RHSA-2023:6420

Description

Red Hat Security Advisory: grafana security and enhancement update

CVSS Metrics

• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•grafana

  < 0:9.2.10-7.el9_3

• redhat•grafana-debuginfo

  < 0:9.2.10-7.el9_3

• redhat•grafana-debugsource

  < 0:9.2.10-7.el9_3

References (62)

• https://access.redhat.com/errata/RHSA-2023:6420
• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index
• https://bugzilla.redhat.com/show_bug.cgi?id=2131146
• https://bugzilla.redhat.com/show_bug.cgi?id=2131147
• https://bugzilla.redhat.com/show_bug.cgi?id=2131148
• https://bugzilla.redhat.com/show_bug.cgi?id=2138014
• https://bugzilla.redhat.com/show_bug.cgi?id=2138015
• https://bugzilla.redhat.com/show_bug.cgi?id=2148252
• https://bugzilla.redhat.com/show_bug.cgi?id=2158420
• https://bugzilla.redhat.com/show_bug.cgi?id=2161274
• https://bugzilla.redhat.com/show_bug.cgi?id=2184483
• https://bugzilla.redhat.com/show_bug.cgi?id=2188193
• https://bugzilla.redhat.com/show_bug.cgi?id=2193018
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6420.json
• https://access.redhat.com/security/cve/CVE-2022-23552
• https://www.cve.org/CVERecord?id=CVE-2022-23552
• https://nvd.nist.gov/vuln/detail/CVE-2022-23552
• https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/
• https://access.redhat.com/security/cve/CVE-2022-31123
• https://www.cve.org/CVERecord?id=CVE-2022-31123
• https://nvd.nist.gov/vuln/detail/CVE-2022-31123
• https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8
• https://access.redhat.com/security/cve/CVE-2022-31130
• https://www.cve.org/CVERecord?id=CVE-2022-31130
• https://nvd.nist.gov/vuln/detail/CVE-2022-31130
• https://access.redhat.com/security/cve/CVE-2022-39201
• https://www.cve.org/CVERecord?id=CVE-2022-39201
• https://nvd.nist.gov/vuln/detail/CVE-2022-39201
• https://access.redhat.com/security/cve/CVE-2022-39306
• https://www.cve.org/CVERecord?id=CVE-2022-39306
• https://nvd.nist.gov/vuln/detail/CVE-2022-39306
• https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/
• https://access.redhat.com/security/cve/CVE-2022-39307
• https://www.cve.org/CVERecord?id=CVE-2022-39307
• https://nvd.nist.gov/vuln/detail/CVE-2022-39307
• https://access.redhat.com/security/cve/CVE-2022-39324
• https://www.cve.org/CVERecord?id=CVE-2022-39324
• https://nvd.nist.gov/vuln/detail/CVE-2022-39324
• https://access.redhat.com/security/cve/CVE-2022-41717
• https://www.cve.org/CVERecord?id=CVE-2022-41717
• https://nvd.nist.gov/vuln/detail/CVE-2022-41717
• https://go.dev/cl/455635
• https://go.dev/cl/455717
• https://go.dev/issue/56350
• https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ
• https://pkg.go.dev/vuln/GO-2022-1144
• https://access.redhat.com/security/cve/CVE-2023-24534
• https://www.cve.org/CVERecord?id=CVE-2023-24534
• https://nvd.nist.gov/vuln/detail/CVE-2023-24534
• https://go.dev/issue/58975
• https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
• https://access.redhat.com/security/cve/CVE-2022-37601
• https://bugzilla.redhat.com/show_bug.cgi?id=2134876
• https://www.cve.org/CVERecord?id=CVE-2022-37601
• https://nvd.nist.gov/vuln/detail/CVE-2022-37601
• https://github.com/webpack/loader-utils/issues/212
• https://access.redhat.com/security/cve/CVE-2023-3128
• https://bugzilla.redhat.com/show_bug.cgi?id=2213626
• https://www.cve.org/CVERecord?id=CVE-2023-3128
• https://nvd.nist.gov/vuln/detail/CVE-2023-3128
• https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/