FreeBSD Bugzilla – Attachment 236260 Details for
Bug 266128
www/grafana{8,9}: Update to 8.5.11 and 9.1.2 (Fixes security vulnerability)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml.diff
vuxml-grafana.diff (text/plain), 2.35 KB, created by
Boris Korzun
on 2022-08-31 11:13:46 UTC
(
hide
)
Description:
vuxml.diff
Filename:
MIME Type:
Creator:
Boris Korzun
Created:
2022-08-31 11:13:46 UTC
Size:
2.35 KB
patch
obsolete
>diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml >index d9e2e9a645fb..2120883a5a3f 100644 >--- a/security/vuxml/vuln-2022.xml >+++ b/security/vuxml/vuln-2022.xml >@@ -1,3 +1,48 @@ >+ <vuln vid="827b95ff-290e-11ed-a2e7-6c3be5272acd"> >+ <topic>Grafana -- Unauthorized file disclosure</topic> >+ <affects> >+ <package> >+ <name>grafana</name> >+ <range><ge>5.2.0</ge><lt>8.3.11</lt></range> >+ <range><ge>8.4.0</ge><lt>8.4.11</lt></range> >+ <range><ge>8.5.0</ge><lt>8.5.11</lt></range> >+ <range><ge>9.0.0</ge><lt>9.0.8</lt></range> >+ <range><ge>9.1.0</ge><lt>9.1.2</lt></range> >+ </package> >+ <package> >+ <name>grafana7</name> >+ <range><ge>7.0</ge></range> >+ </package> >+ <package> >+ <name>grafana8</name> >+ <range><ge>8.3.0</ge><lt>8.3.11</lt></range> >+ <range><ge>8.4.0</ge><lt>8.4.11</lt></range> >+ <range><ge>8.5.0</ge><lt>8.5.11</lt></range> >+ </package> >+ <package> >+ <name>grafana9</name> >+ <range><ge>9.0.0</ge><lt>9.0.8</lt></range> >+ <range><ge>9.1.0</ge><lt>9.1.2</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Grafana Labs reports:</p> >+ <blockquote cite="https://grafana.com/blog/2022/08/30/security-release-new-versions-of-grafana-and-grafana-image-renderer-with-a-high-severity-security-fix-for-cve-2022-31176/"> >+ <p>On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the <a href="https://grafana.com/grafana/plugins/grafana-image-renderer/">Grafana Image Renderer plugin</a> when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for âprintingâ of unauthorized files in a PNG file. This makes it possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake data source (this applies if the user has admin permissions in Grafana).</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2022-31176</cvename> >+ <url>https://github.com/grafana/grafana-image-renderer/security/advisories/GHSA-2cfh-233g-m4c5</url> >+ </references> >+ <dates> >+ <discovery>2022-07-21</discovery> >+ <entry>2022-08-31</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="3110b29e-c82d-4287-9f6c-db82bb883b1e"> > <topic>zeek -- potential DoS vulnerabilities</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=236260">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
eduardo
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 266128
:
236258
|
236259
| 236260