grafana-9.2.10-7.el8.ML.1
エラータID: AXSA:2023-7309:12
Release date:
Wednesday, December 27, 2023 - 00:21
Subject:
grafana-9.2.10-7.el8.ML.1
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* grafana: account takeover possible when using Azure AD OAuth (CVE-2023-3128)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
Solution:
Update packages.
CVEs:
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
Additional Info:
N/A
Download:
SRPMS
- grafana-9.2.10-7.el8.ML.1.src.rpm
MD5: d7c211c2a342dac433b3880110475488
SHA-256: 3b40a26325ab8154dc2daa745b07c18830f673fce7da0017871a9890b1691258
Size: 321.66 MB
Asianux Server 8 for x86_64
- grafana-9.2.10-7.el8.ML.1.x86_64.rpm
MD5: 42d6cae56f285897a2a57af5619f0221
SHA-256: a52cd0aa617ba7a8217b567d39434809b6527c3af124638000fa2e005782e0d5
Size: 75.98 MB
日本語