Search for packages
| purl | pkg:rpm/redhat/ceph@2:18.2.1-194?arch=el8cp |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6smu-rrju-z7ca
Aliases: CVE-2023-49568 GHSA-mw99-9chc-xw7r |
Maliciously crafted Git server replies can cause DoS on go-git clients ### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. Applications using only the in-memory filesystem supported by `go-git` are not affected by this vulnerability. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. ### References - [GHSA-mw99-9chc-xw7r](https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) | There are no reported fixed by versions. |
|
VCID-pv34-th9b-37h6
Aliases: CVE-2023-4822 GHSA-fw9c-75hh-89p6 |
Grafana privilege escalation vulnerability Grafana is an open-source platform for monitoring and observability. The vulnerability impacts instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of. | There are no reported fixed by versions. |
|
VCID-rka6-epua-h7gz
Aliases: CVE-2023-49569 GHSA-449p-3h89-pw88 |
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients ### Impact A path traversal vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the [ChrootOS](https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS), which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using [BoundOS](https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS) or in-memory filesystems are not affected by this issue. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible in a timely manner, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. | There are no reported fixed by versions. |
|
VCID-z7wb-tvk2-myhr
Aliases: CVE-2023-3128 GHSA-mpv3-g8m3-3fjc |
Grafana vulnerable to Authentication Bypass by Spoofing Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:53:38.858218+00:00 | RedHat Importer | Affected by | VCID-z7wb-tvk2-myhr | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3128.json | 38.0.0 |
| 2026-04-01T13:51:29.944274+00:00 | RedHat Importer | Affected by | VCID-pv34-th9b-37h6 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4822.json | 38.0.0 |
| 2026-04-01T13:50:31.010229+00:00 | RedHat Importer | Affected by | VCID-6smu-rrju-z7ca | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49568.json | 38.0.0 |
| 2026-04-01T13:50:28.952221+00:00 | RedHat Importer | Affected by | VCID-rka6-epua-h7gz | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49569.json | 38.0.0 |