Grafana 8.5.22

CPE Details

Grafana 8.5.22
grafana
grafana
8.5.22
2023-03-24
16h56 +00:00
2023-04-04
12h56 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:grafana:grafana:8.5.22:*:*:*:*:*:*:*

Informations

Vendor

grafana

Product

grafana

Version

8.5.22

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-2183 2023-06-06 18h04 +00:00 Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.
6.4
Medium
CVE-2022-23498 2023-02-03 21h34 +00:00 Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.
8.8
High