Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/grafana@9.2.10-7?arch=el9_3

Type rpm

Namespace redhat

Name grafana

Version 9.2.10-7

Qualifiers

arch	el9_3

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-48yx-mkmv-g7bu

vulnerability_id

VCID-48yx-mkmv-g7bu

summary

Grafana Email addresses and usernames can not be trusted
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306.

We are also releasing security patches for Grafana 8.5.15 to fix these issues.

Release 9.2.4, latest patch, also containing security fix:

- [Download Grafana 9.2.4](https://grafana.com/grafana/download/9.2.4)

Release 8.5.15, only containing security fix:

- [Download Grafana 8.5.15](https://grafana.com/grafana/download/8.5.15)

Appropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud) and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana and Azure Managed Grafana as a service offering.

## Privilege escalation

### Summary

Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization.
When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization.
The CVSS score for this vulnerability is [6.4 Moderate](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N&version=3.1)

### Impact

Vulnerability makes it possible to use the invitation link to sign up with an arbitrary username/email with a malicious intent.

### Impacted versions

All installations for Grafana versions Grafana <=9.x, <8.x

### Solutions and mitigations

To fully address CVE-2022-39306, please upgrade your Grafana instances.
Appropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud).

## Reporting security issues

If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

## Security announcements

We maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.

You can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39306.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39306.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39306

reference_id

reference_type

scores

value	0.00367
scoring_system	epss
scoring_elements	0.58653
published_at	2026-04-08T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58658
published_at	2026-04-12T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58677
published_at	2026-04-11T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58659
published_at	2026-04-09T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.5867
published_at	2026-04-16T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58638
published_at	2026-04-13T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.61685
published_at	2026-04-21T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.61701
published_at	2026-04-18T12:55:00Z

value	0.00415
scoring_system	epss
scoring_elements	0.61678
published_at	2026-04-24T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65621
published_at	2026-04-02T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.6565
published_at	2026-04-04T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65616
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39306

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/grafana/grafana

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:04Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-39306

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-39306

reference_url

https://security.netapp.com/advisory/ntap-20221215-0004

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221215-0004

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2138014
reference_id	2138014
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2138014

reference_url

https://security.netapp.com/advisory/ntap-20221215-0004/

reference_id

ntap-20221215-0004

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:04Z/

url

https://security.netapp.com/advisory/ntap-20221215-0004/

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://access.redhat.com/errata/RHSA-2023:6420
reference_id	RHSA-2023:6420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6420

fixed_packages

aliases

CVE-2022-39306, GHSA-2x6g-h2hg-rq84

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-48yx-mkmv-g7bu

url

VCID-4ufj-v5z1-huec

vulnerability_id

VCID-4ufj-v5z1-huec

summary

Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24534.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24534.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-24534

reference_id

reference_type

scores

value	0.00119
scoring_system	epss
scoring_elements	0.30864
published_at	2026-04-16T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30809
published_at	2026-04-21T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30844
published_at	2026-04-18T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.3083
published_at	2026-04-07T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30888
published_at	2026-04-08T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30918
published_at	2026-04-09T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30921
published_at	2026-04-11T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30878
published_at	2026-04-12T12:55:00Z

value	0.00119
scoring_system	epss
scoring_elements	0.30833
published_at	2026-04-13T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33636
published_at	2026-04-02T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33669
published_at	2026-04-04T12:55:00Z

value	0.00162
scoring_system	epss
scoring_elements	0.36812
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-24534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2184483
reference_id	2184483
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2184483

reference_url

https://go.dev/cl/481994

reference_id

481994

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T17:14:51Z/

url

https://go.dev/cl/481994

reference_url

https://go.dev/issue/58975

reference_id

58975

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T17:14:51Z/

url

https://go.dev/issue/58975

reference_url

https://pkg.go.dev/vuln/GO-2023-1704

reference_id

GO-2023-1704

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T17:14:51Z/

url

https://pkg.go.dev/vuln/GO-2023-1704

reference_url

https://security.netapp.com/advisory/ntap-20230526-0007/

reference_id

ntap-20230526-0007

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T17:14:51Z/

url

https://security.netapp.com/advisory/ntap-20230526-0007/

reference_url	https://access.redhat.com/errata/RHSA-2023:3167
reference_id	RHSA-2023:3167
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3167

reference_url	https://access.redhat.com/errata/RHSA-2023:3318
reference_id	RHSA-2023:3318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3318

reference_url	https://access.redhat.com/errata/RHSA-2023:3319
reference_id	RHSA-2023:3319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3319

reference_url	https://access.redhat.com/errata/RHSA-2023:3366
reference_id	RHSA-2023:3366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3366

reference_url	https://access.redhat.com/errata/RHSA-2023:3367
reference_id	RHSA-2023:3367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3367

reference_url	https://access.redhat.com/errata/RHSA-2023:3445
reference_id	RHSA-2023:3445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3445

reference_url	https://access.redhat.com/errata/RHSA-2023:3450
reference_id	RHSA-2023:3450
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3450

reference_url	https://access.redhat.com/errata/RHSA-2023:3455
reference_id	RHSA-2023:3455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3455

reference_url	https://access.redhat.com/errata/RHSA-2023:3536
reference_id	RHSA-2023:3536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3536

reference_url	https://access.redhat.com/errata/RHSA-2023:3540
reference_id	RHSA-2023:3540
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3540

reference_url	https://access.redhat.com/errata/RHSA-2023:3612
reference_id	RHSA-2023:3612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3612

reference_url	https://access.redhat.com/errata/RHSA-2023:3624
reference_id	RHSA-2023:3624
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3624

reference_url	https://access.redhat.com/errata/RHSA-2023:3918
reference_id	RHSA-2023:3918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3918

reference_url	https://access.redhat.com/errata/RHSA-2023:3943
reference_id	RHSA-2023:3943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3943

reference_url	https://access.redhat.com/errata/RHSA-2023:4003
reference_id	RHSA-2023:4003
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4003

reference_url	https://access.redhat.com/errata/RHSA-2023:4335
reference_id	RHSA-2023:4335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4335

reference_url	https://access.redhat.com/errata/RHSA-2023:4459
reference_id	RHSA-2023:4459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4459

reference_url	https://access.redhat.com/errata/RHSA-2023:4470
reference_id	RHSA-2023:4470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4470

reference_url	https://access.redhat.com/errata/RHSA-2023:4627
reference_id	RHSA-2023:4627
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4627

reference_url	https://access.redhat.com/errata/RHSA-2023:4657
reference_id	RHSA-2023:4657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4657

reference_url	https://access.redhat.com/errata/RHSA-2023:4664
reference_id	RHSA-2023:4664
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4664

reference_url	https://access.redhat.com/errata/RHSA-2023:5964
reference_id	RHSA-2023:5964
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5964

reference_url	https://access.redhat.com/errata/RHSA-2023:5976
reference_id	RHSA-2023:5976
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5976

reference_url	https://access.redhat.com/errata/RHSA-2023:6346
reference_id	RHSA-2023:6346
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6346

reference_url	https://access.redhat.com/errata/RHSA-2023:6363
reference_id	RHSA-2023:6363
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6363

reference_url	https://access.redhat.com/errata/RHSA-2023:6402
reference_id	RHSA-2023:6402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6402

reference_url	https://access.redhat.com/errata/RHSA-2023:6420
reference_id	RHSA-2023:6420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6420

reference_url	https://access.redhat.com/errata/RHSA-2023:6473
reference_id	RHSA-2023:6473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6473

reference_url	https://access.redhat.com/errata/RHSA-2023:6474
reference_id	RHSA-2023:6474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6474

reference_url	https://access.redhat.com/errata/RHSA-2023:6832
reference_id	RHSA-2023:6832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6832

reference_url	https://access.redhat.com/errata/RHSA-2023:6938
reference_id	RHSA-2023:6938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6938

reference_url	https://access.redhat.com/errata/RHSA-2023:6939
reference_id	RHSA-2023:6939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6939

reference_url	https://access.redhat.com/errata/RHSA-2024:2944
reference_id	RHSA-2024:2944
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2944

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

reference_url	https://usn.ubuntu.com/6038-2/
reference_id	USN-6038-2
reference_type
scores
url	https://usn.ubuntu.com/6038-2/

reference_url	https://usn.ubuntu.com/6140-1/
reference_id	USN-6140-1
reference_type
scores
url	https://usn.ubuntu.com/6140-1/

reference_url

https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8

reference_id

Xdv6JL9ENs8

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T17:14:51Z/

url

https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8

fixed_packages

aliases

CVE-2023-24534

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4ufj-v5z1-huec

url

VCID-5kkq-5jpf-fqev

vulnerability_id

VCID-5kkq-5jpf-fqev

summary

Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41717.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41717.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41717

reference_id

reference_type

scores

value	0.00331
scoring_system	epss
scoring_elements	0.55979
published_at	2026-04-24T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56052
published_at	2026-04-21T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56079
published_at	2026-04-18T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56076
published_at	2026-04-16T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56041
published_at	2026-04-13T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56058
published_at	2026-04-12T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56078
published_at	2026-04-11T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56067
published_at	2026-04-09T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56064
published_at	2026-04-08T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56013
published_at	2026-04-07T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56034
published_at	2026-04-04T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56014
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41717

reference_url

https://cs.opensource.google/go/x/net

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cs.opensource.google/go/x/net

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://go.dev/cl/455635

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.dev/cl/455635

reference_url

https://go.dev/cl/455717

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.dev/cl/455717

reference_url

https://go.dev/issue/56350

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.dev/issue/56350

reference_url

https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-41717

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-41717

reference_url

https://pkg.go.dev/vuln/GO-2022-1144

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2022-1144

reference_url

https://security.gentoo.org/glsa/202311-09

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202311-09

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2161274
reference_id	2161274
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2161274

reference_url	https://security.gentoo.org/glsa/202409-28
reference_id	GLSA-202409-28
reference_type
scores
url	https://security.gentoo.org/glsa/202409-28

reference_url	https://security.gentoo.org/glsa/202409-29
reference_id	GLSA-202409-29
reference_type
scores
url	https://security.gentoo.org/glsa/202409-29

reference_url	https://access.redhat.com/errata/RHSA-2023:0328
reference_id	RHSA-2023:0328
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0328

reference_url	https://access.redhat.com/errata/RHSA-2023:0446
reference_id	RHSA-2023:0446
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0446

reference_url	https://access.redhat.com/errata/RHSA-2023:0584
reference_id	RHSA-2023:0584
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0584

reference_url	https://access.redhat.com/errata/RHSA-2023:0632
reference_id	RHSA-2023:0632
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0632

reference_url	https://access.redhat.com/errata/RHSA-2023:0692
reference_id	RHSA-2023:0692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0692

reference_url	https://access.redhat.com/errata/RHSA-2023:0693
reference_id	RHSA-2023:0693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0693

reference_url	https://access.redhat.com/errata/RHSA-2023:0728
reference_id	RHSA-2023:0728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0728

reference_url	https://access.redhat.com/errata/RHSA-2023:0769
reference_id	RHSA-2023:0769
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0769

reference_url	https://access.redhat.com/errata/RHSA-2023:0774
reference_id	RHSA-2023:0774
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0774

reference_url	https://access.redhat.com/errata/RHSA-2023:0899
reference_id	RHSA-2023:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0899

reference_url	https://access.redhat.com/errata/RHSA-2023:0918
reference_id	RHSA-2023:0918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0918

reference_url	https://access.redhat.com/errata/RHSA-2023:0930
reference_id	RHSA-2023:0930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0930

reference_url	https://access.redhat.com/errata/RHSA-2023:0931
reference_id	RHSA-2023:0931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0931

reference_url	https://access.redhat.com/errata/RHSA-2023:0932
reference_id	RHSA-2023:0932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0932

reference_url	https://access.redhat.com/errata/RHSA-2023:0934
reference_id	RHSA-2023:0934
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0934

reference_url	https://access.redhat.com/errata/RHSA-2023:1030
reference_id	RHSA-2023:1030
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1030

reference_url	https://access.redhat.com/errata/RHSA-2023:1079
reference_id	RHSA-2023:1079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1079

reference_url	https://access.redhat.com/errata/RHSA-2023:1154
reference_id	RHSA-2023:1154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1154

reference_url	https://access.redhat.com/errata/RHSA-2023:1174
reference_id	RHSA-2023:1174
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1174

reference_url	https://access.redhat.com/errata/RHSA-2023:1179
reference_id	RHSA-2023:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1179

reference_url	https://access.redhat.com/errata/RHSA-2023:1181
reference_id	RHSA-2023:1181
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1181

reference_url	https://access.redhat.com/errata/RHSA-2023:1268
reference_id	RHSA-2023:1268
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1268

reference_url	https://access.redhat.com/errata/RHSA-2023:1275
reference_id	RHSA-2023:1275
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1275

reference_url	https://access.redhat.com/errata/RHSA-2023:1276
reference_id	RHSA-2023:1276
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1276

reference_url	https://access.redhat.com/errata/RHSA-2023:1310
reference_id	RHSA-2023:1310
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1310

reference_url	https://access.redhat.com/errata/RHSA-2023:1325
reference_id	RHSA-2023:1325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1325

reference_url	https://access.redhat.com/errata/RHSA-2023:1326
reference_id	RHSA-2023:1326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1326

reference_url	https://access.redhat.com/errata/RHSA-2023:1327
reference_id	RHSA-2023:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1327

reference_url	https://access.redhat.com/errata/RHSA-2023:1328
reference_id	RHSA-2023:1328
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1328

reference_url	https://access.redhat.com/errata/RHSA-2023:1329
reference_id	RHSA-2023:1329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1329

reference_url	https://access.redhat.com/errata/RHSA-2023:1372
reference_id	RHSA-2023:1372
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1372

reference_url	https://access.redhat.com/errata/RHSA-2023:1448
reference_id	RHSA-2023:1448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1448

reference_url	https://access.redhat.com/errata/RHSA-2023:1529
reference_id	RHSA-2023:1529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1529

reference_url	https://access.redhat.com/errata/RHSA-2023:1816
reference_id	RHSA-2023:1816
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1816

reference_url	https://access.redhat.com/errata/RHSA-2023:1817
reference_id	RHSA-2023:1817
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1817

reference_url	https://access.redhat.com/errata/RHSA-2023:2204
reference_id	RHSA-2023:2204
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2204

reference_url	https://access.redhat.com/errata/RHSA-2023:2222
reference_id	RHSA-2023:2222
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2222

reference_url	https://access.redhat.com/errata/RHSA-2023:2236
reference_id	RHSA-2023:2236
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2236

reference_url	https://access.redhat.com/errata/RHSA-2023:2253
reference_id	RHSA-2023:2253
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2253

reference_url	https://access.redhat.com/errata/RHSA-2023:2282
reference_id	RHSA-2023:2282
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2282

reference_url	https://access.redhat.com/errata/RHSA-2023:2283
reference_id	RHSA-2023:2283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2283

reference_url	https://access.redhat.com/errata/RHSA-2023:2357
reference_id	RHSA-2023:2357
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2357

reference_url	https://access.redhat.com/errata/RHSA-2023:2367
reference_id	RHSA-2023:2367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2367

reference_url	https://access.redhat.com/errata/RHSA-2023:2758
reference_id	RHSA-2023:2758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2758

reference_url	https://access.redhat.com/errata/RHSA-2023:2780
reference_id	RHSA-2023:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2780

reference_url	https://access.redhat.com/errata/RHSA-2023:2802
reference_id	RHSA-2023:2802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2802

reference_url	https://access.redhat.com/errata/RHSA-2023:2866
reference_id	RHSA-2023:2866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2866

reference_url	https://access.redhat.com/errata/RHSA-2023:3204
reference_id	RHSA-2023:3204
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3204

reference_url	https://access.redhat.com/errata/RHSA-2023:3205
reference_id	RHSA-2023:3205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3205

reference_url	https://access.redhat.com/errata/RHSA-2023:3612
reference_id	RHSA-2023:3612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3612

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

reference_url	https://access.redhat.com/errata/RHSA-2023:3910
reference_id	RHSA-2023:3910
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3910

reference_url	https://access.redhat.com/errata/RHSA-2023:3914
reference_id	RHSA-2023:3914
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3914

reference_url	https://access.redhat.com/errata/RHSA-2023:4090
reference_id	RHSA-2023:4090
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4090

reference_url	https://access.redhat.com/errata/RHSA-2023:4091
reference_id	RHSA-2023:4091
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4091

reference_url	https://access.redhat.com/errata/RHSA-2023:4470
reference_id	RHSA-2023:4470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4470

reference_url	https://access.redhat.com/errata/RHSA-2023:5982
reference_id	RHSA-2023:5982
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5982

reference_url	https://access.redhat.com/errata/RHSA-2023:6420
reference_id	RHSA-2023:6420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6420

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

reference_url	https://access.redhat.com/errata/RHSA-2024:0746
reference_id	RHSA-2024:0746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0746

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

reference_url	https://usn.ubuntu.com/6038-2/
reference_id	USN-6038-2
reference_type
scores
url	https://usn.ubuntu.com/6038-2/

fixed_packages

aliases

CVE-2022-41717, GHSA-xrjj-mj9h-534m

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-5kkq-5jpf-fqev

url

VCID-assu-2cry-hqcg

vulnerability_id

VCID-assu-2cry-hqcg

summary

Grafana Plugin signature bypass
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31123

We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues.

Release 9.2, latest release, also containing security fix:

- [Download Grafana 9.2](https://grafana.com/grafana/download/9.2)

Release 9.1.8, only containing security fix:

- [Download Grafana 9.1.8](https://grafana.com/grafana/download/9.1.8)

Release 8.5.14, only containing security fix:

- [Download Grafana 8.5.14](https://grafana.com/grafana/download/8.5.14)

Appropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud) and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana and Azure's Grafana as a service offering.

## CVE-2022-31123

### Summary
On July 4th as a result of an internal security audit we have discovered a bypass in the plugin signature verification by exploiting a versioning flaw.

We believe that this vulnerability is rated at CVSS 6.1 (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L). 

### Impact
An attacker can convince a server admin to download and successfully run a malicious plugin even though [unsigned plugins](https://grafana.com/docs/grafana/latest/administration/plugin-management/#allow-unsigned-plugins) are not allowed.

### Impacted versions

All installations for Grafana versions <=9.x, <=8.x, <=7.x

### Solutions and mitigations

To fully address CVE-2022-31123 please upgrade your Grafana instances. 
Appropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud).

### Reporting security issues

If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

### Security announcements

We maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.

You can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31123.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31123.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31123

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01216
published_at	2026-04-24T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01212
published_at	2026-04-21T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01143
published_at	2026-04-18T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01131
published_at	2026-04-16T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01141
published_at	2026-04-13T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.0114
published_at	2026-04-12T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01146
published_at	2026-04-11T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01161
published_at	2026-04-09T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.0116
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01493
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01487
published_at	2026-04-04T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01485
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31123

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/grafana/grafana

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana

reference_url

https://github.com/grafana/grafana/releases/tag/v9.1.8

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:01Z/

url

https://github.com/grafana/grafana/releases/tag/v9.1.8

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:01Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31123

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31123

reference_url

https://security.netapp.com/advisory/ntap-20221124-0002

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221124-0002

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2131147
reference_id	2131147
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2131147

reference_url

https://security.netapp.com/advisory/ntap-20221124-0002/

reference_id

ntap-20221124-0002

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:01Z/

url

https://security.netapp.com/advisory/ntap-20221124-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://access.redhat.com/errata/RHSA-2023:6420
reference_id	RHSA-2023:6420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6420

fixed_packages

aliases

CVE-2022-31123, GHSA-rhxj-gh46-jvw8

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-assu-2cry-hqcg

url

VCID-fvta-uqdk-37fd

vulnerability_id

VCID-fvta-uqdk-37fd

summary

Grafana User enumeration via forget password
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate security fixes for CVE-2022-39307.

We are also releasing security patches for Grafana 8.5.15 to fix these issues.

Release 9.2.4, latest patch, also containing security fix:

- [Download Grafana 9.2.4](https://grafana.com/grafana/download/9.2.4)

Release 8.5.15, only containing security fix:

- [Download Grafana 8.5.15](https://grafana.com/grafana/download/8.5.15)

## Username enumeration

### Summary

When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message.

The CVSS score for this vulnerability is [5.3 Moderate](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N&version=3.1)

### Impact

The impacted endpoint leaks information to unauthenticated users and introduces a security risk.

### Impacted versions

All installations for Grafana versions Grafana <=9.x, <8.x

### Solutions and mitigations

To fully address CVE-2022-39307, please upgrade your Grafana instances.
Appropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud).

## Reporting security issues

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

## Security announcements

You can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39307.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39307.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39307

reference_id

reference_type

scores

value	0.00194
scoring_system	epss
scoring_elements	0.4136
published_at	2026-04-16T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41317
published_at	2026-04-13T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.4133
published_at	2026-04-12T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41362
published_at	2026-04-11T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41341
published_at	2026-04-09T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41334
published_at	2026-04-08T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41284
published_at	2026-04-07T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41356
published_at	2026-04-04T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41328
published_at	2026-04-02T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44459
published_at	2026-04-24T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44612
published_at	2026-04-18T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44543
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39307

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/grafana/grafana

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:00Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-39307

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-39307

reference_url

https://security.netapp.com/advisory/ntap-20221215-0004

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221215-0004

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2138015
reference_id	2138015
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2138015

reference_url

https://security.netapp.com/advisory/ntap-20221215-0004/

reference_id

ntap-20221215-0004

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:00Z/

url

https://security.netapp.com/advisory/ntap-20221215-0004/

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://access.redhat.com/errata/RHSA-2023:6420
reference_id	RHSA-2023:6420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6420

fixed_packages

aliases

CVE-2022-39307, GHSA-3p62-42x7-gxg5

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-fvta-uqdk-37fd

url

VCID-jgdy-pgdk-pyhb

vulnerability_id

VCID-jgdy-pgdk-pyhb

summary

Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130

We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues.

Release 9.2, latest release, also containing security fix:

- [Download Grafana 9.2](https://grafana.com/grafana/download/9.2)

Release 9.1.8, only containing security fix:

- [Download Grafana 9.1.8](https://grafana.com/grafana/download/9.1.8)

Release 8.5.14, only containing security fix:

- [Download Grafana 8.5.14](https://grafana.com/grafana/download/8.5.14)

## CVE-2022-31130

### Summary
On June 26 a security researcher contacted Grafana Labs to disclose a vulnerability with the GitLab data source plugin that could leak the API key to GitLab. After further analysis the vulnerability impacts data source and plugin proxy endpoints with authentication tokens but under some conditions.

We believe that this vulnerability is rated at CVSS 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

### Impact
The destination plugin could receive a Grafana authentication token of the user.

### Impacted versions

All installations for Grafana versions <=9.x, <=8.x, <=7.x

### Solutions and mitigations

To fully address CVE-2022-31130 please upgrade your Grafana instances.
Appropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud).

As a workaround do not use API keys, JWT authentication or any HTTP Header based authentication.

### Reporting security issues

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

### Security announcements

You can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31130.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31130.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31130

reference_id

reference_type

scores

value	0.00243
scoring_system	epss
scoring_elements	0.47561
published_at	2026-04-07T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47612
published_at	2026-04-04T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47591
published_at	2026-04-02T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59379
published_at	2026-04-24T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59386
published_at	2026-04-08T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59399
published_at	2026-04-09T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59418
published_at	2026-04-11T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59401
published_at	2026-04-12T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59383
published_at	2026-04-13T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59415
published_at	2026-04-16T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59422
published_at	2026-04-18T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59404
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31130

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/grafana/grafana

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana

reference_url

https://github.com/grafana/grafana/commit/4dd56e4dabce10007bf4ba1059bf54178c35b177

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:56:27Z/

url

https://github.com/grafana/grafana/commit/4dd56e4dabce10007bf4ba1059bf54178c35b177

reference_url

https://github.com/grafana/grafana/commit/9da278c044ba605eb5a1886c48df9a2cb0d3885f

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:56:27Z/

url

https://github.com/grafana/grafana/commit/9da278c044ba605eb5a1886c48df9a2cb0d3885f

reference_url

https://github.com/grafana/grafana/releases/tag/v9.1.8

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:56:27Z/

url

https://github.com/grafana/grafana/releases/tag/v9.1.8

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-jv32-5578-pxjc

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:56:27Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-jv32-5578-pxjc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31130

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31130

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2131146
reference_id	2131146
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2131146

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://access.redhat.com/errata/RHSA-2023:6420
reference_id	RHSA-2023:6420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6420

fixed_packages

aliases

CVE-2022-31130, GHSA-jv32-5578-pxjc

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-jgdy-pgdk-pyhb

url

VCID-n4bf-cm4s-ayew

vulnerability_id

VCID-n4bf-cm4s-ayew

summary

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201

We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues.

Release 9.2, latest release, also containing security fix:

- [Download Grafana 9.2](https://grafana.com/grafana/download/9.2)

Release 9.1.8, only containing security fix:

- [Download Grafana 9.1.8](https://grafana.com/grafana/download/9.1.8)

Release 8.5.14, only containing security fix:

- [Download Grafana 8.5.14](https://grafana.com/grafana/download/8.5.14)

## CVE-2022-39201

### Summary
On September 7th as a result of an internal security audit we have discovered that Grafana could leak the authentication cookie of users to plugins. After further analysis the vulnerability impacts data source and plugin proxy endpoints under certain conditions.

We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)

### Impact
The destination plugin could receive a Grafana authentication cookie of the user.

### Impacted versions

All installations for Grafana versions >= v5.0.0-beta1

### Solutions and mitigations

To fully address CVE-2022-39201 please upgrade your Grafana instances.
Appropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud).

### Reporting security issues

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

### Security announcements

You can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39201.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39201.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39201

reference_id

reference_type

scores

value	0.00588
scoring_system	epss
scoring_elements	0.69081
published_at	2026-04-07T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.691
published_at	2026-04-04T12:55:00Z

value	0.00588
scoring_system	epss
scoring_elements	0.69079
published_at	2026-04-02T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75669
published_at	2026-04-16T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75637
published_at	2026-04-12T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75631
published_at	2026-04-13T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75621
published_at	2026-04-08T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75656
published_at	2026-04-11T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75697
published_at	2026-04-24T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75658
published_at	2026-04-21T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75673
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39201

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/grafana/grafana

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana

reference_url

https://github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:55Z/

url

https://github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57

reference_url

https://github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:55Z/

url

https://github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9

reference_url

https://github.com/grafana/grafana/releases/tag/v9.1.8

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:55Z/

url

https://github.com/grafana/grafana/releases/tag/v9.1.8

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:55Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-39201

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-39201

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2131148
reference_id	2131148
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2131148

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://access.redhat.com/errata/RHSA-2023:6420
reference_id	RHSA-2023:6420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6420

fixed_packages

aliases

CVE-2022-39201, GHSA-x744-mm8v-vpgr

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-n4bf-cm4s-ayew

url

VCID-nhp5-mapc-6qc1

vulnerability_id

VCID-nhp5-mapc-6qc1

summary

grafana: persistent xss in grafana core plugins

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23552.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23552.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23552

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.56945
published_at	2026-04-02T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56902
published_at	2026-04-24T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56967
published_at	2026-04-04T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56943
published_at	2026-04-07T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56994
published_at	2026-04-08T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56997
published_at	2026-04-09T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57004
published_at	2026-04-11T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56984
published_at	2026-04-12T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.5696
published_at	2026-04-13T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56989
published_at	2026-04-16T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56986
published_at	2026-04-18T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56963
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23552

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/grafana/grafana/commit/1c8a50b36973bd59a1cc5f34c30de8a9a6a431f0

reference_id

1c8a50b36973bd59a1cc5f34c30de8a9a6a431f0

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:04:19Z/

url

https://github.com/grafana/grafana/commit/1c8a50b36973bd59a1cc5f34c30de8a9a6a431f0

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2158420
reference_id	2158420
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2158420

reference_url

https://github.com/grafana/grafana/pull/62143

reference_id

62143

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:04:19Z/

url

https://github.com/grafana/grafana/pull/62143

reference_url

https://github.com/grafana/grafana/commit/8b574e22b53aa4c5a35032a58844fd4aaaa12f5f

reference_id

8b574e22b53aa4c5a35032a58844fd4aaaa12f5f

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:04:19Z/

url

https://github.com/grafana/grafana/commit/8b574e22b53aa4c5a35032a58844fd4aaaa12f5f

reference_url

https://github.com/grafana/grafana/commit/c022534e3848a5d45c0b3face23b43aa44e4400a

reference_id

c022534e3848a5d45c0b3face23b43aa44e4400a

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:04:19Z/

url

https://github.com/grafana/grafana/commit/c022534e3848a5d45c0b3face23b43aa44e4400a

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv

reference_id

GHSA-8xmm-x63g-f6xv

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:04:19Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv

reference_url	https://access.redhat.com/errata/RHSA-2023:6420
reference_id	RHSA-2023:6420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6420

fixed_packages

aliases

CVE-2022-23552

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-nhp5-mapc-6qc1

url

VCID-nm7f-bj7m-zybt

vulnerability_id

VCID-nm7f-bj7m-zybt

summary

Grafana Spoofing originalUrl of snapshots
To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient.
When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out:
• Snapshotname
• Expire
• Timeout(seconds)
After the user confirms creation of the snapshot (i.e. clicks the ”Local Snapshot” button) an HTTP POST request is sent to the Grafana server. The HTTP request contains additional parameters that are not visible in the web UI. The parameter originalUrl is not visible in the web UI, but sent in the HTTP POST request.

The value of the originalUrl parameter is automatically generated. The purpose of the presented originalUrl parameter is to provide a user that views the snapshot the possibility to click on the button in the Grafana web UI and be presented with the dashboard that the snapshot was made out of.

The value of the originalUrl parameter can be arbitrarily chosen by a malicious user that creates the snapshot (Note: by editing the query thanks to a web proxy like Burp)
When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The issue here is that the ”Open original dashboard” button no longer points to the to the real original dashboard but to the attacker’s (injected) URL.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39324.json

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39324.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39324

reference_id

reference_type

scores

value	0.00117
scoring_system	epss
scoring_elements	0.30549
published_at	2026-04-07T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30738
published_at	2026-04-04T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30691
published_at	2026-04-02T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36208
published_at	2026-04-16T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36166
published_at	2026-04-13T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36191
published_at	2026-04-12T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36223
published_at	2026-04-09T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36205
published_at	2026-04-08T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36228
published_at	2026-04-11T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.35911
published_at	2026-04-24T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36141
published_at	2026-04-21T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36192
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39324

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/grafana/grafana

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana

reference_url

https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:24Z/

url

https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a

reference_url

https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:24Z/

url

https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c

reference_url

https://github.com/grafana/grafana/pull/60232

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:24Z/

url

https://github.com/grafana/grafana/pull/60232

reference_url

https://github.com/grafana/grafana/pull/60256

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:24Z/

url

https://github.com/grafana/grafana/pull/60256

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:24Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-39324

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-39324

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2148252
reference_id	2148252
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2148252

reference_url	https://github.com/advisories/GHSA-4724-7jwc-3fpw
reference_id	GHSA-4724-7jwc-3fpw
reference_type
scores
url	https://github.com/advisories/GHSA-4724-7jwc-3fpw

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://access.redhat.com/errata/RHSA-2023:6420
reference_id	RHSA-2023:6420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6420

fixed_packages

aliases

CVE-2022-39324, GHSA-4724-7jwc-3fpw

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-nm7f-bj7m-zybt

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@9.2.10-7%3Farch=el9_3

Package Instance