[FREEBSD:6EB6A442-629A-11ED-9CA2-6C3BE5272ACD] Grafana -- Privilege escalation
Severity
High
Affected Packages
3
CVEs
1
Grafana Labs reports:
Grafana admins can invite other members to the organization they are
an admin for. When admins add members to the organization, non existing users
get an email invite, existing members are added directly to the organization.
When an invite link is sent, it allows users to sign up with whatever
username/email address the user chooses and become a member of the organization.
The CVSS score for this vulnerability is 6.4 Moderate
Package | Affected Version |
---|---|
pkg:freebsd/grafana9 | < 9.2.4 |
pkg:freebsd/grafana8 | < 8.5.15 |
pkg:freebsd/grafana | < 8.5.15 |
- ID
- FREEBSD:6EB6A442-629A-11ED-9CA2-6C3BE5272ACD
- Severity
- high
- Severity from
- CVE-2022-39306
- URL
- http://vuxml.freebsd.org/freebsd/6eb6a442-629a-11ed-9ca2-6c3be5272acd.html
- Published
-
2022-10-24T00:00:00
(23 months ago) - Modified
-
2022-11-12T00:00:00
(22 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |