CLSA-2026-1777944610

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777944610.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1777944610
Upstream
  • CVE-2026-27877
Published
2026-05-05T01:30:15Z
Modified
2026-06-01T00:32:51.106885443Z
Summary
grafana: Fix of CVE-2026-27877
Details
  • CVE-2026-27877: fix exposure of direct data-source passwords via public dashboards by limiting frontend settings to data sources actually used by the dashboard
  • Note: upstream test additions in pkg/api/frontendsettings_test.go are not backported. The %check stage only runs the Jest frontend suite (gated on 0), so backend Go tests would not be exercised by this build, and the upstream test depends on hs.publicDashboardsService which does not exist in 10.2.6 (the production fix already uses the hs.PublicDashboardsApi.PublicDashboardService adapter for the same reason)
References

Affected packages

TuxCare:AlmaLinux:9.6 / grafana

Package

Name
grafana
Purl
pkg:rpm/tuxcare/grafana?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.2.6-15.el9_6.tuxcare.els7

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777944610.json"

TuxCare:AlmaLinux:9.6 / grafana-selinux

Package

Name
grafana-selinux
Purl
pkg:rpm/tuxcare/grafana-selinux?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.2.6-15.el9_6.tuxcare.els7

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777944610.json"