GHSA-wm7r-3qxj-5xgq

Source

https://github.com/advisories/GHSA-wm7r-3qxj-5xgq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-wm7r-3qxj-5xgq/GHSA-wm7r-3qxj-5xgq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wm7r-3qxj-5xgq

Withdrawn

2023-06-09T22:54:42Z

Published

2023-06-06T21:30:18Z

Modified

2025-02-13T18:57:03Z

Severity

4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N CVSS Calculator

Summary

Duplicate Advisory: Grafana Improper Access Control vulnerability

Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-cvm3-pp2j-chr3. This link is maintained to preserve external references.

Original Description

Grafana is an open-source platform for monitoring and observability.

The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.

This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.

Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.

Database specific

{
    "nvd_published_at": "2023-06-06T19:15:11Z",
    "cwe_ids": [
        "CWE-284",
        "CWE-862"
    ],
    "github_reviewed_at": "2023-06-07T15:08:20Z",
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.5.26

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-wm7r-3qxj-5xgq/GHSA-wm7r-3qxj-5xgq.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

9.0.0

Fixed

9.2.19

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-wm7r-3qxj-5xgq/GHSA-wm7r-3qxj-5xgq.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

9.3.0

Fixed

9.3.15

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-wm7r-3qxj-5xgq/GHSA-wm7r-3qxj-5xgq.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

9.4.0

Fixed

9.4.12

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-wm7r-3qxj-5xgq/GHSA-wm7r-3qxj-5xgq.json"

github.com/grafana/grafana

Package

Name: github.com/grafana/grafana; View open source insights on deps.dev
Purl: pkg:golang/github.com/grafana/grafana

Affected ranges

Type: SEMVER
Events: Introduced

9.5.0

Fixed

9.5.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-wm7r-3qxj-5xgq/GHSA-wm7r-3qxj-5xgq.json"