apk package
chainguard/grafana-10.1
pkg:apk/chainguard/grafana-10.1
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-6152 | — | < 10.1.7-r0 | 10.1.7-r0 | Feb 13, 2024 | A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. | ||
| CVE-2023-49568 | — | < 10.1.6-r1 | 10.1.6-r1 | Jan 12, 2024 | A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. A | ||
| CVE-2023-4822 | — | < 0 | 0 | Oct 16, 2023 | Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Or | ||
| CVE-2020-8911 | — | < 0 | 0 | Aug 11, 2020 | A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket a |
- CVE-2023-6152Feb 13, 2024affected < 10.1.7-r0fixed 10.1.7-r0
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
- CVE-2023-49568Jan 12, 2024affected < 10.1.6-r1fixed 10.1.6-r1
A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. A
- CVE-2023-4822Oct 16, 2023affected < 0fixed 0
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Or
- CVE-2020-8911Aug 11, 2020affected < 0fixed 0
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket a