FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-10-18 08:39:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
fdbe9aec-118b-11ee-908a-6c3be5272acdGrafana -- Account takeover / authentication bypass

Grafana Labs reports:

Grafana validates Azure Active Directory accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants. This can enable a Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant Azure AD OAuth application.

The CVSS score for this vulnerability is 9.4 Critical.


Discovery 2023-06-22
Entry 2023-06-23
grafana
>= 6.7.0 lt 8.5.27

>= 9.0.0 lt 9.2.20

>= 9.3.0 lt 9.3.16

>= 9.4.0 lt 9.4.13

>= 9.5.0 lt 9.5.5

>= 10.0.0 lt 10.0.1

grafana8
< 8.5.27

grafana9
< 9.2.20

>= 9.3.0 lt 9.3.16

>= 9.4.0 lt 9.4.13

>= 9.5.0 lt 9.5.5

grafana10
< 10.0.1

CVE-2023-3128
https://grafana.com/security/security-advisories/cve-2023-3128
6c1de144-056f-11ee-8e16-6c3be5272acdGrafana -- Broken access control: viewer can send test alerts

Grafana Labs reports:

Grafana can allow an attacker in the Viewer role to send alerts by API Alert - Test. This option, however, is not available in the user panel UI for the Viewer role.

The CVSS score for this vulnerability is 4.1 Medium (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N).


Discovery 2023-06-06
Entry 2023-06-07
grafana
>= 8.0.0 lt 8.5.26

>= 9.0.0 lt 9.2.19

>= 9.3.0 lt 9.3.15

>= 9.4.0 lt 9.4.12

>= 9.5.0 lt 9.5.3

grafana8
>= 8.0.0 lt 8.5.26

grafana9
< 9.2.19

>= 9.3.0 lt 9.3.15

>= 9.4.0 lt 9.4.12

>= 9.5.0 lt 9.5.3

CVE-2023-2183
https://grafana.com/security/security-advisories/cve-2023-2183/