Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD4E60D660-6298-11ED-9CA2-6C3BE5272ACD
HistoryJul 04, 2022 - 12:00 a.m.

Grafana -- Plugin signature bypass

2022-07-0400:00:00
vuxml.freebsd.org
13
grafana
plugin signature bypass
security audit
versioning flaw
vulnerability
cvss 6.1
unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

48.4%

JSON

Grafana Labs reports:

On July 4th as a result of an internal security audit we have discovered
a bypass in the plugin signature verification by exploiting a versioning flaw.
We believe that this vulnerability is rated at CVSS 6.1
(CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L).

Related

freebsd 3
osv 24
nessus 17
openvas 6
altlinux 1
veracode 4
alpinelinux 4
ibm 5
github 4
cvelist 4
redhatcve 4
nvd 4
ubuntucve 4
cve 4
cgr 4
prion 4
cnvd 1
oraclelinux 3
redhat 6
almalinux 3
redos 1
wallarmlab 1
oracle 1
freebsd
freebsd
Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
2022-09-07 00:00:00
Grafana -- Improper authentication
2022-09-07 00:00:00
Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
2022-06-26 00:00:00
osv
osv
grafana-8.5.14-1.1 on GA media
2024-06-15 00:00:00
Grafana Plugin signature bypass
2024-05-14 22:22:57
BIT-grafana-2022-31123
2024-03-06 10:56:23
nessus
nessus
openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:0353-1)
2023-02-14 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:0362-1)
2023-02-14 00:00:00
FreeBSD : Grafana -- Plugin signature bypass (4e60d660-6298-11ed-9ca2-6c3be5272acd)
2022-11-13 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0362-1)
2023-02-13 00:00:00
openSUSE: Security Advisory for grafana (SUSE-SU-2023:0362-1)
2024-03-04 00:00:00
Grafana Privilege Escalation Vulnerability (GHSA-rhxj-gh46-jvw8)
2022-10-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1
2023-01-31 00:00:00
veracode
veracode
Information Disclosure
2022-10-17 05:28:39
Authentication Bypass
2022-10-17 08:35:54
Signature Verification Bypass
2022-10-28 00:28:22
alpinelinux
alpinelinux
CVE-2022-31123
2022-10-13 22:15:00
CVE-2022-39229
2022-10-13 23:15:00
CVE-2022-39201
2022-10-13 23:15:00
ibm
ibm
Security Bulletin: IBM Storage Ceph is vulnerable to improper authentication in Grafana (CVE-2022-39229)
2023-11-01 19:38:48
Security Bulletin: IBM Storage Ceph is vulnerable to improper verification of cryptographic signature in Grafana (CVE-2022-31123)
2023-11-01 20:00:15
Security Bulletin: IBM Storage Ceph is vulnerable to exposure of sensitive information to an unauthorized actor in Grafana [CVE-2022-39201]
2023-11-01 19:49:00
github
github
Grafana when using email as a username can block other users from signing in
2024-05-14 22:29:38
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
2024-05-14 22:29:41
Grafana Plugin signature bypass
2024-05-14 22:22:57
cvelist
cvelist
CVE-2022-31123 Grafana plugin signature bypass vulnerability
2022-10-13 00:00:00
CVE-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
2022-10-13 00:00:00
CVE-2022-39229 Grafana users with email as a username can block other users from signing in
2022-10-13 00:00:00
redhatcve
redhatcve
CVE-2022-39201
2022-10-14 05:59:22
CVE-2022-31123
2022-10-14 05:59:20
CVE-2022-39229
2022-10-14 05:59:29
nvd
nvd
CVE-2022-39201
2022-10-13 23:15:10
CVE-2022-31123
2022-10-13 22:15:10
CVE-2022-39229
2022-10-13 23:15:10
ubuntucve
ubuntucve
CVE-2022-39201
2022-10-13 00:00:00
CVE-2022-31123
2022-10-13 00:00:00
CVE-2022-39229
2022-10-13 00:00:00
cve
cve
CVE-2022-39201
2022-10-13 23:15:10
CVE-2022-31123
2022-10-13 22:15:10
CVE-2022-39229
2022-10-13 23:15:10
cgr
cgr
CVE-2022-31123 vulnerabilities
2024-05-19 03:07:16
CVE-2022-39201 vulnerabilities
2024-05-19 03:07:16
CVE-2022-39229 vulnerabilities
2024-05-19 03:07:16
prion
prion
Design/Logic Flaw
2022-10-13 22:15:00
Authentication flaw
2022-10-13 23:15:00
Design/Logic Flaw
2022-10-13 23:15:00
cnvd
cnvd
Grafana Denial of Service Vulnerability
2022-10-14 00:00:00
oraclelinux
oraclelinux
grafana security and enhancement update
2023-11-11 00:00:00
grafana security update
2023-05-24 00:00:00
grafana security and enhancement update
2023-05-15 00:00:00
redhat
redhat
(RHSA-2023:6420) Moderate: grafana security and enhancement update
2023-11-07 06:05:17
(RHSA-2023:2784) Moderate: grafana security update
2023-05-16 05:54:36
(RHSA-2023:2167) Moderate: grafana security and enhancement update
2023-05-09 05:02:10
almalinux
almalinux
Moderate: grafana security and enhancement update
2023-11-07 00:00:00
Moderate: grafana security update
2023-05-16 00:00:00
Moderate: grafana security and enhancement update
2023-05-09 00:00:00
redos
redos
ROS-20240404-01
2024-04-04 00:00:00
wallarmlab
wallarmlab
Q4-2022 API ThreatStatsβ„’ Report
2023-02-22 16:02:55
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

48.4%

JSON
Related for 4E60D660-6298-11ED-9CA2-6C3BE5272ACD
freebsd3osv24nessus17openvas6altlinux1veracode4alpinelinux4ibm5github4cvelist4redhatcve4nvd4ubuntucve4cve4cgr4prion4cnvd1oraclelinux3redhat6almalinux3redos1wallarmlab1oracle1