[ELSA-2022-7519] grafana security, bug fix, and enhancement update
[7.5.15-3]
- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
[7.5.15-2]
- resolve CVE-2022-31107 grafana: OAuth account takeover
[7.5.15-1]
- update to 7.5.15 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
- resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
- resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
- resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
- resolve CVE-2021-23648 sanitize-url: XSS
- resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
- declare Node.js dependencies of subpackages
- make vendor and webpack tarballs reproducible
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/grafana?distro=oraclelinux-8 | < 7.5.15-3.el8 |
- ID
- ELSA-2022-7519
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2022-7519.html
- Published
-
2022-11-15T00:00:00
(22 months ago) - Modified
-
2022-11-15T00:00:00
(22 months ago) - Rights
- Copyright 2022 Oracle, Inc.
- Other Advisories
-
- ALAS-2022-1635
- ALAS2-2022-1846
- ALAS2-2022-1847
- ALAS2-2022-1858
- ALAS2-2022-1859
- ALAS2-2022-1860
- ALAS2-2022-1861
- ALAS2-2022-1862
- ALAS2-2022-1863
- ALAS2-2022-1864
- ALAS2-2022-1865
- ALPINE:CVE-2022-1705
- ALPINE:CVE-2022-1962
- ALPINE:CVE-2022-21673
- ALPINE:CVE-2022-21698
- ALPINE:CVE-2022-21702
- ALPINE:CVE-2022-21703
- ALPINE:CVE-2022-21713
- ALPINE:CVE-2022-28131
- ALPINE:CVE-2022-30630
- ALPINE:CVE-2022-30631
- ALPINE:CVE-2022-30632
- ALPINE:CVE-2022-30633
- ALPINE:CVE-2022-30635
- ALPINE:CVE-2022-32148
- ALSA-2022:1762
- ALSA-2022:5775
- ALSA-2022:5799
- ALSA-2022:7129
- ALSA-2022:7519
- ALSA-2022:7529
- ALSA-2022:7648
- ALSA-2022:8057
- ALSA-2022:8098
- ALSA-2022:8250
- ALSA-2023:2357
- ALSA-2023:2758
- ALSA-2023:2802
- ALSA-2024:2180
- ELSA-2022-1762
- ELSA-2022-23681
- ELSA-2022-24267
- ELSA-2022-5775
- ELSA-2022-5799
- ELSA-2022-7129
- ELSA-2022-7529
- ELSA-2022-7648
- ELSA-2022-8057
- ELSA-2022-8250
- ELSA-2023-2357
- ELSA-2023-2758
- ELSA-2023-2802
- ELSA-2024-2180
- FEDORA-2022-13ad572b5a
- FEDORA-2022-2067702f06
- FEDORA-2022-30c5ed5625
- FEDORA-2022-3969b64d4b
- FEDORA-2022-396c568c5e
- FEDORA-2022-5038c3236c
- FEDORA-2022-5e637f6cc6
- FEDORA-2022-5f253807ce
- FEDORA-2022-6043a7b938
- FEDORA-2022-6c4cb64314
- FEDORA-2022-739c7a0058
- FEDORA-2022-741325e9a0
- FEDORA-2022-83405f9d5b
- FEDORA-2022-92ef43c439
- FEDORA-2022-9dd03cab55
- FEDORA-2022-a7d438b30b
- FEDORA-2022-c5383675d9
- FEDORA-2022-c87047f163
- FEDORA-2022-e244ad73d6
- FEDORA-2022-eda0e65b01
- FEDORA-2022-fae3ecee19
- FREEBSD:A4F2416C-02A0-11ED-B817-10C37B4AC2EA
- FREEBSD:CECBC674-8B83-11EC-B369-6C3BE5272ACD
- FREEBSD:D4284C2E-8B83-11EC-B369-6C3BE5272ACD
- FREEBSD:D71D154A-8B83-11EC-B369-6C3BE5272ACD
- GLSA-202208-02
- GO-2022-0322
- GO-2022-0515
- GO-2022-0520
- GO-2022-0521
- GO-2022-0522
- GO-2022-0523
- GO-2022-0524
- GO-2022-0525
- GO-2022-0526
- GO-2022-0527
- MS:CVE-2022-1705
- MS:CVE-2022-1962
- MS:CVE-2022-21698
- MS:CVE-2022-28131
- MS:CVE-2022-30630
- MS:CVE-2022-30631
- MS:CVE-2022-30632
- MS:CVE-2022-30633
- MS:CVE-2022-30635
- MS:CVE-2022-32148
- NPM:GHSA-HQQ7-2Q2V-82XQ
- RHSA-2022:1762
- RHSA-2022:5775
- RHSA-2022:5799
- RHSA-2022:7129
- RHSA-2022:7519
- RHSA-2022:7529
- RHSA-2022:7648
- RHSA-2022:8057
- RHSA-2022:8098
- RHSA-2022:8250
- RHSA-2023:2357
- RHSA-2023:2758
- RHSA-2023:2802
- RHSA-2024:2180
- RLSA-2022:1762
- RLSA-2022:5775
- RLSA-2022:7129
- RLSA-2022:7519
- RLSA-2022:7529
- RLSA-2022:7648
- RLSA-2022:8057
- RLSA-2022:8098
- RLSA-2022:8250
- SUSE-SU-2022:0751-1
- SUSE-SU-2022:1396-1
- SUSE-SU-2022:1433-1
- SUSE-SU-2022:1434-1
- SUSE-SU-2022:1435-1
- SUSE-SU-2022:1531-1
- SUSE-SU-2022:1545-1
- SUSE-SU-2022:2134-1
- SUSE-SU-2022:2137-1
- SUSE-SU-2022:2139-1
- SUSE-SU-2022:2140-1
- SUSE-SU-2022:2145-1
- SUSE-SU-2022:2671-1
- SUSE-SU-2022:2672-1
- SUSE-SU-2022:2834-1
- SUSE-SU-2022:2839-1
- SUSE-SU-2022:2839-2
- SUSE-SU-2022:3676-1
- SUSE-SU-2022:3745-1
- SUSE-SU-2022:3747-1
- SUSE-SU-2022:3765-1
- SUSE-SU-2023:2312-1
- SUSE-SU-2024:0191-1
- USN-6038-1
- USN-6038-2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/grafana?distro=oraclelinux-8 | oraclelinux | grafana | < 7.5.15-3.el8 | oraclelinux-8 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |