Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/grafana@7.5.15-3?arch=el8

Type rpm

Namespace redhat

Name grafana

Version 7.5.15-3

Qualifiers

arch	el8

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-29pd-1pjc-kuds

vulnerability_id

VCID-29pd-1pjc-kuds

summary

Grafana proxy Cross-site Scripting
Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana.

Release v.8.3.5, only containing security fixes:

- [Download Grafana 8.3.5](https://grafana.com/grafana/download/8.3.5)
- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-5/)

Release v.7.5.15, only containing security fixes:

- [Download Grafana 7.5.15](https://grafana.com/grafana/download/7.5.15)
- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-15/)

## XSS ([CVE-2022-21702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702))

### Summary

On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources.

An attacker could serve HTML content through the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance.

We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).  

### Impact

Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.

### Affected versions with MEDIUM severity 

To be impacted, all of the following must be applicable:

**For data source proxy**:
 - A Grafana instance running version v2.0.0-beta1 up to v8.3.4.
 - A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set.
 - Attacker to be in control of the HTTP server serving the URL of above data source.
 - A specially crafted link pointing at http://host/api/datasources/proxy/"data source id" and attacker somehow tricks a user of the above Grafana instance to click/visit the link.
 - A user that’s already authenticated to above Grafana instance clicks on/visits the specially crafted link sent/provided by the attacker.

**For plugin proxy**:
- A Grafana instance running version v2.0.0-beta1 up to v8.3.4.
- A Grafana HTTP-based app plugin configured and enabled with a URL set.
- Attacker to be in control of the HTTP server serving the URL of above app.
- A specially crafted link pointing at http://host/api/plugin-proxy/"plugin id" and attacker somehow tricks a user of the above Grafana instance to click/visit the link.
- A user that’s already authenticated to above Grafana instance clicks on/visits the specially crafted link sent/provided by the attacker.

**Backend plugin resource**:
- A Grafana instance running version v7.0.0-beta1 up to v8.3.4.
- Attacker potentially needs to craft a custom plugin to be able to pull this off, but if an attacker can compromise/control the backend service that a backend plugin connects to, it might be possible to serve HTML content via the /api/plugins/"plugin Id"/resources* or /api/datasources/"id"/resources* routes.
- A specially crafted link pointing at /api/plugins/"plugin Id">/resources* or /api/datasources/"id"/resources* and attacker somehow tricks a user of the above Grafana instance to click/visit the link.
- A user that’s already authenticated to above Grafana instance clicks on/visits the specially crafted link sent/provided by the attacker.

### Root Causes
#### Trigger
Reproduced and confirmed via this Golang app:

```
package main

import (
	"fmt"
	"log"
	"net/http"
)

func main() {
	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprintf(w, "<html><body><script>alert('XSS');</script></body></html>")
	})

	log.Fatal(http.ListenAndServe(":3011", nil))
}
```

A Prometheus datasource is configured in Grafana with URL http://localhost:3011.

When visitining http://localhost:3000/api/datasources/proxy/170 the scripts declared in the HTML page executes. Confirmed in both Chrome and Firefox.

### Solutions and mitigations

All installations between Grafana v2.0.0-beta1 up to v8.3.4 should be upgraded as soon as possible.

#### Workarounds

Using a proxy, set a response header Content Security Policy: sandbox for the following routes:

`/api/datasources/proxy*`
`/api/plugin-proxy*`
`/api/plugins/<pluginId>/resources*`
`/api/datasources/<id>/resources*`

Another possible mitigation is setting the response header Content-Disposition: attachment; “proxy.txt”. Confirmed in both Chrome and Firefox.

### Timeline and postmortem

Here is a detailed timeline starting from when we originally learned of the issue. All times in UTC.

- 2022-01-16 16:19 Issue submitted by Jasu Viding
- 2022-01-17 14:40 CVSS score confirmed 6.8 at maximum and MEDIUM impact
- 2022-01-17 15:15 Vulnerability confirmed reproducible 
- 2022-01-17 16:01 Begin mitigation for Grafana Cloud
- 2022-01-18 15:12 Similar report received 
- 2022-01-19 09:57 CVE requested 
- 2022-01-19 13:21 PR with fix opened
- 2022-01-19 19:53 GitHub issues CVE-2022-21702
- 2022-01-20 12:43 Second similar report received
- 2022-01-21 14:30 Private release planned for 2022-01-25, and public release planned for 2022-02-01
- 2022-01-25 12:00 Private release with patches
- 2022-02-01 12:00 During the public release process, we realized that private 7.x release was incomplete. Abort public release, send second private release to customers using 7.x
- 2022-02-08 13:00 Public release

### Acknowledgement
We would like to thank Jasu Viding for responsibly disclosing the vulnerability.

### Reporting security issues

If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

### Security announcements

We maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.

You can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21702.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21702.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21702

reference_id

reference_type

scores

value	0.01184
scoring_system	epss
scoring_elements	0.78797
published_at	2026-04-21T12:55:00Z

value	0.01184
scoring_system	epss
scoring_elements	0.78825
published_at	2026-04-24T12:55:00Z

value	0.01244
scoring_system	epss
scoring_elements	0.79277
published_at	2026-04-13T12:55:00Z

value	0.01244
scoring_system	epss
scoring_elements	0.79289
published_at	2026-04-12T12:55:00Z

value	0.01244
scoring_system	epss
scoring_elements	0.79304
published_at	2026-04-11T12:55:00Z

value	0.01244
scoring_system	epss
scoring_elements	0.79273
published_at	2026-04-08T12:55:00Z

value	0.01244
scoring_system	epss
scoring_elements	0.79247
published_at	2026-04-07T12:55:00Z

value	0.01244
scoring_system	epss
scoring_elements	0.79262
published_at	2026-04-04T12:55:00Z

value	0.01244
scoring_system	epss
scoring_elements	0.7928
published_at	2026-04-09T12:55:00Z

value	0.01244
scoring_system	epss
scoring_elements	0.79301
published_at	2026-04-18T12:55:00Z

value	0.01244
scoring_system	epss
scoring_elements	0.79305
published_at	2026-04-16T12:55:00Z

value	0.01244
scoring_system	epss
scoring_elements	0.79239
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21702

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/grafana/grafana

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana

reference_url

https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/

url

https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g

reference_url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-21702

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21702

reference_url

https://security.netapp.com/advisory/ntap-20220303-0005

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220303-0005

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2050648
reference_id	2050648
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2050648

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_id

2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_id

36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

reference_id

grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/

url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_id

HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_url

https://security.netapp.com/advisory/ntap-20220303-0005/

reference_id

ntap-20220303-0005

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/

url

https://security.netapp.com/advisory/ntap-20220303-0005/

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

fixed_packages

aliases

CVE-2022-21702, GHSA-xc3p-28hw-q24g

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-29pd-1pjc-kuds

url

VCID-498g-zap2-vqag

vulnerability_id

VCID-498g-zap2-vqag

summary

Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30635.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30635.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30635

reference_id

reference_type

scores

value	0.00096
scoring_system	epss
scoring_elements	0.26617
published_at	2026-04-02T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26407
published_at	2026-04-21T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26445
published_at	2026-04-18T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26475
published_at	2026-04-16T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26468
published_at	2026-04-13T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26526
published_at	2026-04-12T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26571
published_at	2026-04-11T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26565
published_at	2026-04-09T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26516
published_at	2026-04-08T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26662
published_at	2026-04-04T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26447
published_at	2026-04-07T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29798
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30635

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107388
reference_id	2107388
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107388

reference_url

https://go.dev/cl/417064

reference_id

417064

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:44:14Z/

url

https://go.dev/cl/417064

reference_url

https://go.dev/issue/53615

reference_id

53615

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:44:14Z/

url

https://go.dev/issue/53615

reference_url

https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7

reference_id

6fa37e98ea4382bf881428ee0c150ce591500eb7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:44:14Z/

url

https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7

reference_url	https://security.gentoo.org/glsa/202208-02
reference_id	GLSA-202208-02
reference_type
scores
url	https://security.gentoo.org/glsa/202208-02

reference_url

https://pkg.go.dev/vuln/GO-2022-0526

reference_id

GO-2022-0526

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:44:14Z/

url

https://pkg.go.dev/vuln/GO-2022-0526

reference_url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_id

nqrv9fbR0zE

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:44:14Z/

url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_url	https://access.redhat.com/errata/RHSA-2022:5775
reference_id	RHSA-2022:5775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5775

reference_url	https://access.redhat.com/errata/RHSA-2022:5799
reference_id	RHSA-2022:5799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5799

reference_url	https://access.redhat.com/errata/RHSA-2022:5866
reference_id	RHSA-2022:5866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5866

reference_url	https://access.redhat.com/errata/RHSA-2022:6040
reference_id	RHSA-2022:6040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6040

reference_url	https://access.redhat.com/errata/RHSA-2022:6042
reference_id	RHSA-2022:6042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6042

reference_url	https://access.redhat.com/errata/RHSA-2022:6152
reference_id	RHSA-2022:6152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6152

reference_url	https://access.redhat.com/errata/RHSA-2022:6283
reference_id	RHSA-2022:6283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6283

reference_url	https://access.redhat.com/errata/RHSA-2022:7129
reference_id	RHSA-2022:7129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7129

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:7648
reference_id	RHSA-2022:7648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7648

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url	https://access.redhat.com/errata/RHSA-2022:8250
reference_id	RHSA-2022:8250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8250

reference_url	https://access.redhat.com/errata/RHSA-2022:8634
reference_id	RHSA-2022:8634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8634

reference_url	https://access.redhat.com/errata/RHSA-2022:9047
reference_id	RHSA-2022:9047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9047

reference_url	https://access.redhat.com/errata/RHSA-2023:0407
reference_id	RHSA-2023:0407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0407

reference_url	https://access.redhat.com/errata/RHSA-2023:0408
reference_id	RHSA-2023:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0408

reference_url	https://access.redhat.com/errata/RHSA-2023:1042
reference_id	RHSA-2023:1042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1042

reference_url	https://access.redhat.com/errata/RHSA-2023:1275
reference_id	RHSA-2023:1275
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1275

reference_url	https://access.redhat.com/errata/RHSA-2023:2357
reference_id	RHSA-2023:2357
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2357

reference_url	https://access.redhat.com/errata/RHSA-2023:2758
reference_id	RHSA-2023:2758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2758

reference_url	https://access.redhat.com/errata/RHSA-2023:2802
reference_id	RHSA-2023:2802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2802

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

reference_url	https://usn.ubuntu.com/6038-2/
reference_id	USN-6038-2
reference_type
scores
url	https://usn.ubuntu.com/6038-2/

fixed_packages

aliases

CVE-2022-30635

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-498g-zap2-vqag

url

VCID-5c67-zpsw-cyb2

vulnerability_id

VCID-5c67-zpsw-cyb2

summary

Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28131.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28131.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28131

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03218
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03227
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03234
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0324
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03261
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03191
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0317
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03143
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03153
published_at	2026-04-18T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03273
published_at	2026-04-21T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03267
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107390
reference_id	2107390
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107390

reference_url	https://security.gentoo.org/glsa/202208-02
reference_id	GLSA-202208-02
reference_type
scores
url	https://security.gentoo.org/glsa/202208-02

reference_url	https://access.redhat.com/errata/RHSA-2022:5775
reference_id	RHSA-2022:5775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5775

reference_url	https://access.redhat.com/errata/RHSA-2022:5799
reference_id	RHSA-2022:5799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5799

reference_url	https://access.redhat.com/errata/RHSA-2022:5866
reference_id	RHSA-2022:5866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5866

reference_url	https://access.redhat.com/errata/RHSA-2022:6040
reference_id	RHSA-2022:6040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6040

reference_url	https://access.redhat.com/errata/RHSA-2022:6042
reference_id	RHSA-2022:6042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6042

reference_url	https://access.redhat.com/errata/RHSA-2022:6113
reference_id	RHSA-2022:6113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6113

reference_url	https://access.redhat.com/errata/RHSA-2022:6152
reference_id	RHSA-2022:6152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6152

reference_url	https://access.redhat.com/errata/RHSA-2022:6188
reference_id	RHSA-2022:6188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6188

reference_url	https://access.redhat.com/errata/RHSA-2022:6283
reference_id	RHSA-2022:6283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6283

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:7529
reference_id	RHSA-2022:7529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7529

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url	https://access.redhat.com/errata/RHSA-2022:9047
reference_id	RHSA-2022:9047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9047

reference_url	https://access.redhat.com/errata/RHSA-2023:0407
reference_id	RHSA-2023:0407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0407

reference_url	https://access.redhat.com/errata/RHSA-2023:0408
reference_id	RHSA-2023:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0408

reference_url	https://access.redhat.com/errata/RHSA-2023:1042
reference_id	RHSA-2023:1042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1042

reference_url	https://access.redhat.com/errata/RHSA-2023:2758
reference_id	RHSA-2023:2758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2758

reference_url	https://access.redhat.com/errata/RHSA-2023:2802
reference_id	RHSA-2023:2802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2802

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

reference_url	https://usn.ubuntu.com/6038-2/
reference_id	USN-6038-2
reference_type
scores
url	https://usn.ubuntu.com/6038-2/

fixed_packages

aliases

CVE-2022-28131

risk_score

3.3

exploitability

0.5

weighted_severity

6.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-5c67-zpsw-cyb2

url

VCID-6189-d1tw-bfcp

vulnerability_id

VCID-6189-d1tw-bfcp

summary

Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30630.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30630.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30630

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11554
published_at	2026-04-02T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11471
published_at	2026-04-21T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11347
published_at	2026-04-18T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11486
published_at	2026-04-13T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11517
published_at	2026-04-12T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11551
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11541
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11482
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11609
published_at	2026-04-04T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11398
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13913
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30630

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107371
reference_id	2107371
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107371

reference_url

https://go.dev/cl/417065

reference_id

417065

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/

url

https://go.dev/cl/417065

reference_url

https://go.dev/issue/53415

reference_id

53415

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/

url

https://go.dev/issue/53415

reference_url

https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59

reference_id

fa2d41d0ca736f3ad6b200b2a4e134364e9acc59

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/

url

https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59

reference_url	https://security.gentoo.org/glsa/202208-02
reference_id	GLSA-202208-02
reference_type
scores
url	https://security.gentoo.org/glsa/202208-02

reference_url

https://pkg.go.dev/vuln/GO-2022-0527

reference_id

GO-2022-0527

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/

url

https://pkg.go.dev/vuln/GO-2022-0527

reference_url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_id

nqrv9fbR0zE

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/

url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_url	https://access.redhat.com/errata/RHSA-2022:5775
reference_id	RHSA-2022:5775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5775

reference_url	https://access.redhat.com/errata/RHSA-2022:5799
reference_id	RHSA-2022:5799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5799

reference_url	https://access.redhat.com/errata/RHSA-2022:5866
reference_id	RHSA-2022:5866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5866

reference_url	https://access.redhat.com/errata/RHSA-2022:6040
reference_id	RHSA-2022:6040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6040

reference_url	https://access.redhat.com/errata/RHSA-2022:6042
reference_id	RHSA-2022:6042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6042

reference_url	https://access.redhat.com/errata/RHSA-2022:6113
reference_id	RHSA-2022:6113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6113

reference_url	https://access.redhat.com/errata/RHSA-2022:6152
reference_id	RHSA-2022:6152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6152

reference_url	https://access.redhat.com/errata/RHSA-2022:6188
reference_id	RHSA-2022:6188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6188

reference_url	https://access.redhat.com/errata/RHSA-2022:6283
reference_id	RHSA-2022:6283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6283

reference_url	https://access.redhat.com/errata/RHSA-2022:6430
reference_id	RHSA-2022:6430
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6430

reference_url	https://access.redhat.com/errata/RHSA-2022:7129
reference_id	RHSA-2022:7129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7129

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:7529
reference_id	RHSA-2022:7529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7529

reference_url	https://access.redhat.com/errata/RHSA-2022:7648
reference_id	RHSA-2022:7648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7648

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url	https://access.redhat.com/errata/RHSA-2022:8098
reference_id	RHSA-2022:8098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8098

reference_url	https://access.redhat.com/errata/RHSA-2022:8250
reference_id	RHSA-2022:8250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8250

reference_url	https://access.redhat.com/errata/RHSA-2022:9047
reference_id	RHSA-2022:9047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9047

reference_url	https://access.redhat.com/errata/RHSA-2023:0407
reference_id	RHSA-2023:0407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0407

reference_url	https://access.redhat.com/errata/RHSA-2023:0408
reference_id	RHSA-2023:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0408

reference_url	https://access.redhat.com/errata/RHSA-2023:1042
reference_id	RHSA-2023:1042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1042

reference_url	https://access.redhat.com/errata/RHSA-2023:1275
reference_id	RHSA-2023:1275
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1275

reference_url	https://access.redhat.com/errata/RHSA-2023:1529
reference_id	RHSA-2023:1529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1529

reference_url	https://access.redhat.com/errata/RHSA-2023:2357
reference_id	RHSA-2023:2357
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2357

reference_url	https://access.redhat.com/errata/RHSA-2023:2758
reference_id	RHSA-2023:2758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2758

reference_url	https://access.redhat.com/errata/RHSA-2023:2802
reference_id	RHSA-2023:2802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2802

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://access.redhat.com/errata/RHSA-2024:2180
reference_id	RHSA-2024:2180
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2180

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

reference_url	https://usn.ubuntu.com/6038-2/
reference_id	USN-6038-2
reference_type
scores
url	https://usn.ubuntu.com/6038-2/

fixed_packages

aliases

CVE-2022-30630

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6189-d1tw-bfcp

url

VCID-81aw-mk9s-eydd

vulnerability_id

VCID-81aw-mk9s-eydd

summary

Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32148.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32148.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32148

reference_id

reference_type

scores

value	0.00056
scoring_system	epss
scoring_elements	0.17672
published_at	2026-04-02T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17406
published_at	2026-04-24T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17718
published_at	2026-04-04T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17438
published_at	2026-04-07T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.1753
published_at	2026-04-08T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17589
published_at	2026-04-09T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17605
published_at	2026-04-11T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17558
published_at	2026-04-12T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17505
published_at	2026-04-13T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17449
published_at	2026-04-16T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17458
published_at	2026-04-18T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17496
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32148

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107383
reference_id	2107383
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107383

reference_url

https://go.dev/cl/412857

reference_id

412857

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T08:15:49Z/

url

https://go.dev/cl/412857

reference_url

https://go.dev/issue/53423

reference_id

53423

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T08:15:49Z/

url

https://go.dev/issue/53423

reference_url

https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a

reference_id

b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T08:15:49Z/

url

https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a

reference_url	https://security.gentoo.org/glsa/202208-02
reference_id	GLSA-202208-02
reference_type
scores
url	https://security.gentoo.org/glsa/202208-02

reference_url

https://pkg.go.dev/vuln/GO-2022-0520

reference_id

GO-2022-0520

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T08:15:49Z/

url

https://pkg.go.dev/vuln/GO-2022-0520

reference_url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_id

nqrv9fbR0zE

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T08:15:49Z/

url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_url	https://access.redhat.com/errata/RHSA-2022:5775
reference_id	RHSA-2022:5775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5775

reference_url	https://access.redhat.com/errata/RHSA-2022:5799
reference_id	RHSA-2022:5799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5799

reference_url	https://access.redhat.com/errata/RHSA-2022:5866
reference_id	RHSA-2022:5866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5866

reference_url	https://access.redhat.com/errata/RHSA-2022:6040
reference_id	RHSA-2022:6040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6040

reference_url	https://access.redhat.com/errata/RHSA-2022:6042
reference_id	RHSA-2022:6042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6042

reference_url	https://access.redhat.com/errata/RHSA-2022:6113
reference_id	RHSA-2022:6113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6113

reference_url	https://access.redhat.com/errata/RHSA-2022:6152
reference_id	RHSA-2022:6152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6152

reference_url	https://access.redhat.com/errata/RHSA-2022:6183
reference_id	RHSA-2022:6183
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6183

reference_url	https://access.redhat.com/errata/RHSA-2022:6188
reference_id	RHSA-2022:6188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6188

reference_url	https://access.redhat.com/errata/RHSA-2022:6283
reference_id	RHSA-2022:6283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6283

reference_url	https://access.redhat.com/errata/RHSA-2022:6344
reference_id	RHSA-2022:6344
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6344

reference_url	https://access.redhat.com/errata/RHSA-2022:6430
reference_id	RHSA-2022:6430
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6430

reference_url	https://access.redhat.com/errata/RHSA-2022:7129
reference_id	RHSA-2022:7129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7129

reference_url	https://access.redhat.com/errata/RHSA-2022:7398
reference_id	RHSA-2022:7398
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7398

reference_url	https://access.redhat.com/errata/RHSA-2022:7399
reference_id	RHSA-2022:7399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7399

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:7529
reference_id	RHSA-2022:7529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7529

reference_url	https://access.redhat.com/errata/RHSA-2022:7648
reference_id	RHSA-2022:7648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7648

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url	https://access.redhat.com/errata/RHSA-2022:8250
reference_id	RHSA-2022:8250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8250

reference_url	https://access.redhat.com/errata/RHSA-2022:8626
reference_id	RHSA-2022:8626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8626

reference_url	https://access.redhat.com/errata/RHSA-2022:9047
reference_id	RHSA-2022:9047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9047

reference_url	https://access.redhat.com/errata/RHSA-2023:0407
reference_id	RHSA-2023:0407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0407

reference_url	https://access.redhat.com/errata/RHSA-2023:0408
reference_id	RHSA-2023:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0408

reference_url	https://access.redhat.com/errata/RHSA-2023:1042
reference_id	RHSA-2023:1042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1042

reference_url	https://access.redhat.com/errata/RHSA-2023:1275
reference_id	RHSA-2023:1275
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1275

reference_url	https://access.redhat.com/errata/RHSA-2023:2357
reference_id	RHSA-2023:2357
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2357

reference_url	https://access.redhat.com/errata/RHSA-2023:2758
reference_id	RHSA-2023:2758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2758

reference_url	https://access.redhat.com/errata/RHSA-2023:2802
reference_id	RHSA-2023:2802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2802

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

reference_url	https://usn.ubuntu.com/6038-2/
reference_id	USN-6038-2
reference_type
scores
url	https://usn.ubuntu.com/6038-2/

fixed_packages

aliases

CVE-2022-32148

risk_score

3.0

exploitability

0.5

weighted_severity

5.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-81aw-mk9s-eydd

url

VCID-86mk-kwg6-63h6

vulnerability_id

VCID-86mk-kwg6-63h6

summary

Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30633.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30633.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30633

reference_id

reference_type

scores

value	0.00096
scoring_system	epss
scoring_elements	0.26617
published_at	2026-04-02T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26342
published_at	2026-04-24T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26662
published_at	2026-04-04T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26447
published_at	2026-04-07T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26516
published_at	2026-04-08T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26565
published_at	2026-04-09T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26571
published_at	2026-04-11T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26526
published_at	2026-04-12T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26468
published_at	2026-04-13T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26475
published_at	2026-04-16T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26445
published_at	2026-04-18T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26407
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107392
reference_id	2107392
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107392

reference_url

https://go.dev/cl/417061

reference_id

417061

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:53:05Z/

url

https://go.dev/cl/417061

reference_url

https://go.dev/issue/53611

reference_id

53611

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:53:05Z/

url

https://go.dev/issue/53611

reference_url

https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08

reference_id

c4c1993fd2a5b26fe45c09592af6d3388a3b2e08

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:53:05Z/

url

https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08

reference_url	https://security.gentoo.org/glsa/202208-02
reference_id	GLSA-202208-02
reference_type
scores
url	https://security.gentoo.org/glsa/202208-02

reference_url

https://pkg.go.dev/vuln/GO-2022-0523

reference_id

GO-2022-0523

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:53:05Z/

url

https://pkg.go.dev/vuln/GO-2022-0523

reference_url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_id

nqrv9fbR0zE

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:53:05Z/

url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_url	https://access.redhat.com/errata/RHSA-2022:5775
reference_id	RHSA-2022:5775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5775

reference_url	https://access.redhat.com/errata/RHSA-2022:5799
reference_id	RHSA-2022:5799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5799

reference_url	https://access.redhat.com/errata/RHSA-2022:5866
reference_id	RHSA-2022:5866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5866

reference_url	https://access.redhat.com/errata/RHSA-2022:6040
reference_id	RHSA-2022:6040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6040

reference_url	https://access.redhat.com/errata/RHSA-2022:6042
reference_id	RHSA-2022:6042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6042

reference_url	https://access.redhat.com/errata/RHSA-2022:6113
reference_id	RHSA-2022:6113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6113

reference_url	https://access.redhat.com/errata/RHSA-2022:6152
reference_id	RHSA-2022:6152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6152

reference_url	https://access.redhat.com/errata/RHSA-2022:6188
reference_id	RHSA-2022:6188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6188

reference_url	https://access.redhat.com/errata/RHSA-2022:6283
reference_id	RHSA-2022:6283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6283

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:7529
reference_id	RHSA-2022:7529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7529

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url	https://access.redhat.com/errata/RHSA-2022:9047
reference_id	RHSA-2022:9047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9047

reference_url	https://access.redhat.com/errata/RHSA-2023:0407
reference_id	RHSA-2023:0407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0407

reference_url	https://access.redhat.com/errata/RHSA-2023:0408
reference_id	RHSA-2023:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0408

reference_url	https://access.redhat.com/errata/RHSA-2023:1042
reference_id	RHSA-2023:1042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1042

reference_url	https://access.redhat.com/errata/RHSA-2023:2758
reference_id	RHSA-2023:2758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2758

reference_url	https://access.redhat.com/errata/RHSA-2023:2802
reference_id	RHSA-2023:2802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2802

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

reference_url	https://usn.ubuntu.com/6038-2/
reference_id	USN-6038-2
reference_type
scores
url	https://usn.ubuntu.com/6038-2/

fixed_packages

aliases

CVE-2022-30633

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-86mk-kwg6-63h6

url

VCID-as38-uuy9-5qhu

vulnerability_id

VCID-as38-uuy9-5qhu

summary

golang: go/parser: stack exhaustion in all Parse* functions

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1962.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1962.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1962

reference_id

reference_type

scores

value	5e-05
scoring_system	epss
scoring_elements	0.00217
published_at	2026-04-08T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00219
published_at	2026-04-11T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00229
published_at	2026-04-24T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.0022
published_at	2026-04-04T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00218
published_at	2026-04-13T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00216
published_at	2026-04-09T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00221
published_at	2026-04-18T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00228
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107376
reference_id	2107376
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107376

reference_url

https://go.dev/cl/417063

reference_id

417063

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:32:02Z/

url

https://go.dev/cl/417063

reference_url

https://go.dev/issue/53616

reference_id

53616

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:32:02Z/

url

https://go.dev/issue/53616

reference_url

https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879

reference_id

695be961d57508da5a82217f7415200a11845879

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:32:02Z/

url

https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879

reference_url

https://pkg.go.dev/vuln/GO-2022-0515

reference_id

GO-2022-0515

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:32:02Z/

url

https://pkg.go.dev/vuln/GO-2022-0515

reference_url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_id

nqrv9fbR0zE

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:32:02Z/

url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_url	https://access.redhat.com/errata/RHSA-2022:5775
reference_id	RHSA-2022:5775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5775

reference_url	https://access.redhat.com/errata/RHSA-2022:5799
reference_id	RHSA-2022:5799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5799

reference_url	https://access.redhat.com/errata/RHSA-2022:5866
reference_id	RHSA-2022:5866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5866

reference_url	https://access.redhat.com/errata/RHSA-2022:6040
reference_id	RHSA-2022:6040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6040

reference_url	https://access.redhat.com/errata/RHSA-2022:6042
reference_id	RHSA-2022:6042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6042

reference_url	https://access.redhat.com/errata/RHSA-2022:6113
reference_id	RHSA-2022:6113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6113

reference_url	https://access.redhat.com/errata/RHSA-2022:6152
reference_id	RHSA-2022:6152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6152

reference_url	https://access.redhat.com/errata/RHSA-2022:6188
reference_id	RHSA-2022:6188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6188

reference_url	https://access.redhat.com/errata/RHSA-2022:6283
reference_id	RHSA-2022:6283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6283

reference_url	https://access.redhat.com/errata/RHSA-2022:6430
reference_id	RHSA-2022:6430
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6430

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:7529
reference_id	RHSA-2022:7529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7529

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url	https://access.redhat.com/errata/RHSA-2022:9047
reference_id	RHSA-2022:9047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9047

reference_url	https://access.redhat.com/errata/RHSA-2023:0407
reference_id	RHSA-2023:0407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0407

reference_url	https://access.redhat.com/errata/RHSA-2023:0408
reference_id	RHSA-2023:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0408

reference_url	https://access.redhat.com/errata/RHSA-2023:1042
reference_id	RHSA-2023:1042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1042

reference_url	https://access.redhat.com/errata/RHSA-2023:2758
reference_id	RHSA-2023:2758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2758

reference_url	https://access.redhat.com/errata/RHSA-2023:2802
reference_id	RHSA-2023:2802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2802

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2024:1027
reference_id	RHSA-2024:1027
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1027

reference_url	https://access.redhat.com/errata/RHSA-2024:1433
reference_id	RHSA-2024:1433
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1433

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

fixed_packages

aliases

CVE-2022-1962

risk_score

2.5

exploitability

0.5

weighted_severity

5.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-as38-uuy9-5qhu

url

VCID-f5qg-jth9-hycf

vulnerability_id

VCID-f5qg-jth9-hycf

summary

Uncontrolled Resource Consumption in promhttp
This is the Go client library for Prometheus. It has two separate parts, one for instrumenting application code, and one for creating clients that talk to the Prometheus HTTP API. client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients.

### Impact

HTTP server susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods.

### Affected Configuration

In order to be affected, an instrumented software must

* Use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`.
* Do not filter any specific methods (e.g GET) before middleware.
* Pass metric with `method` label name to our middleware.
* Not have any firewall/LB/proxy that filters away requests with unknown `method`.

### Patches

* https://github.com/prometheus/client_golang/pull/962
* https://github.com/prometheus/client_golang/pull/987

### Workarounds

If you cannot upgrade to [v1.11.1 or above](https://github.com/prometheus/client_golang/releases/tag/v1.11.1), in order to stop being affected you can:

* Remove `method` label name from counter/gauge you use in the InstrumentHandler.
* Turn off affected promhttp handlers.
* Add custom middleware before promhttp handler that will sanitize the request method given by Go http.Request.
* Use a reverse proxy or web application firewall, configured to only allow a limited set of methods.

### For more information

If you have any questions or comments about this advisory:

* Open an issue in https://github.com/prometheus/client_golang
* Email us at `prometheus-team@googlegroups.com`

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21698.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21698.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21698

reference_id

reference_type

scores

value	0.00279
scoring_system	epss
scoring_elements	0.51287
published_at	2026-04-24T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.5134
published_at	2026-04-21T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51266
published_at	2026-04-02T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.5136
published_at	2026-04-18T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51352
published_at	2026-04-16T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51302
published_at	2026-04-09T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51346
published_at	2026-04-11T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51306
published_at	2026-04-08T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51291
published_at	2026-04-04T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51251
published_at	2026-04-07T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51312
published_at	2026-04-13T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51325
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21698

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/prometheus/client_golang

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/prometheus/client_golang

reference_url

https://github.com/prometheus/client_golang/pull/962

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://github.com/prometheus/client_golang/pull/962

reference_url

https://github.com/prometheus/client_golang/pull/987

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://github.com/prometheus/client_golang/pull/987

reference_url

https://github.com/prometheus/client_golang/releases/tag/v1.11.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://github.com/prometheus/client_golang/releases/tag/v1.11.1

reference_url

https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-21698

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21698

reference_url

https://pkg.go.dev/vuln/GO-2022-0322

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2022-0322

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008008
reference_id	1008008
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008008

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2045880
reference_id	2045880
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2045880

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/

reference_id

2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_id

2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_id

36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA/

reference_id

3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/

reference_id

4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7/

reference_id

5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5/

reference_id

7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX/

reference_id

AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/

reference_id

DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/

reference_id

FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_id

HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/

reference_id

J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ/

reference_id

KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN/

reference_id

MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN/

reference_url	https://access.redhat.com/errata/RHSA-2022:1356
reference_id	RHSA-2022:1356
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1356

reference_url	https://access.redhat.com/errata/RHSA-2022:1461
reference_id	RHSA-2022:1461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1461

reference_url	https://access.redhat.com/errata/RHSA-2022:1762
reference_id	RHSA-2022:1762
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1762

reference_url	https://access.redhat.com/errata/RHSA-2022:2216
reference_id	RHSA-2022:2216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2216

reference_url	https://access.redhat.com/errata/RHSA-2022:2217
reference_id	RHSA-2022:2217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2217

reference_url	https://access.redhat.com/errata/RHSA-2022:2218
reference_id	RHSA-2022:2218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2218

reference_url	https://access.redhat.com/errata/RHSA-2022:2280
reference_id	RHSA-2022:2280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2280

reference_url	https://access.redhat.com/errata/RHSA-2022:4667
reference_id	RHSA-2022:4667
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4667

reference_url	https://access.redhat.com/errata/RHSA-2022:5026
reference_id	RHSA-2022:5026
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5026

reference_url	https://access.redhat.com/errata/RHSA-2022:5068
reference_id	RHSA-2022:5068
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5068

reference_url	https://access.redhat.com/errata/RHSA-2022:5069
reference_id	RHSA-2022:5069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5069

reference_url	https://access.redhat.com/errata/RHSA-2022:5070
reference_id	RHSA-2022:5070
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5070

reference_url	https://access.redhat.com/errata/RHSA-2022:6040
reference_id	RHSA-2022:6040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6040

reference_url	https://access.redhat.com/errata/RHSA-2022:6042
reference_id	RHSA-2022:6042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6042

reference_url	https://access.redhat.com/errata/RHSA-2022:6051
reference_id	RHSA-2022:6051
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6051

reference_url	https://access.redhat.com/errata/RHSA-2022:6061
reference_id	RHSA-2022:6061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6061

reference_url	https://access.redhat.com/errata/RHSA-2022:6066
reference_id	RHSA-2022:6066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6066

reference_url	https://access.redhat.com/errata/RHSA-2022:6156
reference_id	RHSA-2022:6156
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6156

reference_url	https://access.redhat.com/errata/RHSA-2022:6290
reference_id	RHSA-2022:6290
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6290

reference_url	https://access.redhat.com/errata/RHSA-2022:6430
reference_id	RHSA-2022:6430
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6430

reference_url	https://access.redhat.com/errata/RHSA-2022:6537
reference_id	RHSA-2022:6537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6537

reference_url	https://access.redhat.com/errata/RHSA-2022:7261
reference_id	RHSA-2022:7261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7261

reference_url	https://access.redhat.com/errata/RHSA-2022:7399
reference_id	RHSA-2022:7399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7399

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:7529
reference_id	RHSA-2022:7529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7529

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url	https://access.redhat.com/errata/RHSA-2022:9096
reference_id	RHSA-2022:9096
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9096

reference_url	https://access.redhat.com/errata/RHSA-2023:0566
reference_id	RHSA-2023:0566
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0566

reference_url	https://access.redhat.com/errata/RHSA-2023:0652
reference_id	RHSA-2023:0652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0652

reference_url	https://access.redhat.com/errata/RHSA-2023:1158
reference_id	RHSA-2023:1158
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1158

reference_url	https://access.redhat.com/errata/RHSA-2023:1326
reference_id	RHSA-2023:1326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1326

reference_url	https://access.redhat.com/errata/RHSA-2023:2014
reference_id	RHSA-2023:2014
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2014

reference_url	https://access.redhat.com/errata/RHSA-2023:5314
reference_id	RHSA-2023:5314
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5314

reference_url	https://access.redhat.com/errata/RHSA-2024:0564
reference_id	RHSA-2024:0564
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0564

reference_url	https://access.redhat.com/errata/RHSA-2024:2944
reference_id	RHSA-2024:2944
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2944

reference_url	https://access.redhat.com/errata/RHSA-2024:4631
reference_id	RHSA-2024:4631
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4631

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7/

reference_id

RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR/

reference_id

SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG/

reference_id

ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/

reference_id

ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/

fixed_packages

aliases

CVE-2022-21698, GHSA-cg3q-j54f-5p7p

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-f5qg-jth9-hycf

url

VCID-g45u-nf13-euee

vulnerability_id

VCID-g45u-nf13-euee

summary

Grafana Cross Site Request Forgery (CSRF)
Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for Cross Site Request Forgery for Grafana.

Release v.8.3.5, only containing security fixes:

- [Download Grafana 8.3.5](https://grafana.com/grafana/download/8.3.5)
- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-5/)

Release v.7.5.15, only containing security fixes:

- [Download Grafana 7.5.15](https://grafana.com/grafana/download/7.5.15)
- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-15/)

## CSRF ([CVE-2022-21703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703))

### Summary
On Jan. 18, security researchers [jub0bs](https://twitter.com/jub0bs) and [abrahack](https://twitter.com/theabrahack) contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). 

We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). 

### Impact
An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. 

### Affected versions with MEDIUM severity 
All Grafana >=3.0-beta1 versions are affected by this vulnerability.

### Solutions and mitigations

All installations after Grafana v3.0-beta1 should be upgraded as soon as possible.

Note that if you are running Grafana behind any reverse proxy, you need to make sure that you are passing the original Host and Origin headers from the client request to Grafana.

In the case of Apache Server, you need to add `ProxyPreserveHost on` in your proxy [configuration](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html). In case of NGINX, you can need to add `proxy_set_header Host $http_host;` in your [configuration](http://nginx.org/en/docs/http/ngx_http_proxy_module.html).

Appropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud) and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana.

### Timeline and postmortem

Here is a detailed timeline starting from when we originally learned of the issue. All times in UTC.
- 2022-01-18 03:00 Issue submitted by external researchers
- 2022-01-18 17:25 Vulnerability confirmed reproducible 
- 2022-01-19 07:40 CVSS score confirmed 6.8 at maximum and MEDIUM impact
- 2022-01-19 07:40 Begin mitigation for Grafana Cloud
- 2022-01-19 17:00 CVE requested 
- 2022-01-19 19:50 GitHub issues CVE-2022-21703
- 2022-01-21 10:50 PR with fix opened
- 2022-01-21 14:13 Private release planned for 2022-01-25, and public release planned for 2022-02-01.
- 2022-01-25 12:00 Private release
- 2022-02-01 12:00 During the public release process, we realized that private 7.x release was incomplete. Abort public release, send second private release to customers using 7.x
- 2022-02-08 12:00 Public release

### Acknowledgement

We would like to thank [jub0bs](https://twitter.com/jub0bs) and [abrahack](https://twitter.com/theabrahack) for responsibly disclosing the vulnerability.

### Reporting security issues

If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

### Security announcements

We maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.

You can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21703.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21703.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21703

reference_id

reference_type

scores

value	0.01422
scoring_system	epss
scoring_elements	0.80662
published_at	2026-04-24T12:55:00Z

value	0.01422
scoring_system	epss
scoring_elements	0.80637
published_at	2026-04-21T12:55:00Z

value	0.01869
scoring_system	epss
scoring_elements	0.83103
published_at	2026-04-11T12:55:00Z

value	0.01869
scoring_system	epss
scoring_elements	0.83131
published_at	2026-04-18T12:55:00Z

value	0.01869
scoring_system	epss
scoring_elements	0.83087
published_at	2026-04-09T12:55:00Z

value	0.01869
scoring_system	epss
scoring_elements	0.8308
published_at	2026-04-08T12:55:00Z

value	0.01869
scoring_system	epss
scoring_elements	0.83055
published_at	2026-04-07T12:55:00Z

value	0.01869
scoring_system	epss
scoring_elements	0.83057
published_at	2026-04-04T12:55:00Z

value	0.01869
scoring_system	epss
scoring_elements	0.83044
published_at	2026-04-02T12:55:00Z

value	0.01869
scoring_system	epss
scoring_elements	0.83092
published_at	2026-04-13T12:55:00Z

value	0.01869
scoring_system	epss
scoring_elements	0.83097
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21703

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/grafana/grafana/pull/45083

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/

url

https://github.com/grafana/grafana/pull/45083

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w

reference_url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-21703

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21703

reference_url

https://security.netapp.com/advisory/ntap-20220303-0005

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220303-0005

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2050742
reference_id	2050742
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2050742

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_id

2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_id

36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

reference_id

grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/

url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_id

HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_url

https://security.netapp.com/advisory/ntap-20220303-0005/

reference_id

ntap-20220303-0005

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/

url

https://security.netapp.com/advisory/ntap-20220303-0005/

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

fixed_packages

aliases

CVE-2022-21703, GHSA-cmf4-h3xc-jw8w

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-g45u-nf13-euee

url

VCID-g8y7-jdy7-afdh

vulnerability_id

VCID-g8y7-jdy7-afdh

summary

Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30632.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30632.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30632

reference_id

reference_type

scores

value	0.00096
scoring_system	epss
scoring_elements	0.26617
published_at	2026-04-02T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26662
published_at	2026-04-04T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26447
published_at	2026-04-07T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26516
published_at	2026-04-08T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26565
published_at	2026-04-09T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26571
published_at	2026-04-11T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26445
published_at	2026-04-18T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26407
published_at	2026-04-21T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26526
published_at	2026-04-12T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26468
published_at	2026-04-13T12:55:00Z

value	0.00096
scoring_system	epss
scoring_elements	0.26475
published_at	2026-04-16T12:55:00Z

value	0.00114
scoring_system	epss
scoring_elements	0.29798
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30632

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107386
reference_id	2107386
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107386

reference_url	https://security.gentoo.org/glsa/202208-02
reference_id	GLSA-202208-02
reference_type
scores
url	https://security.gentoo.org/glsa/202208-02

reference_url	https://access.redhat.com/errata/RHSA-2022:5775
reference_id	RHSA-2022:5775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5775

reference_url	https://access.redhat.com/errata/RHSA-2022:5799
reference_id	RHSA-2022:5799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5799

reference_url	https://access.redhat.com/errata/RHSA-2022:5866
reference_id	RHSA-2022:5866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5866

reference_url	https://access.redhat.com/errata/RHSA-2022:6040
reference_id	RHSA-2022:6040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6040

reference_url	https://access.redhat.com/errata/RHSA-2022:6042
reference_id	RHSA-2022:6042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6042

reference_url	https://access.redhat.com/errata/RHSA-2022:6113
reference_id	RHSA-2022:6113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6113

reference_url	https://access.redhat.com/errata/RHSA-2022:6152
reference_id	RHSA-2022:6152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6152

reference_url	https://access.redhat.com/errata/RHSA-2022:6188
reference_id	RHSA-2022:6188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6188

reference_url	https://access.redhat.com/errata/RHSA-2022:6283
reference_id	RHSA-2022:6283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6283

reference_url	https://access.redhat.com/errata/RHSA-2022:7058
reference_id	RHSA-2022:7058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7058

reference_url	https://access.redhat.com/errata/RHSA-2022:7129
reference_id	RHSA-2022:7129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7129

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:7529
reference_id	RHSA-2022:7529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7529

reference_url	https://access.redhat.com/errata/RHSA-2022:7648
reference_id	RHSA-2022:7648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7648

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url	https://access.redhat.com/errata/RHSA-2022:8098
reference_id	RHSA-2022:8098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8098

reference_url	https://access.redhat.com/errata/RHSA-2022:8250
reference_id	RHSA-2022:8250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8250

reference_url	https://access.redhat.com/errata/RHSA-2022:8634
reference_id	RHSA-2022:8634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8634

reference_url	https://access.redhat.com/errata/RHSA-2022:9047
reference_id	RHSA-2022:9047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9047

reference_url	https://access.redhat.com/errata/RHSA-2023:0407
reference_id	RHSA-2023:0407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0407

reference_url	https://access.redhat.com/errata/RHSA-2023:0408
reference_id	RHSA-2023:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0408

reference_url	https://access.redhat.com/errata/RHSA-2023:1042
reference_id	RHSA-2023:1042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1042

reference_url	https://access.redhat.com/errata/RHSA-2023:1275
reference_id	RHSA-2023:1275
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1275

reference_url	https://access.redhat.com/errata/RHSA-2023:1529
reference_id	RHSA-2023:1529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1529

reference_url	https://access.redhat.com/errata/RHSA-2023:2357
reference_id	RHSA-2023:2357
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2357

reference_url	https://access.redhat.com/errata/RHSA-2023:2758
reference_id	RHSA-2023:2758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2758

reference_url	https://access.redhat.com/errata/RHSA-2023:2802
reference_id	RHSA-2023:2802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2802

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://access.redhat.com/errata/RHSA-2024:2180
reference_id	RHSA-2024:2180
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2180

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

reference_url	https://usn.ubuntu.com/6038-2/
reference_id	USN-6038-2
reference_type
scores
url	https://usn.ubuntu.com/6038-2/

fixed_packages

aliases

CVE-2022-30632

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-g8y7-jdy7-afdh

url

VCID-kgdc-2fzk-1uc6

vulnerability_id

VCID-kgdc-2fzk-1uc6

summary

Grafana API IDOR
Today we are releasing Grafana 8.3.5 and 7.5.14. This patch release includes MEDIUM severity security fix for Grafana Teams API IDOR.

Release v.8.3.5, only containing security fixes:

- [Download Grafana 8.3.5](https://grafana.com/grafana/download/8.3.5)
- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-5/)

Release v.7.5.15, only containing security fixes:

- [Download Grafana 7.5.15](https://grafana.com/grafana/download/7.5.15)
- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-15/)

## Teams API IDOR([CVE-2022-21713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713))

On Jan. 18, an external security researcher, Kürşad ALSAN from [NSPECT.IO](https://www.nspect.io) ([@nspectio](https://twitter.com/nspectio) on Twitter), contacted Grafana to disclose an IDOR (Insecure Direct Object Reference) vulnerability on Grafana Teams APIs.

We believe that this vulnerability is rated at CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).  

### Impact

This vulnerability only impacts the following API endpoints:

- `/teams/:teamId` - an authenticated attacker can view unintended data by querying for the specific team ID.
- `/teams/:search` - an authenticated attacker can search for teams and see the total number of available teams, including for those teams that the user does not have access to.
- `/teams/:teamId/members` - when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.

### Affected versions with MEDIUM severity 
All Grafana >=5.0.0-beta1 versions are affected by this vulnerability.

### Solutions and mitigations

All installations after Grafana v5.0.0-beta1 should be upgraded as soon as possible.

Appropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud) and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana.

### Timeline and postmortem

Here is a detailed timeline starting from when we originally learned of the issue. All times in UTC.

- 2022-01-18 05:000 Issue submitted by external researcher
- 2022-01-21 17:45 Issue escalated and the vulnerability confirmed reproducible
- 2022-01-24 13:37 CVE requested
- 2022-01-24 14:40 Private release planned for 2022-01-25, and public release planned for 2022-02-01.
- 2022-01-24 17:00 PR with fix opened
- 2022-01-24 19:00 GitHub has issued CVE-2022-21713 
- 2022-01-25 12:00 Private release
- 2022-02-01 12:00 During public release process, we realized that private 7.x release was incomplete. Abort public release, send second private release to customers using 7.x
- 2022-02-08 13:00 Public release

### Acknowledgements
We would like to thank Kürşad ALSAN from [NSPECT.IO](https://www.nspect.io) ([@nspectio](https://twitter.com/nspectio) on Twitter) for responsibly disclosing the vulnerability.

### Reporting security issues

If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

### Security announcements

We maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.

You can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21713.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21713.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21713

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.40288
published_at	2026-04-04T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40264
published_at	2026-04-02T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.39994
published_at	2026-04-24T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40168
published_at	2026-04-21T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40244
published_at	2026-04-18T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40275
published_at	2026-04-16T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40274
published_at	2026-04-09T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40263
published_at	2026-04-08T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40286
published_at	2026-04-11T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40228
published_at	2026-04-13T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40248
published_at	2026-04-12T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.4021
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21713

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/grafana/grafana

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/grafana/grafana

reference_url

https://github.com/grafana/grafana/pull/45083

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/

url

https://github.com/grafana/grafana/pull/45083

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv

reference_url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-21713

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21713

reference_url

https://security.netapp.com/advisory/ntap-20220303-0005

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220303-0005

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2050743
reference_id	2050743
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2050743

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_id

2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_id

36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

reference_id

grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/

url

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_id

HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_url

https://security.netapp.com/advisory/ntap-20220303-0005/

reference_id

ntap-20220303-0005

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/

url

https://security.netapp.com/advisory/ntap-20220303-0005/

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

fixed_packages

aliases

CVE-2022-21713, GHSA-63g3-9jq3-mccv

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-kgdc-2fzk-1uc6

url

VCID-ps89-8u5a-kfc8

vulnerability_id

VCID-ps89-8u5a-kfc8

summary

Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1705.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1705.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1705

reference_id

reference_type

scores

value	0.00053
scoring_system	epss
scoring_elements	0.16637
published_at	2026-04-01T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1681
published_at	2026-04-02T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16555
published_at	2026-04-24T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16867
published_at	2026-04-04T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16652
published_at	2026-04-07T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16737
published_at	2026-04-08T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16791
published_at	2026-04-09T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16771
published_at	2026-04-11T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16727
published_at	2026-04-12T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1667
published_at	2026-04-13T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16606
published_at	2026-04-16T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16615
published_at	2026-04-18T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16653
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107374
reference_id	2107374
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107374

reference_url

https://go.dev/cl/409874

reference_id

409874

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/

url

https://go.dev/cl/409874

reference_url

https://go.dev/cl/410714

reference_id

410714

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/

url

https://go.dev/cl/410714

reference_url

https://go.dev/issue/53188

reference_id

53188

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/

url

https://go.dev/issue/53188

reference_url

https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f

reference_id

e5017a93fcde94f09836200bca55324af037ee5f

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/

url

https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f

reference_url	https://security.gentoo.org/glsa/202208-02
reference_id	GLSA-202208-02
reference_type
scores
url	https://security.gentoo.org/glsa/202208-02

reference_url

https://pkg.go.dev/vuln/GO-2022-0525

reference_id

GO-2022-0525

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/

url

https://pkg.go.dev/vuln/GO-2022-0525

reference_url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_id

nqrv9fbR0zE

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/

url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_url	https://access.redhat.com/errata/RHSA-2022:5068
reference_id	RHSA-2022:5068
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5068

reference_url	https://access.redhat.com/errata/RHSA-2022:5775
reference_id	RHSA-2022:5775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5775

reference_url	https://access.redhat.com/errata/RHSA-2022:5799
reference_id	RHSA-2022:5799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5799

reference_url	https://access.redhat.com/errata/RHSA-2022:5866
reference_id	RHSA-2022:5866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5866

reference_url	https://access.redhat.com/errata/RHSA-2022:6040
reference_id	RHSA-2022:6040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6040

reference_url	https://access.redhat.com/errata/RHSA-2022:6042
reference_id	RHSA-2022:6042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6042

reference_url	https://access.redhat.com/errata/RHSA-2022:6113
reference_id	RHSA-2022:6113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6113

reference_url	https://access.redhat.com/errata/RHSA-2022:6152
reference_id	RHSA-2022:6152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6152

reference_url	https://access.redhat.com/errata/RHSA-2022:6183
reference_id	RHSA-2022:6183
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6183

reference_url	https://access.redhat.com/errata/RHSA-2022:6187
reference_id	RHSA-2022:6187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6187

reference_url	https://access.redhat.com/errata/RHSA-2022:6188
reference_id	RHSA-2022:6188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6188

reference_url	https://access.redhat.com/errata/RHSA-2022:6283
reference_id	RHSA-2022:6283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6283

reference_url	https://access.redhat.com/errata/RHSA-2022:6344
reference_id	RHSA-2022:6344
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6344

reference_url	https://access.redhat.com/errata/RHSA-2022:6430
reference_id	RHSA-2022:6430
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6430

reference_url	https://access.redhat.com/errata/RHSA-2022:7129
reference_id	RHSA-2022:7129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7129

reference_url	https://access.redhat.com/errata/RHSA-2022:7398
reference_id	RHSA-2022:7398
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7398

reference_url	https://access.redhat.com/errata/RHSA-2022:7399
reference_id	RHSA-2022:7399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7399

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:7529
reference_id	RHSA-2022:7529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7529

reference_url	https://access.redhat.com/errata/RHSA-2022:7648
reference_id	RHSA-2022:7648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7648

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url	https://access.redhat.com/errata/RHSA-2022:8098
reference_id	RHSA-2022:8098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8098

reference_url	https://access.redhat.com/errata/RHSA-2022:8250
reference_id	RHSA-2022:8250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8250

reference_url	https://access.redhat.com/errata/RHSA-2022:8626
reference_id	RHSA-2022:8626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8626

reference_url	https://access.redhat.com/errata/RHSA-2022:9047
reference_id	RHSA-2022:9047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9047

reference_url	https://access.redhat.com/errata/RHSA-2023:0407
reference_id	RHSA-2023:0407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0407

reference_url	https://access.redhat.com/errata/RHSA-2023:0408
reference_id	RHSA-2023:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0408

reference_url	https://access.redhat.com/errata/RHSA-2023:1042
reference_id	RHSA-2023:1042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1042

reference_url	https://access.redhat.com/errata/RHSA-2023:1275
reference_id	RHSA-2023:1275
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1275

reference_url	https://access.redhat.com/errata/RHSA-2023:1529
reference_id	RHSA-2023:1529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1529

reference_url	https://access.redhat.com/errata/RHSA-2023:2357
reference_id	RHSA-2023:2357
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2357

reference_url	https://access.redhat.com/errata/RHSA-2023:2758
reference_id	RHSA-2023:2758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2758

reference_url	https://access.redhat.com/errata/RHSA-2023:2802
reference_id	RHSA-2023:2802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2802

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

reference_url	https://usn.ubuntu.com/6038-2/
reference_id	USN-6038-2
reference_type
scores
url	https://usn.ubuntu.com/6038-2/

fixed_packages

aliases

CVE-2022-1705

risk_score

3.0

exploitability

0.5

weighted_severity

5.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ps89-8u5a-kfc8

url

VCID-v8hn-wm59-kugt

vulnerability_id

VCID-v8hn-wm59-kugt

summary

grafana: Forward OAuth Identity Token can allow users to access some data sources

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21673.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21673.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21673

reference_id

reference_type

scores

value	0.00521
scoring_system	epss
scoring_elements	0.66828
published_at	2026-04-02T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66916
published_at	2026-04-24T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66853
published_at	2026-04-04T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66825
published_at	2026-04-07T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66874
published_at	2026-04-08T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66888
published_at	2026-04-09T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66908
published_at	2026-04-11T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66894
published_at	2026-04-12T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66862
published_at	2026-04-13T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66895
published_at	2026-04-16T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66909
published_at	2026-04-18T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.66891
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21673

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2044628
reference_id	2044628
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2044628

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_id

2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_id

36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_url

https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4

reference_id

GHSA-8wjh-59cw-9xh4

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/

url

https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_id

HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_url

https://security.netapp.com/advisory/ntap-20220303-0004/

reference_id

ntap-20220303-0004

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/

url

https://security.netapp.com/advisory/ntap-20220303-0004/

reference_url	https://access.redhat.com/errata/RHSA-2022:0056
reference_id	RHSA-2022:0056
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0056

reference_url	https://access.redhat.com/errata/RHSA-2022:6024
reference_id	RHSA-2022:6024
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6024

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url

https://github.com/grafana/grafana/releases/tag/v7.5.13

reference_id

v7.5.13

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/

url

https://github.com/grafana/grafana/releases/tag/v7.5.13

reference_url

https://github.com/grafana/grafana/releases/tag/v8.3.4

reference_id

v8.3.4

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/

url

https://github.com/grafana/grafana/releases/tag/v8.3.4

fixed_packages

aliases

CVE-2022-21673

risk_score

1.9

exploitability

0.5

weighted_severity

3.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-v8hn-wm59-kugt

url

VCID-vxks-1bkp-6bd5

vulnerability_id

VCID-vxks-1bkp-6bd5

summary

Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30631.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30631.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30631

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.12478
published_at	2026-04-02T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.1239
published_at	2026-04-24T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12521
published_at	2026-04-04T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12328
published_at	2026-04-07T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12408
published_at	2026-04-08T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12458
published_at	2026-04-09T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12464
published_at	2026-04-11T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12425
published_at	2026-04-12T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12385
published_at	2026-04-13T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12286
published_at	2026-04-18T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12389
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30631

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107342
reference_id	2107342
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107342

reference_url

https://go.dev/cl/417067

reference_id

417067

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T17:51:07Z/

url

https://go.dev/cl/417067

reference_url

https://go.dev/issue/53168

reference_id

53168

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T17:51:07Z/

url

https://go.dev/issue/53168

reference_url

https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e

reference_id

b2b8872c876201eac2d0707276c6999ff3eb185e

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T17:51:07Z/

url

https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e

reference_url	https://security.gentoo.org/glsa/202208-02
reference_id	GLSA-202208-02
reference_type
scores
url	https://security.gentoo.org/glsa/202208-02

reference_url

https://pkg.go.dev/vuln/GO-2022-0524

reference_id

GO-2022-0524

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T17:51:07Z/

url

https://pkg.go.dev/vuln/GO-2022-0524

reference_url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_id

nqrv9fbR0zE

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T17:51:07Z/

url

https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

reference_url	https://access.redhat.com/errata/RHSA-2022:5775
reference_id	RHSA-2022:5775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5775

reference_url	https://access.redhat.com/errata/RHSA-2022:5799
reference_id	RHSA-2022:5799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5799

reference_url	https://access.redhat.com/errata/RHSA-2022:5866
reference_id	RHSA-2022:5866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5866

reference_url	https://access.redhat.com/errata/RHSA-2022:5875
reference_id	RHSA-2022:5875
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5875

reference_url	https://access.redhat.com/errata/RHSA-2022:5879
reference_id	RHSA-2022:5879
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5879

reference_url	https://access.redhat.com/errata/RHSA-2022:5923
reference_id	RHSA-2022:5923
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5923

reference_url	https://access.redhat.com/errata/RHSA-2022:5924
reference_id	RHSA-2022:5924
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5924

reference_url	https://access.redhat.com/errata/RHSA-2022:6040
reference_id	RHSA-2022:6040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6040

reference_url	https://access.redhat.com/errata/RHSA-2022:6042
reference_id	RHSA-2022:6042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6042

reference_url	https://access.redhat.com/errata/RHSA-2022:6051
reference_id	RHSA-2022:6051
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6051

reference_url	https://access.redhat.com/errata/RHSA-2022:6053
reference_id	RHSA-2022:6053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6053

reference_url	https://access.redhat.com/errata/RHSA-2022:6061
reference_id	RHSA-2022:6061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6061

reference_url	https://access.redhat.com/errata/RHSA-2022:6062
reference_id	RHSA-2022:6062
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6062

reference_url	https://access.redhat.com/errata/RHSA-2022:6065
reference_id	RHSA-2022:6065
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6065

reference_url	https://access.redhat.com/errata/RHSA-2022:6066
reference_id	RHSA-2022:6066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6066

reference_url	https://access.redhat.com/errata/RHSA-2022:6103
reference_id	RHSA-2022:6103
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6103

reference_url	https://access.redhat.com/errata/RHSA-2022:6113
reference_id	RHSA-2022:6113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6113

reference_url	https://access.redhat.com/errata/RHSA-2022:6152
reference_id	RHSA-2022:6152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6152

reference_url	https://access.redhat.com/errata/RHSA-2022:6182
reference_id	RHSA-2022:6182
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6182

reference_url	https://access.redhat.com/errata/RHSA-2022:6183
reference_id	RHSA-2022:6183
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6183

reference_url	https://access.redhat.com/errata/RHSA-2022:6184
reference_id	RHSA-2022:6184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6184

reference_url	https://access.redhat.com/errata/RHSA-2022:6187
reference_id	RHSA-2022:6187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6187

reference_url	https://access.redhat.com/errata/RHSA-2022:6188
reference_id	RHSA-2022:6188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6188

reference_url	https://access.redhat.com/errata/RHSA-2022:6262
reference_id	RHSA-2022:6262
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6262

reference_url	https://access.redhat.com/errata/RHSA-2022:6290
reference_id	RHSA-2022:6290
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6290

reference_url	https://access.redhat.com/errata/RHSA-2022:6308
reference_id	RHSA-2022:6308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6308

reference_url	https://access.redhat.com/errata/RHSA-2022:6344
reference_id	RHSA-2022:6344
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6344

reference_url	https://access.redhat.com/errata/RHSA-2022:6429
reference_id	RHSA-2022:6429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6429

reference_url	https://access.redhat.com/errata/RHSA-2022:6430
reference_id	RHSA-2022:6430
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6430

reference_url	https://access.redhat.com/errata/RHSA-2022:6517
reference_id	RHSA-2022:6517
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6517

reference_url	https://access.redhat.com/errata/RHSA-2022:6560
reference_id	RHSA-2022:6560
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6560

reference_url	https://access.redhat.com/errata/RHSA-2022:6714
reference_id	RHSA-2022:6714
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6714

reference_url	https://access.redhat.com/errata/RHSA-2022:7398
reference_id	RHSA-2022:7398
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7398

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:7529
reference_id	RHSA-2022:7529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7529

reference_url	https://access.redhat.com/errata/RHSA-2022:7648
reference_id	RHSA-2022:7648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7648

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

reference_url	https://access.redhat.com/errata/RHSA-2022:8098
reference_id	RHSA-2022:8098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8098

reference_url	https://access.redhat.com/errata/RHSA-2022:8250
reference_id	RHSA-2022:8250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8250

reference_url	https://access.redhat.com/errata/RHSA-2023:0407
reference_id	RHSA-2023:0407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0407

reference_url	https://access.redhat.com/errata/RHSA-2023:0408
reference_id	RHSA-2023:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0408

reference_url	https://access.redhat.com/errata/RHSA-2023:0727
reference_id	RHSA-2023:0727
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0727

reference_url	https://access.redhat.com/errata/RHSA-2023:1042
reference_id	RHSA-2023:1042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1042

reference_url	https://access.redhat.com/errata/RHSA-2023:1529
reference_id	RHSA-2023:1529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1529

reference_url	https://access.redhat.com/errata/RHSA-2023:2758
reference_id	RHSA-2023:2758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2758

reference_url	https://access.redhat.com/errata/RHSA-2023:2802
reference_id	RHSA-2023:2802
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2802

reference_url	https://access.redhat.com/errata/RHSA-2023:3642
reference_id	RHSA-2023:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3642

reference_url	https://access.redhat.com/errata/RHSA-2024:2180
reference_id	RHSA-2024:2180
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2180

reference_url	https://usn.ubuntu.com/6038-1/
reference_id	USN-6038-1
reference_type
scores
url	https://usn.ubuntu.com/6038-1/

reference_url	https://usn.ubuntu.com/6038-2/
reference_id	USN-6038-2
reference_type
scores
url	https://usn.ubuntu.com/6038-2/

fixed_packages

aliases

CVE-2022-30631

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-vxks-1bkp-6bd5

url

VCID-x4cs-g2jz-eqb5

vulnerability_id

VCID-x4cs-g2jz-eqb5

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The package @braintree/sanitize-url before 6.0.0 is vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23648.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23648.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23648

reference_id

reference_type

scores

value	0.00116
scoring_system	epss
scoring_elements	0.30356
published_at	2026-04-08T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30299
published_at	2026-04-18T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30317
published_at	2026-04-16T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30301
published_at	2026-04-13T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30348
published_at	2026-04-12T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30392
published_at	2026-04-11T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.3039
published_at	2026-04-09T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30412
published_at	2026-04-01T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30441
published_at	2026-04-02T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30486
published_at	2026-04-04T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30297
published_at	2026-04-07T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31917
published_at	2026-04-21T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31747
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23648

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648

reference_url

https://github.com/braintree/sanitize-url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/braintree/sanitize-url

reference_url

https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11

reference_url

https://github.com/braintree/sanitize-url/pull/40

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/braintree/sanitize-url/pull/40

reference_url

https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/

reference_url

https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2065290
reference_id	2065290
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2065290

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23648

reference_id

CVE-2021-23648

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23648

reference_url

https://github.com/advisories/GHSA-hqq7-2q2v-82xq

reference_id

GHSA-hqq7-2q2v-82xq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hqq7-2q2v-82xq

reference_url	https://access.redhat.com/errata/RHSA-2022:5069
reference_id	RHSA-2022:5069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5069

reference_url	https://access.redhat.com/errata/RHSA-2022:7519
reference_id	RHSA-2022:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7519

reference_url	https://access.redhat.com/errata/RHSA-2022:8057
reference_id	RHSA-2022:8057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8057

fixed_packages

aliases

CVE-2021-23648, GHSA-hqq7-2q2v-82xq

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-x4cs-g2jz-eqb5

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@7.5.15-3%3Farch=el8

Package Instance