Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5719: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-31107: grafana: OAuth account takeover
Red Hat Security Data
#sql#vulnerability#linux#red_hat#oauth#auth#ibm#postgres#sap

Synopsis

Important: grafana security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for
Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

  • grafana: OAuth account takeover (CVE-2022-31107)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2104367 - CVE-2022-31107 grafana: OAuth account takeover

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM

grafana-6.3.6-5.el8_2.src.rpm

SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f

x86_64

grafana-6.3.6-5.el8_2.x86_64.rpm

SHA-256: c0d5af829b8cc8a042209aaab288aff452e4823cde6e7882befef0d9ff3cace9

grafana-azure-monitor-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 76c0039da4604d5906c3d4c07b2af124a4bb6984b18bc7d4f29f15810c41921d

grafana-cloudwatch-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 04db1ab94af8c10be04d8c603cd2ecab8032ad7ad8bdd75089078479f70a5f88

grafana-debuginfo-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 97006dbbc8adcc4a04806322d2910bb4d6a0b1cf0e8a36d84fade553952e5127

grafana-elasticsearch-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 97266dc718db73bad1d3fd2d1cd61f28643388e336c4f2ced929d0fa5f2e4318

grafana-graphite-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 669d9c447007bf1e5a9ad8f6fe7253d739c66b83f791ff32444a9992b8132c54

grafana-influxdb-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 759e02f2a5bcaa318733678c214a257e63245a126d39e85a71e3dacac021f5f0

grafana-loki-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 41f0e2cbcc1c1cc3b249202367490b1452d9fd67be68a69f2877f47044f4d2ba

grafana-mssql-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 6f95e6fcff435200bb9906b03757b31c5107f9e88945b877e9933ab12def79fe

grafana-mysql-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 0c500000cf28e2fe7ccfc5134a82bdd4cf16a2cfdf4444282d6ed08100de837a

grafana-opentsdb-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 52e348ca15a8f3e68b4d6ac5ef9a4c162f9d2707f84bc8be4e921bb9be993d58

grafana-postgres-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 64cd9e031f3dd8162a12b91ca76e426d2ce7122ad26d306f22f72ad6ff993636

grafana-prometheus-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 233f836fc1976b219aee7dd6fddd80ac2582db877ed0ceeda046b02cb6c6b2fa

grafana-stackdriver-6.3.6-5.el8_2.x86_64.rpm

SHA-256: fe5bcb9ee3b1e093850034b5b571348f7ab7529c5d0c515e2d989b35f0527752

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

grafana-6.3.6-5.el8_2.src.rpm

SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f

x86_64

grafana-6.3.6-5.el8_2.x86_64.rpm

SHA-256: c0d5af829b8cc8a042209aaab288aff452e4823cde6e7882befef0d9ff3cace9

grafana-azure-monitor-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 76c0039da4604d5906c3d4c07b2af124a4bb6984b18bc7d4f29f15810c41921d

grafana-cloudwatch-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 04db1ab94af8c10be04d8c603cd2ecab8032ad7ad8bdd75089078479f70a5f88

grafana-debuginfo-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 97006dbbc8adcc4a04806322d2910bb4d6a0b1cf0e8a36d84fade553952e5127

grafana-elasticsearch-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 97266dc718db73bad1d3fd2d1cd61f28643388e336c4f2ced929d0fa5f2e4318

grafana-graphite-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 669d9c447007bf1e5a9ad8f6fe7253d739c66b83f791ff32444a9992b8132c54

grafana-influxdb-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 759e02f2a5bcaa318733678c214a257e63245a126d39e85a71e3dacac021f5f0

grafana-loki-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 41f0e2cbcc1c1cc3b249202367490b1452d9fd67be68a69f2877f47044f4d2ba

grafana-mssql-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 6f95e6fcff435200bb9906b03757b31c5107f9e88945b877e9933ab12def79fe

grafana-mysql-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 0c500000cf28e2fe7ccfc5134a82bdd4cf16a2cfdf4444282d6ed08100de837a

grafana-opentsdb-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 52e348ca15a8f3e68b4d6ac5ef9a4c162f9d2707f84bc8be4e921bb9be993d58

grafana-postgres-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 64cd9e031f3dd8162a12b91ca76e426d2ce7122ad26d306f22f72ad6ff993636

grafana-prometheus-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 233f836fc1976b219aee7dd6fddd80ac2582db877ed0ceeda046b02cb6c6b2fa

grafana-stackdriver-6.3.6-5.el8_2.x86_64.rpm

SHA-256: fe5bcb9ee3b1e093850034b5b571348f7ab7529c5d0c515e2d989b35f0527752

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM

grafana-6.3.6-5.el8_2.src.rpm

SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f

s390x

grafana-6.3.6-5.el8_2.s390x.rpm

SHA-256: b9599b1a11c2f8c6a9c43cb5ab9f1db7ebdacbacf786dea2873329504187f57b

grafana-azure-monitor-6.3.6-5.el8_2.s390x.rpm

SHA-256: f29268f9db4374e34d62f4da4a667fef1dd17fadb5515329d32a7012241fc512

grafana-cloudwatch-6.3.6-5.el8_2.s390x.rpm

SHA-256: ca40eb3f70bc4944af8ba598b2d66de960989c7da9385a179784126d885c1a05

grafana-debuginfo-6.3.6-5.el8_2.s390x.rpm

SHA-256: 35097a84be08859a14b5afa5de9561f988f4b53b2b018eba9062cc01e2f66d35

grafana-elasticsearch-6.3.6-5.el8_2.s390x.rpm

SHA-256: ac3191305fbab4496b2998d155ebe63d9ac3f7b153f82c0a343b97a81278ad7b

grafana-graphite-6.3.6-5.el8_2.s390x.rpm

SHA-256: a96642484ed771afe62f738edffa838b5242fef6b9c0063452b33b894c559ec3

grafana-influxdb-6.3.6-5.el8_2.s390x.rpm

SHA-256: 3dbbe99a5e762706f4daf0463a7289c2470f75c9f4ca284a99a3f308a3ebe683

grafana-loki-6.3.6-5.el8_2.s390x.rpm

SHA-256: d984cd4c8a7cf7d5fdc88f19dce3aa9346e22f11b6a3e10fa96ccef18aa311d2

grafana-mssql-6.3.6-5.el8_2.s390x.rpm

SHA-256: be13091f7b71389466c97c7731de58f26d1e97bb8ead65fbdcd5d947ac590bf0

grafana-mysql-6.3.6-5.el8_2.s390x.rpm

SHA-256: 6be671572d7cfffe3c3e32f202082327fa2174ba85f1cd1d754491da906e85f3

grafana-opentsdb-6.3.6-5.el8_2.s390x.rpm

SHA-256: 0205368a458bc95d8855bf1a3256bbd8d8dc2f9daf4c88b14fa10c5e285bfded

grafana-postgres-6.3.6-5.el8_2.s390x.rpm

SHA-256: 278b293d3e6f9a708b182c0469666a9ee7742a5e4c3cc3c5850ee152bffa7633

grafana-prometheus-6.3.6-5.el8_2.s390x.rpm

SHA-256: 8fa5eb67d31cea1ac8062a153d0d416225a5dc0d67b5d2107a724b45642fed8c

grafana-stackdriver-6.3.6-5.el8_2.s390x.rpm

SHA-256: 99efafbd72bf82723c0c5348bc3aa6755d2a26fe5a3989055e28b1558366e52a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM

grafana-6.3.6-5.el8_2.src.rpm

SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f

ppc64le

grafana-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: cb6f5b046b3e0c325601599f0cb82e86ba38b4ebdf8fe747989baa730324c55a

grafana-azure-monitor-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 7fa1b9a847d8e934c2592078c7646ed90432a2ffc5e91a6a62b6d16ebf3189c0

grafana-cloudwatch-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 11e36735e4e271da1bccfec3e95f43ee789433f6025221f688296ca0423b29de

grafana-debuginfo-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: f044f9fd62e7c801da82355dfcbe8e0b12562fe50919d53b5d57801942b3f05e

grafana-elasticsearch-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 263b945ca8af3f21c8bf0f2fb5619cce41c7b3c58aef384b34a46320feec1d25

grafana-graphite-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: e7449ca285bbde0856c1c5904abc8b3f9ee733dfebf7f884ac7f9a9b1bff65bb

grafana-influxdb-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 60b8f894cc2a72a9d0918bf1873fb3c170a65a8c7d6c0b3edf1a2df4372738fa

grafana-loki-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: f1853bfa6db1800d9bdace57a313beb05f5e26b6faccb5e1cce019494a31aec6

grafana-mssql-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 61beac85c2a2a2c2aed667c303eb9d92f522d97661c97330a071fbf03ae720a3

grafana-mysql-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: b52b03852b2f04f0fff6683970eed5ecde8018cb44660112252cc1d389b74f3c

grafana-opentsdb-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 141f13690a9a5905ceb24d37bf21b1843872ce40acb71cddd89b11b8fceeaa91

grafana-postgres-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 8a6da96fb3674f5950a2b0385520ddc4841cfc55aba80a3c3ca76b5c2df6e45a

grafana-prometheus-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 6c69a472be0ac56991cd15a2a0e48b91da82811d6543b39e5589860d17f99399

grafana-stackdriver-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: d8f3fd8545edc28bd2fac6b54864bb529409a621eb307904d028f166295175cf

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

grafana-6.3.6-5.el8_2.src.rpm

SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f

x86_64

grafana-6.3.6-5.el8_2.x86_64.rpm

SHA-256: c0d5af829b8cc8a042209aaab288aff452e4823cde6e7882befef0d9ff3cace9

grafana-azure-monitor-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 76c0039da4604d5906c3d4c07b2af124a4bb6984b18bc7d4f29f15810c41921d

grafana-cloudwatch-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 04db1ab94af8c10be04d8c603cd2ecab8032ad7ad8bdd75089078479f70a5f88

grafana-debuginfo-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 97006dbbc8adcc4a04806322d2910bb4d6a0b1cf0e8a36d84fade553952e5127

grafana-elasticsearch-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 97266dc718db73bad1d3fd2d1cd61f28643388e336c4f2ced929d0fa5f2e4318

grafana-graphite-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 669d9c447007bf1e5a9ad8f6fe7253d739c66b83f791ff32444a9992b8132c54

grafana-influxdb-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 759e02f2a5bcaa318733678c214a257e63245a126d39e85a71e3dacac021f5f0

grafana-loki-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 41f0e2cbcc1c1cc3b249202367490b1452d9fd67be68a69f2877f47044f4d2ba

grafana-mssql-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 6f95e6fcff435200bb9906b03757b31c5107f9e88945b877e9933ab12def79fe

grafana-mysql-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 0c500000cf28e2fe7ccfc5134a82bdd4cf16a2cfdf4444282d6ed08100de837a

grafana-opentsdb-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 52e348ca15a8f3e68b4d6ac5ef9a4c162f9d2707f84bc8be4e921bb9be993d58

grafana-postgres-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 64cd9e031f3dd8162a12b91ca76e426d2ce7122ad26d306f22f72ad6ff993636

grafana-prometheus-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 233f836fc1976b219aee7dd6fddd80ac2582db877ed0ceeda046b02cb6c6b2fa

grafana-stackdriver-6.3.6-5.el8_2.x86_64.rpm

SHA-256: fe5bcb9ee3b1e093850034b5b571348f7ab7529c5d0c515e2d989b35f0527752

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM

grafana-6.3.6-5.el8_2.src.rpm

SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f

aarch64

grafana-6.3.6-5.el8_2.aarch64.rpm

SHA-256: 15f7dcfb69f620858788ef94ebccb665219a3d76ae7ab4d24538fce82a0d08f9

grafana-azure-monitor-6.3.6-5.el8_2.aarch64.rpm

SHA-256: e2e6af35b71bc31010b770bdb889aaffec1434e8837f155796bf87537e3c1924

grafana-cloudwatch-6.3.6-5.el8_2.aarch64.rpm

SHA-256: 9b21ad6fc937c2b5d5b242112b5d3bb6348a2649ab18a95a4d6d96fd514812b9

grafana-debuginfo-6.3.6-5.el8_2.aarch64.rpm

SHA-256: 875ead6f8633d9e299d0f9b13e12ec1234d2a4827e40a20a764047d8a74a8c3c

grafana-elasticsearch-6.3.6-5.el8_2.aarch64.rpm

SHA-256: 912de26d7180f9aa507c01259aa8816633c6ce5b3a77de4ab95130c0a6cc8be9

grafana-graphite-6.3.6-5.el8_2.aarch64.rpm

SHA-256: 7a7a3d0fdb64ba1450519bdc8dfd78f649d1d1098946f44ef8ffd59143ff740e

grafana-influxdb-6.3.6-5.el8_2.aarch64.rpm

SHA-256: 24f7e1e02d96580ce8a2ae2ced82175be93327d83b3004fb24be5602bd750bdf

grafana-loki-6.3.6-5.el8_2.aarch64.rpm

SHA-256: 1001cc541bb8528f173152264195b88fa6769233eb98cd838693fe3f925bafa9

grafana-mssql-6.3.6-5.el8_2.aarch64.rpm

SHA-256: 284cfcd9fa6066b003609e4f174b86fec5ba0bc9aa780f7f2e060d5decfb5941

grafana-mysql-6.3.6-5.el8_2.aarch64.rpm

SHA-256: ccf16ffb34a8aeecdf282d6c8b328cbb7500398167c34700b1512222b1610126

grafana-opentsdb-6.3.6-5.el8_2.aarch64.rpm

SHA-256: 0ca8d84c0007d354614f6cb27f3d6f527839ea7e287c623fffde38de393f8c17

grafana-postgres-6.3.6-5.el8_2.aarch64.rpm

SHA-256: c499287595d07a172c25c05a7e78ec70a5b6b4e296cf4c8c4ee5721e205cf04e

grafana-prometheus-6.3.6-5.el8_2.aarch64.rpm

SHA-256: ce2dfa26ff5a9b2e25b47ede5d25a8ebbfd3d517c2e9f20645487e682313cebe

grafana-stackdriver-6.3.6-5.el8_2.aarch64.rpm

SHA-256: 647e2d9b73b5f78c95713befec26f4f61d89c35b956ddfc3a98a2f5755e8fb41

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

grafana-6.3.6-5.el8_2.src.rpm

SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f

ppc64le

grafana-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: cb6f5b046b3e0c325601599f0cb82e86ba38b4ebdf8fe747989baa730324c55a

grafana-azure-monitor-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 7fa1b9a847d8e934c2592078c7646ed90432a2ffc5e91a6a62b6d16ebf3189c0

grafana-cloudwatch-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 11e36735e4e271da1bccfec3e95f43ee789433f6025221f688296ca0423b29de

grafana-debuginfo-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: f044f9fd62e7c801da82355dfcbe8e0b12562fe50919d53b5d57801942b3f05e

grafana-elasticsearch-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 263b945ca8af3f21c8bf0f2fb5619cce41c7b3c58aef384b34a46320feec1d25

grafana-graphite-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: e7449ca285bbde0856c1c5904abc8b3f9ee733dfebf7f884ac7f9a9b1bff65bb

grafana-influxdb-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 60b8f894cc2a72a9d0918bf1873fb3c170a65a8c7d6c0b3edf1a2df4372738fa

grafana-loki-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: f1853bfa6db1800d9bdace57a313beb05f5e26b6faccb5e1cce019494a31aec6

grafana-mssql-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 61beac85c2a2a2c2aed667c303eb9d92f522d97661c97330a071fbf03ae720a3

grafana-mysql-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: b52b03852b2f04f0fff6683970eed5ecde8018cb44660112252cc1d389b74f3c

grafana-opentsdb-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 141f13690a9a5905ceb24d37bf21b1843872ce40acb71cddd89b11b8fceeaa91

grafana-postgres-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 8a6da96fb3674f5950a2b0385520ddc4841cfc55aba80a3c3ca76b5c2df6e45a

grafana-prometheus-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: 6c69a472be0ac56991cd15a2a0e48b91da82811d6543b39e5589860d17f99399

grafana-stackdriver-6.3.6-5.el8_2.ppc64le.rpm

SHA-256: d8f3fd8545edc28bd2fac6b54864bb529409a621eb307904d028f166295175cf

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

grafana-6.3.6-5.el8_2.src.rpm

SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f

x86_64

grafana-6.3.6-5.el8_2.x86_64.rpm

SHA-256: c0d5af829b8cc8a042209aaab288aff452e4823cde6e7882befef0d9ff3cace9

grafana-azure-monitor-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 76c0039da4604d5906c3d4c07b2af124a4bb6984b18bc7d4f29f15810c41921d

grafana-cloudwatch-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 04db1ab94af8c10be04d8c603cd2ecab8032ad7ad8bdd75089078479f70a5f88

grafana-debuginfo-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 97006dbbc8adcc4a04806322d2910bb4d6a0b1cf0e8a36d84fade553952e5127

grafana-elasticsearch-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 97266dc718db73bad1d3fd2d1cd61f28643388e336c4f2ced929d0fa5f2e4318

grafana-graphite-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 669d9c447007bf1e5a9ad8f6fe7253d739c66b83f791ff32444a9992b8132c54

grafana-influxdb-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 759e02f2a5bcaa318733678c214a257e63245a126d39e85a71e3dacac021f5f0

grafana-loki-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 41f0e2cbcc1c1cc3b249202367490b1452d9fd67be68a69f2877f47044f4d2ba

grafana-mssql-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 6f95e6fcff435200bb9906b03757b31c5107f9e88945b877e9933ab12def79fe

grafana-mysql-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 0c500000cf28e2fe7ccfc5134a82bdd4cf16a2cfdf4444282d6ed08100de837a

grafana-opentsdb-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 52e348ca15a8f3e68b4d6ac5ef9a4c162f9d2707f84bc8be4e921bb9be993d58

grafana-postgres-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 64cd9e031f3dd8162a12b91ca76e426d2ce7122ad26d306f22f72ad6ff993636

grafana-prometheus-6.3.6-5.el8_2.x86_64.rpm

SHA-256: 233f836fc1976b219aee7dd6fddd80ac2582db877ed0ceeda046b02cb6c6b2fa

grafana-stackdriver-6.3.6-5.el8_2.x86_64.rpm

SHA-256: fe5bcb9ee3b1e093850034b5b571348f7ab7529c5d0c515e2d989b35f0527752

Related news

GHSA-mx47-6497-3fv2: Grafana account takeover via OAuth vulnerability

Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for an Oauth takeover vulnerability in Grafana. Release v.9.0.3, containing this security fix and other patches: - [Download Grafana 9.0.3](https://grafana.com/grafana/download/9.0.3) - [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/) Release v.8.5.9, containing this security fix and other fixes: - [Download Grafana 8.5.9](https://grafana.com/grafana/download/8.5.9) - [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/) Release v.8.4.10, containing this security fix and other fixes: - [Download Grafana 8.4.10](https://grafana.com/grafana/download/8.4.10) - [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/) Release v.8.3.10, containing this security fix and other fixes: - [Download Grafana 8.3.10](https://grafana.com/grafana/download/8.3.10) #...

Red Hat Security Advisory 2023-3642-01

Red Hat Security Advisory 2023-3642-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, denial of service, information leakage, spoofing, and traversal vulnerabilities.

RHSA-2023:3642: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update

A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application. * CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following messa...

Red Hat Security Advisory 2022-8057-01

Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

RHSA-2022:8057: Red Hat Security Advisory: grafana security, bug fix, and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23648: sanitize-url: XSS due to improper sanitization in sanitizeUrl function * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources * CVE-2022-216...

Red Hat Security Advisory 2022-6283-01

Red Hat Security Advisory 2022-6283-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.

RHSA-2022:6283: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.2 Containers security update

Red Hat OpenShift Service Mesh 2.2.2 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635: golang: encoding/gob: stack...

Red Hat Security Advisory 2022-5718-01

Red Hat Security Advisory 2022-5718-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Red Hat Security Advisory 2022-5719-01

Red Hat Security Advisory 2022-5719-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

RHSA-2022:5717: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31107: grafana: OAuth account takeover

RHSA-2022:5718: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31107: grafana: OAuth account takeover

RHSA-2022:5716: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31107: grafana: OAuth account takeover

RHSA-2022:5720: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31107: grafana: OAuth account takeover

Grafana patches vulnerability that could lead to admin account takeover

Open source analytics platform fixes bug that could lead to authentication bypass, privilege escalation

CVE-2022-31107: Release notes for Grafana 8.4.10

Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will...

CVE-2020-11110: grafana/CHANGELOG.md at main · grafana/grafana

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.