Date: Sat, 12 Nov 2022 15:34:44 +0000
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 267728] www/grafana{8,9}: Update to 8.5.15 and 9.2.4 (fixes security vulnerabilities)
Message-ID: <bug-267728-7788-mX6iD20qi4@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-267728-7788@https.bugs.freebsd.org/bugzilla/>
References: <bug-267728-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D267728 Boris Korzun <drtr0jan@yandex.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ports-secteam@FreeBSD.org Attachment #238033| |maintainer-approval?(ports- Flags| |secteam@FreeBSD.org) --- Comment #2 from Boris Korzun <drtr0jan@yandex.ru> --- Created attachment 238033 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D238033&action= =3Dedit vuxml.diff vuxml: * CVE-2022-31123 - Plugin signature bypass * CVE-2022-31130 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39201 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins * CVE-2022-39229 - Improper authentication * CVE-2022-39306 - Privilege escalation * CVE-2022-39307 - Username enumeration * CVE-2022-39328 - Privilege escalation (Critical) https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-= with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/ https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafan= a-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cv= e-2022-39306/ --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-267728-7788-mX6iD20qi4>