FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-06-06 18:03:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fdbe9aec-118b-11ee-908a-6c3be5272acd	Grafana -- Account takeover / authentication bypass Grafana Labs reports: Grafana validates Azure Active Directory accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants. This can enable a Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant Azure AD OAuth application. The CVSS score for this vulnerability is 9.4 Critical. Discovery 2023-06-22 Entry 2023-06-23 grafana >= 6.7.0 lt 8.5.27 >= 9.0.0 lt 9.2.20 >= 9.3.0 lt 9.3.16 >= 9.4.0 lt 9.4.13 >= 9.5.0 lt 9.5.5 >= 10.0.0 lt 10.0.1 grafana8 < 8.5.27 grafana9 < 9.2.20 >= 9.3.0 lt 9.3.16 >= 9.4.0 lt 9.4.13 >= 9.5.0 lt 9.5.5 grafana10 < 10.0.1 CVE-2023-3128 https://grafana.com/security/security-advisories/cve-2023-3128
310f5923-211c-11f0-8ca6-6c3be5272acd	Grafana -- Authorization bypass in data source proxy API Grafana Labs reports: This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects GrafanaÃ¢ÂÂs data source proxy API and allows authorization checks to be bypassed by adding an extra slash character (/) in the URL path. Among Grafana-maintained data sources, the vulnerability only affects the read paths of Prometheus (all flavors) and Alertmanager when configured with basic authorization. The CVSS score for this vulnerability is 5.0 MEDIUM. Discovery 2025-03-25 Entry 2025-04-24 grafana >= 8.0.0 lt 10.4.17+security-01 >= 11.0.0 lt 11.2.8+security-01 >= 11.3.0 lt 11.3.5+security-01 >= 11.4.0 lt 11.4.3+security-01 >= 11.5.0 lt 11.5.3+security-01 >= 11.6.0 lt 11.6.0+security-01 grafana8 >= 8.0.0 grafana9 >= 9.0.0 CVE-2025-3454 https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/

VuXML ID

Description

fdbe9aec-118b-11ee-908a-6c3be5272acd

Grafana -- Account takeover / authentication bypass

Grafana Labs reports:

Grafana validates Azure Active Directory accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants. This can enable a Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant Azure AD OAuth application.

The CVSS score for this vulnerability is 9.4 Critical.

Discovery 2023-06-22
Entry 2023-06-23
grafana

>= 6.7.0 lt 8.5.27

>= 9.0.0 lt 9.2.20

>= 9.3.0 lt 9.3.16

>= 9.4.0 lt 9.4.13

>= 9.5.0 lt 9.5.5

>= 10.0.0 lt 10.0.1

grafana8

< 8.5.27

grafana9

< 9.2.20

>= 9.3.0 lt 9.3.16

>= 9.4.0 lt 9.4.13

>= 9.5.0 lt 9.5.5

grafana10

< 10.0.1

CVE-2023-3128
https://grafana.com/security/security-advisories/cve-2023-3128

310f5923-211c-11f0-8ca6-6c3be5272acd

Grafana -- Authorization bypass in data source proxy API

Grafana Labs reports:

This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects GrafanaÃ¢ÂÂs data source proxy API and allows authorization checks to be bypassed by adding an extra slash character (/) in the URL path. Among Grafana-maintained data sources, the vulnerability only affects the read paths of Prometheus (all flavors) and Alertmanager when configured with basic authorization.

The CVSS score for this vulnerability is 5.0 MEDIUM.

Discovery 2025-03-25
Entry 2025-04-24
grafana

>= 8.0.0 lt 10.4.17+security-01

>= 11.0.0 lt 11.2.8+security-01

>= 11.3.0 lt 11.3.5+security-01

>= 11.4.0 lt 11.4.3+security-01

>= 11.5.0 lt 11.5.3+security-01

>= 11.6.0 lt 11.6.0+security-01

grafana8

>= 8.0.0

grafana9

>= 9.0.0

CVE-2025-3454
https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/