FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-20 04:36:57 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
ee046f5d-37a8-11f0-baaa-6c3be5272acd	Grafana -- User deletion issue Grafana Labs reports: On April 15, we discovered a vulnerability that stems from the user deletion logic associated with organization administrators. An organization admin could remove any user from the specific organization they manage. Additionally, they have the power to delete users entirely from the system if they have no other org membership. This leads to two situations: They can delete a server admin if the organization the Organization Admin manages is the server adminÃ¢ÂÂs final organizational membership. They can delete any user (regardless of whether they are a server admin or not) if that user currently belongs to no organizations. These two situations allow an organization manager to disrupt instance-wide activity by continually deleting server administrators if there is only one organization or if the server administrators are not part of any organization. The CVSS score for this vulnerability is 5.5 Medium. Discovery 2025-04-15 Entry 2025-05-23 grafana >= 5.4.0 lt 10.4.18+security-01 >= 11.0.0 lt 11.2.9+security-01 >= 11.3.0 lt 11.3.6+security-01 >= 11.4.0 lt 11.4.4+security-01 >= 11.5.0 lt 11.5.4+security-01 >= 11.6.0 lt 11.6.1+security-01 >= 12.0.0 lt 12.0.0+security-01 grafana8 >= 8.0.0 grafana9 >= 9.0.0 CVE-2025-3580 https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/

VuXML ID

Description

ee046f5d-37a8-11f0-baaa-6c3be5272acd

Grafana -- User deletion issue

Grafana Labs reports:

On April 15, we discovered a vulnerability that stems from the user deletion logic associated with organization administrators. An organization admin could remove any user from the specific organization they manage. Additionally, they have the power to delete users entirely from the system if they have no other org membership. This leads to two situations:

They can delete a server admin if the organization the Organization Admin manages is the server adminÃ¢ÂÂs final organizational membership.

They can delete any user (regardless of whether they are a server admin or not) if that user currently belongs to no organizations.

These two situations allow an organization manager to disrupt instance-wide activity by continually deleting server administrators if there is only one organization or if the server administrators are not part of any organization.

The CVSS score for this vulnerability is 5.5 Medium.

Discovery 2025-04-15
Entry 2025-05-23
grafana

>= 5.4.0 lt 10.4.18+security-01

>= 11.0.0 lt 11.2.9+security-01

>= 11.3.0 lt 11.3.6+security-01

>= 11.4.0 lt 11.4.4+security-01

>= 11.5.0 lt 11.5.4+security-01

>= 11.6.0 lt 11.6.1+security-01

>= 12.0.0 lt 12.0.0+security-01

grafana8

>= 8.0.0

grafana9

>= 9.0.0

CVE-2025-3580
https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/