[FREEBSD:0B85B1CD-E468-11ED-834B-6C3BE5272ACD] Grafana -- Critical vulnerability in golang
Severity
Critical
Affected Packages
3
CVEs
1
Grafana Labs reports:
An issue in how go handles backticks (`) with Javascript can lead to
an injection of arbitrary code into go templates. While Grafana Labs software
contains potentially vulnerable versions of go, we have not identified any
exploitable use cases at this time.
The CVSS score for this vulnerability is 0.0 (adjusted), 9.8 (base).
Package | Affected Version |
---|---|
pkg:freebsd/grafana9 | < 9.2.17 |
pkg:freebsd/grafana8 | < 8.5.24 |
pkg:freebsd/grafana | < 8.5.24 |
- ID
- FREEBSD:0B85B1CD-E468-11ED-834B-6C3BE5272ACD
- Severity
- critical
- Severity from
- CVE-2023-24538
- URL
- http://vuxml.freebsd.org/freebsd/0b85b1cd-e468-11ed-834b-6c3be5272acd.html
- Published
-
2023-04-19T00:00:00
(17 months ago) - Modified
-
2023-04-26T00:00:00
(17 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS-2023-1731
- ALAS-2023-1848
- ALAS-2023-1866
- ALAS2-2023-2015
- ALAS2-2023-2163
- ALAS2-2023-2303
- ALPINE:CVE-2023-24538
- ALSA-2023:6346
- ALSA-2023:6363
- ALSA-2023:6402
- ALSA-2023:6473
- ALSA-2023:6474
- ALSA-2023:6938
- ALSA-2023:6939
- ELSA-2023-6363
- ELSA-2023-6402
- ELSA-2023-6473
- ELSA-2023-6474
- ELSA-2023-6938
- ELSA-2023-6939
- FREEBSD:348EE234-D541-11ED-AD86-A134A566F1E6
- GLSA-202311-09
- GO-2023-1703
- RHSA-2023:3318
- RHSA-2023:3319
- RHSA-2023:6346
- RHSA-2023:6363
- RHSA-2023:6402
- RHSA-2023:6473
- RHSA-2023:6474
- RHSA-2023:6938
- RHSA-2023:6939
- SUSE-SU-2023:1791-1
- SUSE-SU-2023:1792-1
- SUSE-SU-2023:2105-1
- SUSE-SU-2023:2105-2
- SUSE-SU-2023:2127-1
- USN-6038-1
- USN-6038-2
- USN-6140-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/ |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |