Lucene search

AlmaLinuxALSA-2022:1781

HistoryMay 10, 2022 - 6:25 a.m.

Low: grafana security, bug fix, and enhancement update

2022-05-1006:25:23

errata.almalinux.org

grafana

security fix

directory traversal

cvss score

upgrade

bug fix

enhancement

upstream version

metrics dashboard

graphite

influxdb

opentsdb

cve-2021-43813

vulnerability

7.5.11

almalinux

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.012

Percentile

85.0%

JSON

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

The following packages have been upgraded to a later upstream version: grafana (7.5.11). (BZ#1993214)

Security Fix(es):

grafana: directory traversal vulnerability (CVE-2021-43813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8aarch64grafana< 7.5.11-2.el8grafana-7.5.11-2.el8.aarch64.rpm
almalinux8x86_64grafana< 7.5.11-2.el8grafana-7.5.11-2.el8.x86_64.rpm
almalinux8ppc64legrafana< 7.5.11-2.el8grafana-7.5.11-2.el8.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	aarch64	grafana	< 7.5.11-2.el8	grafana-7.5.11-2.el8.aarch64.rpm
almalinux	8	x86_64	grafana	< 7.5.11-2.el8	grafana-7.5.11-2.el8.x86_64.rpm
almalinux	8	ppc64le	grafana	< 7.5.11-2.el8	grafana-7.5.11-2.el8.ppc64le.rpm