FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fdbe9aec-118b-11ee-908a-6c3be5272acd	Grafana -- Account takeover / authentication bypass Grafana Labs reports: Grafana validates Azure Active Directory accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants. This can enable a Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant Azure AD OAuth application. The CVSS score for this vulnerability is 9.4 Critical. Discovery 2023-06-22 Entry 2023-06-23 grafana ge 6.7.0 lt 8.5.27 ge 9.0.0 lt 9.2.20 ge 9.3.0 lt 9.3.16 ge 9.4.0 lt 9.4.13 ge 9.5.0 lt 9.5.5 ge 10.0.0 lt 10.0.1 grafana8 < 8.5.27 grafana9 < 9.2.20 ge 9.3.0 lt 9.3.16 ge 9.4.0 lt 9.4.13 ge 9.5.0 lt 9.5.5 grafana10 < 10.0.1 CVE-2023-3128 https://grafana.com/security/security-advisories/cve-2023-3128

VuXML ID

Description

fdbe9aec-118b-11ee-908a-6c3be5272acd

Grafana -- Account takeover / authentication bypass

Grafana Labs reports:

Grafana validates Azure Active Directory accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants. This can enable a Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant Azure AD OAuth application.

The CVSS score for this vulnerability is 9.4 Critical.

Discovery 2023-06-22
Entry 2023-06-23
grafana

ge 6.7.0 lt 8.5.27

ge 9.0.0 lt 9.2.20

ge 9.3.0 lt 9.3.16

ge 9.4.0 lt 9.4.13

ge 9.5.0 lt 9.5.5

ge 10.0.0 lt 10.0.1

grafana8

< 8.5.27

grafana9

< 9.2.20

ge 9.3.0 lt 9.3.16

ge 9.4.0 lt 9.4.13

ge 9.5.0 lt 9.5.5

grafana10

< 10.0.1

CVE-2023-3128
https://grafana.com/security/security-advisories/cve-2023-3128