or email does not exist, a JSON response contains a “user not found” message.

  The CVSS score for this vulnerability is 5.3 Moderate

Package	Affected Version
pkg:freebsd/grafana9	< 9.2.4
pkg:freebsd/grafana8	< 8.5.15
pkg:freebsd/grafana	< 8.5.15

ID

FREEBSD:0A80F159-629B-11ED-9CA2-6C3BE5272ACD

Severity

medium

Severity from

CVE-2022-39307

URL

http://vuxml.freebsd.org/freebsd/0a80f159-629b-11ed-9ca2-6c3be5272acd.html

Published

2022-10-24T00:00:00
(23 months ago)

Modified

2022-11-12T00:00:00
(22 months ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/grafana9		grafana9	< 9.2.4
Affected	pkg:freebsd/grafana8		grafana8	< 8.5.15
Affected	pkg:freebsd/grafana		grafana	< 8.5.15

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date