Back to bug 2066563

Who When What Removed Added
Rohit Keshri 2022-03-22 04:52:12 UTC Blocks 2066564
Yasuhiro Ozone 2022-03-23 22:01:55 UTC CC yozone
Borja Tarraso 2022-03-25 15:00:21 UTC Depends On 2068519, 2068520
Avinash Hanwate 2022-03-28 04:54:58 UTC Summary CVE-2022-26148 openshift: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix CVE-2022-26148 grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix
Avinash Hanwate 2022-04-07 04:07:50 UTC Depends On 2072831, 2072833, 2072832
Sandipan Roy 2022-04-08 07:33:36 UTC Flags needinfo?(agerstmayr)
Andreas Gerstmayr 2022-04-08 15:26:17 UTC Flags needinfo?(agerstmayr)
Anten Skrabec 2022-04-21 19:01:23 UTC CC vkumar, zebob.m
Anten Skrabec 2022-04-21 19:17:35 UTC Depends On 2077636, 2077637, 2077638, 2077639
Anten Skrabec 2022-04-21 19:41:16 UTC Doc Text An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
RaTasha Tillery-Smith 2022-04-22 12:50:49 UTC Doc Text An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in api_jsonrpc.php to discover the Zabbix account password and URL address.
Red Hat Bugzilla 2022-06-30 22:50:59 UTC CC fpokorny
Red Hat Bugzilla 2022-06-30 23:02:59 UTC CC erooth
Red Hat Bugzilla 2022-08-12 04:30:35 UTC CC amuller
Red Hat Bugzilla 2022-08-31 22:23:07 UTC CC mszynkie
Red Hat Bugzilla 2022-10-28 13:12:43 UTC CC krathod
Red Hat Bugzilla 2023-01-01 05:32:18 UTC CC amctagga
Red Hat Bugzilla 2023-01-01 05:47:04 UTC CC flucifre
Red Hat Bugzilla 2023-01-01 05:52:20 UTC CC mhackett
Red Hat Bugzilla 2023-01-01 06:02:16 UTC CC bniver
Red Hat Bugzilla 2023-01-01 08:34:33 UTC CC mbenjamin
Red Hat Bugzilla 2023-01-01 08:43:47 UTC CC sostapov
Red Hat Bugzilla 2023-01-01 08:48:01 UTC CC vereddy
Alasdair Kergon 2023-01-04 05:43:50 UTC CC sostapov
Alasdair Kergon 2023-01-04 06:11:25 UTC CC bniver
Alasdair Kergon 2023-01-04 06:23:48 UTC CC mbenjamin
Alasdair Kergon 2023-01-04 06:43:51 UTC CC flucifre
Alasdair Kergon 2023-01-04 06:59:12 UTC CC vereddy
Alasdair Kergon 2023-01-04 11:29:24 UTC CC mhackett
Red Hat Bugzilla 2023-02-03 23:11:29 UTC CC ovanders
Red Hat Bugzilla 2023-05-15 18:09:13 UTC CC drieden
errata-xmlrpc 2023-06-15 15:59:48 UTC Link ID Red Hat Product Errata RHSA-2023:3642
Red Hat Bugzilla 2023-07-07 08:34:59 UTC Assignee security-response-team nobody

Back to bug 2066563