[FREEBSD:6EB6A442-629A-11ED-9CA2-6C3BE5272ACD] Grafana -- Privilege escalation

Severity High

Affected Packages 3

CVEs 1

Grafana Labs reports:

  Grafana admins can invite other members to the organization they are
  an admin for. When admins add members to the organization, non existing users
  get an email invite, existing members are added directly to the organization.
  When an invite link is sent, it allows users to sign up with whatever
  username/email address the user chooses and become a member of the organization.

  The CVSS score for this vulnerability is 6.4 Moderate

Package	Affected Version
pkg:freebsd/grafana9	< 9.2.4
pkg:freebsd/grafana8	< 8.5.15
pkg:freebsd/grafana	< 8.5.15

ID

FREEBSD:6EB6A442-629A-11ED-9CA2-6C3BE5272ACD

Severity

high

Severity from

CVE-2022-39306

URL

http://vuxml.freebsd.org/freebsd/6eb6a442-629a-11ed-9ca2-6c3be5272acd.html

Published

2022-10-24T00:00:00
(23 months ago)

Modified

2022-11-12T00:00:00
(22 months ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/grafana9		grafana9	< 9.2.4
Affected	pkg:freebsd/grafana8		grafana8	< 8.5.15
Affected	pkg:freebsd/grafana		grafana	< 8.5.15

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date