[FREEBSD:4E60D660-6298-11ED-9CA2-6C3BE5272ACD] Grafana -- Plugin signature bypass

Severity High

Affected Packages 4

CVEs 1

Grafana Labs reports:

  On July 4th as a result of an internal security audit we have discovered
  a bypass in the plugin signature verification by exploiting a versioning flaw.
  We believe that this vulnerability is rated at CVSS 6.1
  (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L).

Package	Affected Version
pkg:freebsd/grafana9	< 9.1.8
pkg:freebsd/grafana8	< 8.5.14
pkg:freebsd/grafana7
pkg:freebsd/grafana	< 8.5.14

ID

FREEBSD:4E60D660-6298-11ED-9CA2-6C3BE5272ACD

Severity

high

Severity from

CVE-2022-31123

URL

http://vuxml.freebsd.org/freebsd/4e60d660-6298-11ed-9ca2-6c3be5272acd.html

Published

2022-07-04T00:00:00
(2 years ago)

Modified

2022-11-12T00:00:00
(22 months ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/grafana9	grafana9	< 9.1.8
Affected	pkg:freebsd/grafana8	grafana8	< 8.5.14
Affected	pkg:freebsd/grafana7	grafana7
Affected	pkg:freebsd/grafana	grafana	< 8.5.14

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date