grafana-9.0.9-3.el9
エラータID: AXSA:2023-6225:07
Release date:
Thursday, July 13, 2023 - 04:57
Subject:
grafana-9.0.9-3.el9
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
Grafana is an open source, feature rich metrics dashboard and graph editor for
Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
grafana: account takeover possible when using Azure AD OAuth (CVE-2023-3128)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2023-3128
Solution:
Update packages.
CVEs:
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
Additional Info:
N/A
Download:
SRPMS
- grafana-9.0.9-3.el9.src.rpm
MD5: 9ff419c85a1efd2d635fd7d74cade89c
SHA-256: cfba8975fa6a8d1cf52c4a26ee16490bbaf510bce89bea230dc392516d9e1ad6
Size: 268.78 MB
Asianux Server 9 for x86_64
- grafana-9.0.9-3.el9.x86_64.rpm
MD5: d4c8e91d77babd9d3a3c7b781f44c143
SHA-256: d1e662280e747b16181673bc9c5a30e56cc8edaf4e856f69c5180c8386dae5dc
Size: 61.34 MB
日本語