FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| db895ed0-6298-11ed-9ca2-6c3be5272acd | Grafana -- Privilege escalation
Grafana Labs reports:
Internal security audit identified a race condition in the Grafana codebase,
which allowed an unauthenticated user to query an arbitrary endpoint in Grafana.
A race condition in the
HTTP context creation could make a HTTP request being assigned
the authentication/authorization middlewares of another call. Under heavy load
it is possible that a call protected by a privileged middleware receives instead
the middleware of a public query. As a result, an unauthenticated user can
successfully query protected endpoints.
The CVSS score for this vulnerability is 9.8 Critical
Discovery 2022-11-08
Entry 2022-11-12
grafana
ge 9.2.0 lt 9.2.4
grafana9
ge 9.2.0 lt 9.2.4
CVE-2022-39328
https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch
|