FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- OAuth Account Takeover

Affected packages
5.3.0 <= grafana < 8.3.10
8.4.0 <= grafana < 8.4.10
8.5.0 <= grafana < 8.5.9
9.0.0 <= grafana < 9.0.3
7.0 <= grafana7
8.3.0 <= grafana8 < 8.3.10
8.4.0 <= grafana8 < 8.4.10
8.5.0 <= grafana8 < 8.5.9
grafana9 < 9.0.3

Details

VuXML ID 0859e6d5-0415-11ed-a53b-6c3be5272acd
Discovery 2022-06-27
Entry 2022-07-15

Grafana Labs reports:

It is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under some conditions.

[source]

References

CVE Name CVE-2022-31107
URL https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.