FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d4284c2e-8b83-11ec-b369-6c3be5272acd	Grafana -- CSRF Grafana Labs reports: On Jan. 18, security researchers @jub0bs and @abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). Discovery 2022-01-18 Entry 2022-02-12 grafana6 ge 6.0.0 grafana7 < 7.5.15 grafana8 < 8.3.5 CVE-2022-21703 https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/
cecbc674-8b83-11ec-b369-6c3be5272acd	Grafana -- XSS Grafana Labs reports: On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). Discovery 2022-01-16 Entry 2022-02-12 grafana6 ge 6.0.0 grafana7 < 7.5.15 grafana8 < 8.3.5 CVE-2022-21702 https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/
d71d154a-8b83-11ec-b369-6c3be5272acd	Grafana -- Teams API IDOR Grafana Labs reports: On Jan. 18, an external security researcher, KÃÂ¼rÃÂad ALSAN from NSPECT.IO (@nspectio on Twitter), contacted Grafana to disclose an IDOR (Insecure Direct Object Reference) vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints: /teams/:teamId - an authenticated attacker can view unintended data by querying for the specific team ID. /teams/:search - an authenticated attacker can search for teams and see the total number of available teams, including for those teams that the user does not have access to. /teams/:teamId/members - when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. We believe that this vulnerability is rated at CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Discovery 2022-01-18 Entry 2022-02-12 grafana6 ge 6.0.0 grafana7 < 7.5.15 grafana8 < 8.3.5 CVE-2022-21713 https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

VuXML ID

Description

d4284c2e-8b83-11ec-b369-6c3be5272acd

Grafana -- CSRF

Grafana Labs reports:

On Jan. 18, security researchers @jub0bs and @abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).

Discovery 2022-01-18
Entry 2022-02-12
grafana6

ge 6.0.0

grafana7

< 7.5.15

grafana8

< 8.3.5

CVE-2022-21703
https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

cecbc674-8b83-11ec-b369-6c3be5272acd

Grafana -- XSS

Grafana Labs reports:

On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).

Discovery 2022-01-16
Entry 2022-02-12
grafana6

ge 6.0.0

grafana7

< 7.5.15

grafana8

< 8.3.5

CVE-2022-21702
https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

d71d154a-8b83-11ec-b369-6c3be5272acd

Grafana -- Teams API IDOR

Grafana Labs reports:

On Jan. 18, an external security researcher, KÃÂ¼rÃÂad ALSAN from NSPECT.IO (@nspectio on Twitter), contacted Grafana to disclose an IDOR (Insecure Direct Object Reference) vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints:

/teams/:teamId - an authenticated attacker can view unintended data by querying for the specific team ID.

/teams/:search - an authenticated attacker can search for teams and see the total number of available teams, including for those teams that the user does not have access to.

/teams/:teamId/members - when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.

We believe that this vulnerability is rated at CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Discovery 2022-01-18
Entry 2022-02-12
grafana6

ge 6.0.0

grafana7

< 7.5.15

grafana8

< 8.3.5

CVE-2022-21713
https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/