BIT-grafana-2022-39328

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2022-39328.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-grafana-2022-39328

Aliases

CVE-2022-39328
GHSA-vqc4-mpj8-jxch
GO-2024-2856

Published

2024-03-06T10:54:29.505Z

Modified

2024-06-05T16:43:19.542386Z

Summary

[none]

Details

Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.

References

https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch
https://security.netapp.com/advisory/ntap-20221215-0003/

Affected packages

Bitnami / grafana

Package

Name: grafana
Purl: pkg:bitnami/grafana

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

9.2.0

Fixed

9.2.4