Headline
RHSA-2022:5719: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-31107: grafana: OAuth account takeover
Synopsis
Important: grafana security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for grafana is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Description
Grafana is an open source, feature rich metrics dashboard and graph editor for
Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
- grafana: OAuth account takeover (CVE-2022-31107)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2104367 - CVE-2022-31107 grafana: OAuth account takeover
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2
SRPM
grafana-6.3.6-5.el8_2.src.rpm
SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f
x86_64
grafana-6.3.6-5.el8_2.x86_64.rpm
SHA-256: c0d5af829b8cc8a042209aaab288aff452e4823cde6e7882befef0d9ff3cace9
grafana-azure-monitor-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 76c0039da4604d5906c3d4c07b2af124a4bb6984b18bc7d4f29f15810c41921d
grafana-cloudwatch-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 04db1ab94af8c10be04d8c603cd2ecab8032ad7ad8bdd75089078479f70a5f88
grafana-debuginfo-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 97006dbbc8adcc4a04806322d2910bb4d6a0b1cf0e8a36d84fade553952e5127
grafana-elasticsearch-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 97266dc718db73bad1d3fd2d1cd61f28643388e336c4f2ced929d0fa5f2e4318
grafana-graphite-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 669d9c447007bf1e5a9ad8f6fe7253d739c66b83f791ff32444a9992b8132c54
grafana-influxdb-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 759e02f2a5bcaa318733678c214a257e63245a126d39e85a71e3dacac021f5f0
grafana-loki-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 41f0e2cbcc1c1cc3b249202367490b1452d9fd67be68a69f2877f47044f4d2ba
grafana-mssql-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 6f95e6fcff435200bb9906b03757b31c5107f9e88945b877e9933ab12def79fe
grafana-mysql-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 0c500000cf28e2fe7ccfc5134a82bdd4cf16a2cfdf4444282d6ed08100de837a
grafana-opentsdb-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 52e348ca15a8f3e68b4d6ac5ef9a4c162f9d2707f84bc8be4e921bb9be993d58
grafana-postgres-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 64cd9e031f3dd8162a12b91ca76e426d2ce7122ad26d306f22f72ad6ff993636
grafana-prometheus-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 233f836fc1976b219aee7dd6fddd80ac2582db877ed0ceeda046b02cb6c6b2fa
grafana-stackdriver-6.3.6-5.el8_2.x86_64.rpm
SHA-256: fe5bcb9ee3b1e093850034b5b571348f7ab7529c5d0c515e2d989b35f0527752
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
grafana-6.3.6-5.el8_2.src.rpm
SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f
x86_64
grafana-6.3.6-5.el8_2.x86_64.rpm
SHA-256: c0d5af829b8cc8a042209aaab288aff452e4823cde6e7882befef0d9ff3cace9
grafana-azure-monitor-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 76c0039da4604d5906c3d4c07b2af124a4bb6984b18bc7d4f29f15810c41921d
grafana-cloudwatch-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 04db1ab94af8c10be04d8c603cd2ecab8032ad7ad8bdd75089078479f70a5f88
grafana-debuginfo-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 97006dbbc8adcc4a04806322d2910bb4d6a0b1cf0e8a36d84fade553952e5127
grafana-elasticsearch-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 97266dc718db73bad1d3fd2d1cd61f28643388e336c4f2ced929d0fa5f2e4318
grafana-graphite-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 669d9c447007bf1e5a9ad8f6fe7253d739c66b83f791ff32444a9992b8132c54
grafana-influxdb-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 759e02f2a5bcaa318733678c214a257e63245a126d39e85a71e3dacac021f5f0
grafana-loki-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 41f0e2cbcc1c1cc3b249202367490b1452d9fd67be68a69f2877f47044f4d2ba
grafana-mssql-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 6f95e6fcff435200bb9906b03757b31c5107f9e88945b877e9933ab12def79fe
grafana-mysql-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 0c500000cf28e2fe7ccfc5134a82bdd4cf16a2cfdf4444282d6ed08100de837a
grafana-opentsdb-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 52e348ca15a8f3e68b4d6ac5ef9a4c162f9d2707f84bc8be4e921bb9be993d58
grafana-postgres-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 64cd9e031f3dd8162a12b91ca76e426d2ce7122ad26d306f22f72ad6ff993636
grafana-prometheus-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 233f836fc1976b219aee7dd6fddd80ac2582db877ed0ceeda046b02cb6c6b2fa
grafana-stackdriver-6.3.6-5.el8_2.x86_64.rpm
SHA-256: fe5bcb9ee3b1e093850034b5b571348f7ab7529c5d0c515e2d989b35f0527752
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2
SRPM
grafana-6.3.6-5.el8_2.src.rpm
SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f
s390x
grafana-6.3.6-5.el8_2.s390x.rpm
SHA-256: b9599b1a11c2f8c6a9c43cb5ab9f1db7ebdacbacf786dea2873329504187f57b
grafana-azure-monitor-6.3.6-5.el8_2.s390x.rpm
SHA-256: f29268f9db4374e34d62f4da4a667fef1dd17fadb5515329d32a7012241fc512
grafana-cloudwatch-6.3.6-5.el8_2.s390x.rpm
SHA-256: ca40eb3f70bc4944af8ba598b2d66de960989c7da9385a179784126d885c1a05
grafana-debuginfo-6.3.6-5.el8_2.s390x.rpm
SHA-256: 35097a84be08859a14b5afa5de9561f988f4b53b2b018eba9062cc01e2f66d35
grafana-elasticsearch-6.3.6-5.el8_2.s390x.rpm
SHA-256: ac3191305fbab4496b2998d155ebe63d9ac3f7b153f82c0a343b97a81278ad7b
grafana-graphite-6.3.6-5.el8_2.s390x.rpm
SHA-256: a96642484ed771afe62f738edffa838b5242fef6b9c0063452b33b894c559ec3
grafana-influxdb-6.3.6-5.el8_2.s390x.rpm
SHA-256: 3dbbe99a5e762706f4daf0463a7289c2470f75c9f4ca284a99a3f308a3ebe683
grafana-loki-6.3.6-5.el8_2.s390x.rpm
SHA-256: d984cd4c8a7cf7d5fdc88f19dce3aa9346e22f11b6a3e10fa96ccef18aa311d2
grafana-mssql-6.3.6-5.el8_2.s390x.rpm
SHA-256: be13091f7b71389466c97c7731de58f26d1e97bb8ead65fbdcd5d947ac590bf0
grafana-mysql-6.3.6-5.el8_2.s390x.rpm
SHA-256: 6be671572d7cfffe3c3e32f202082327fa2174ba85f1cd1d754491da906e85f3
grafana-opentsdb-6.3.6-5.el8_2.s390x.rpm
SHA-256: 0205368a458bc95d8855bf1a3256bbd8d8dc2f9daf4c88b14fa10c5e285bfded
grafana-postgres-6.3.6-5.el8_2.s390x.rpm
SHA-256: 278b293d3e6f9a708b182c0469666a9ee7742a5e4c3cc3c5850ee152bffa7633
grafana-prometheus-6.3.6-5.el8_2.s390x.rpm
SHA-256: 8fa5eb67d31cea1ac8062a153d0d416225a5dc0d67b5d2107a724b45642fed8c
grafana-stackdriver-6.3.6-5.el8_2.s390x.rpm
SHA-256: 99efafbd72bf82723c0c5348bc3aa6755d2a26fe5a3989055e28b1558366e52a
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2
SRPM
grafana-6.3.6-5.el8_2.src.rpm
SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f
ppc64le
grafana-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: cb6f5b046b3e0c325601599f0cb82e86ba38b4ebdf8fe747989baa730324c55a
grafana-azure-monitor-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 7fa1b9a847d8e934c2592078c7646ed90432a2ffc5e91a6a62b6d16ebf3189c0
grafana-cloudwatch-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 11e36735e4e271da1bccfec3e95f43ee789433f6025221f688296ca0423b29de
grafana-debuginfo-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: f044f9fd62e7c801da82355dfcbe8e0b12562fe50919d53b5d57801942b3f05e
grafana-elasticsearch-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 263b945ca8af3f21c8bf0f2fb5619cce41c7b3c58aef384b34a46320feec1d25
grafana-graphite-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: e7449ca285bbde0856c1c5904abc8b3f9ee733dfebf7f884ac7f9a9b1bff65bb
grafana-influxdb-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 60b8f894cc2a72a9d0918bf1873fb3c170a65a8c7d6c0b3edf1a2df4372738fa
grafana-loki-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: f1853bfa6db1800d9bdace57a313beb05f5e26b6faccb5e1cce019494a31aec6
grafana-mssql-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 61beac85c2a2a2c2aed667c303eb9d92f522d97661c97330a071fbf03ae720a3
grafana-mysql-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: b52b03852b2f04f0fff6683970eed5ecde8018cb44660112252cc1d389b74f3c
grafana-opentsdb-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 141f13690a9a5905ceb24d37bf21b1843872ce40acb71cddd89b11b8fceeaa91
grafana-postgres-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 8a6da96fb3674f5950a2b0385520ddc4841cfc55aba80a3c3ca76b5c2df6e45a
grafana-prometheus-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 6c69a472be0ac56991cd15a2a0e48b91da82811d6543b39e5589860d17f99399
grafana-stackdriver-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: d8f3fd8545edc28bd2fac6b54864bb529409a621eb307904d028f166295175cf
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
grafana-6.3.6-5.el8_2.src.rpm
SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f
x86_64
grafana-6.3.6-5.el8_2.x86_64.rpm
SHA-256: c0d5af829b8cc8a042209aaab288aff452e4823cde6e7882befef0d9ff3cace9
grafana-azure-monitor-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 76c0039da4604d5906c3d4c07b2af124a4bb6984b18bc7d4f29f15810c41921d
grafana-cloudwatch-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 04db1ab94af8c10be04d8c603cd2ecab8032ad7ad8bdd75089078479f70a5f88
grafana-debuginfo-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 97006dbbc8adcc4a04806322d2910bb4d6a0b1cf0e8a36d84fade553952e5127
grafana-elasticsearch-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 97266dc718db73bad1d3fd2d1cd61f28643388e336c4f2ced929d0fa5f2e4318
grafana-graphite-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 669d9c447007bf1e5a9ad8f6fe7253d739c66b83f791ff32444a9992b8132c54
grafana-influxdb-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 759e02f2a5bcaa318733678c214a257e63245a126d39e85a71e3dacac021f5f0
grafana-loki-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 41f0e2cbcc1c1cc3b249202367490b1452d9fd67be68a69f2877f47044f4d2ba
grafana-mssql-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 6f95e6fcff435200bb9906b03757b31c5107f9e88945b877e9933ab12def79fe
grafana-mysql-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 0c500000cf28e2fe7ccfc5134a82bdd4cf16a2cfdf4444282d6ed08100de837a
grafana-opentsdb-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 52e348ca15a8f3e68b4d6ac5ef9a4c162f9d2707f84bc8be4e921bb9be993d58
grafana-postgres-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 64cd9e031f3dd8162a12b91ca76e426d2ce7122ad26d306f22f72ad6ff993636
grafana-prometheus-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 233f836fc1976b219aee7dd6fddd80ac2582db877ed0ceeda046b02cb6c6b2fa
grafana-stackdriver-6.3.6-5.el8_2.x86_64.rpm
SHA-256: fe5bcb9ee3b1e093850034b5b571348f7ab7529c5d0c515e2d989b35f0527752
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2
SRPM
grafana-6.3.6-5.el8_2.src.rpm
SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f
aarch64
grafana-6.3.6-5.el8_2.aarch64.rpm
SHA-256: 15f7dcfb69f620858788ef94ebccb665219a3d76ae7ab4d24538fce82a0d08f9
grafana-azure-monitor-6.3.6-5.el8_2.aarch64.rpm
SHA-256: e2e6af35b71bc31010b770bdb889aaffec1434e8837f155796bf87537e3c1924
grafana-cloudwatch-6.3.6-5.el8_2.aarch64.rpm
SHA-256: 9b21ad6fc937c2b5d5b242112b5d3bb6348a2649ab18a95a4d6d96fd514812b9
grafana-debuginfo-6.3.6-5.el8_2.aarch64.rpm
SHA-256: 875ead6f8633d9e299d0f9b13e12ec1234d2a4827e40a20a764047d8a74a8c3c
grafana-elasticsearch-6.3.6-5.el8_2.aarch64.rpm
SHA-256: 912de26d7180f9aa507c01259aa8816633c6ce5b3a77de4ab95130c0a6cc8be9
grafana-graphite-6.3.6-5.el8_2.aarch64.rpm
SHA-256: 7a7a3d0fdb64ba1450519bdc8dfd78f649d1d1098946f44ef8ffd59143ff740e
grafana-influxdb-6.3.6-5.el8_2.aarch64.rpm
SHA-256: 24f7e1e02d96580ce8a2ae2ced82175be93327d83b3004fb24be5602bd750bdf
grafana-loki-6.3.6-5.el8_2.aarch64.rpm
SHA-256: 1001cc541bb8528f173152264195b88fa6769233eb98cd838693fe3f925bafa9
grafana-mssql-6.3.6-5.el8_2.aarch64.rpm
SHA-256: 284cfcd9fa6066b003609e4f174b86fec5ba0bc9aa780f7f2e060d5decfb5941
grafana-mysql-6.3.6-5.el8_2.aarch64.rpm
SHA-256: ccf16ffb34a8aeecdf282d6c8b328cbb7500398167c34700b1512222b1610126
grafana-opentsdb-6.3.6-5.el8_2.aarch64.rpm
SHA-256: 0ca8d84c0007d354614f6cb27f3d6f527839ea7e287c623fffde38de393f8c17
grafana-postgres-6.3.6-5.el8_2.aarch64.rpm
SHA-256: c499287595d07a172c25c05a7e78ec70a5b6b4e296cf4c8c4ee5721e205cf04e
grafana-prometheus-6.3.6-5.el8_2.aarch64.rpm
SHA-256: ce2dfa26ff5a9b2e25b47ede5d25a8ebbfd3d517c2e9f20645487e682313cebe
grafana-stackdriver-6.3.6-5.el8_2.aarch64.rpm
SHA-256: 647e2d9b73b5f78c95713befec26f4f61d89c35b956ddfc3a98a2f5755e8fb41
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
grafana-6.3.6-5.el8_2.src.rpm
SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f
ppc64le
grafana-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: cb6f5b046b3e0c325601599f0cb82e86ba38b4ebdf8fe747989baa730324c55a
grafana-azure-monitor-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 7fa1b9a847d8e934c2592078c7646ed90432a2ffc5e91a6a62b6d16ebf3189c0
grafana-cloudwatch-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 11e36735e4e271da1bccfec3e95f43ee789433f6025221f688296ca0423b29de
grafana-debuginfo-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: f044f9fd62e7c801da82355dfcbe8e0b12562fe50919d53b5d57801942b3f05e
grafana-elasticsearch-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 263b945ca8af3f21c8bf0f2fb5619cce41c7b3c58aef384b34a46320feec1d25
grafana-graphite-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: e7449ca285bbde0856c1c5904abc8b3f9ee733dfebf7f884ac7f9a9b1bff65bb
grafana-influxdb-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 60b8f894cc2a72a9d0918bf1873fb3c170a65a8c7d6c0b3edf1a2df4372738fa
grafana-loki-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: f1853bfa6db1800d9bdace57a313beb05f5e26b6faccb5e1cce019494a31aec6
grafana-mssql-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 61beac85c2a2a2c2aed667c303eb9d92f522d97661c97330a071fbf03ae720a3
grafana-mysql-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: b52b03852b2f04f0fff6683970eed5ecde8018cb44660112252cc1d389b74f3c
grafana-opentsdb-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 141f13690a9a5905ceb24d37bf21b1843872ce40acb71cddd89b11b8fceeaa91
grafana-postgres-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 8a6da96fb3674f5950a2b0385520ddc4841cfc55aba80a3c3ca76b5c2df6e45a
grafana-prometheus-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: 6c69a472be0ac56991cd15a2a0e48b91da82811d6543b39e5589860d17f99399
grafana-stackdriver-6.3.6-5.el8_2.ppc64le.rpm
SHA-256: d8f3fd8545edc28bd2fac6b54864bb529409a621eb307904d028f166295175cf
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
grafana-6.3.6-5.el8_2.src.rpm
SHA-256: 3fa379476243361a2411f8b62aa8d108889a62ef5d844145c7f6a4624ca4db1f
x86_64
grafana-6.3.6-5.el8_2.x86_64.rpm
SHA-256: c0d5af829b8cc8a042209aaab288aff452e4823cde6e7882befef0d9ff3cace9
grafana-azure-monitor-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 76c0039da4604d5906c3d4c07b2af124a4bb6984b18bc7d4f29f15810c41921d
grafana-cloudwatch-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 04db1ab94af8c10be04d8c603cd2ecab8032ad7ad8bdd75089078479f70a5f88
grafana-debuginfo-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 97006dbbc8adcc4a04806322d2910bb4d6a0b1cf0e8a36d84fade553952e5127
grafana-elasticsearch-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 97266dc718db73bad1d3fd2d1cd61f28643388e336c4f2ced929d0fa5f2e4318
grafana-graphite-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 669d9c447007bf1e5a9ad8f6fe7253d739c66b83f791ff32444a9992b8132c54
grafana-influxdb-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 759e02f2a5bcaa318733678c214a257e63245a126d39e85a71e3dacac021f5f0
grafana-loki-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 41f0e2cbcc1c1cc3b249202367490b1452d9fd67be68a69f2877f47044f4d2ba
grafana-mssql-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 6f95e6fcff435200bb9906b03757b31c5107f9e88945b877e9933ab12def79fe
grafana-mysql-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 0c500000cf28e2fe7ccfc5134a82bdd4cf16a2cfdf4444282d6ed08100de837a
grafana-opentsdb-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 52e348ca15a8f3e68b4d6ac5ef9a4c162f9d2707f84bc8be4e921bb9be993d58
grafana-postgres-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 64cd9e031f3dd8162a12b91ca76e426d2ce7122ad26d306f22f72ad6ff993636
grafana-prometheus-6.3.6-5.el8_2.x86_64.rpm
SHA-256: 233f836fc1976b219aee7dd6fddd80ac2582db877ed0ceeda046b02cb6c6b2fa
grafana-stackdriver-6.3.6-5.el8_2.x86_64.rpm
SHA-256: fe5bcb9ee3b1e093850034b5b571348f7ab7529c5d0c515e2d989b35f0527752
Related news
Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for an Oauth takeover vulnerability in Grafana. Release v.9.0.3, containing this security fix and other patches: - [Download Grafana 9.0.3](https://grafana.com/grafana/download/9.0.3) - [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/) Release v.8.5.9, containing this security fix and other fixes: - [Download Grafana 8.5.9](https://grafana.com/grafana/download/8.5.9) - [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/) Release v.8.4.10, containing this security fix and other fixes: - [Download Grafana 8.4.10](https://grafana.com/grafana/download/8.4.10) - [Release notes](https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/) Release v.8.3.10, containing this security fix and other fixes: - [Download Grafana 8.3.10](https://grafana.com/grafana/download/8.3.10) #...
Red Hat Security Advisory 2023-3642-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, denial of service, information leakage, spoofing, and traversal vulnerabilities.
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application. * CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following messa...
Red Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23648: sanitize-url: XSS due to improper sanitization in sanitizeUrl function * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources * CVE-2022-216...
Red Hat Security Advisory 2022-6283-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.
Red Hat OpenShift Service Mesh 2.2.2 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635: golang: encoding/gob: stack...
Red Hat Security Advisory 2022-5718-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Red Hat Security Advisory 2022-5719-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31107: grafana: OAuth account takeover
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31107: grafana: OAuth account takeover
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31107: grafana: OAuth account takeover
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31107: grafana: OAuth account takeover
Open source analytics platform fixes bug that could lead to authentication bypass, privilege escalation
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will...
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.