RHSA-2023:2167-01 -- Redhat grafanaID: oval:org.secpod.oval:def:507656 | Date: (C)2023-05-22 (M)2024-06-24 |
Class: PATCH | Family: unix |
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB amp; OpenTSDB. Security Fix: * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * golang: net/http: handle server errors after sending GOAWAY * grafana: Escalation from admin to server admin when auth proxy is used * grafana: using email as a username can block other users from signing in * golang: regexp/syntax: limit memory used by parsing regexps For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 9 |