Back to bug 2131146
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2022-09-30 05:51:31 UTC | CC | security-response-team | |
| TEJ RATHI | 2022-09-30 05:56:38 UTC | CC | agerstmayr, amctagga, aoconnor, bniver, flucifre, gmeno, jkurik, mbenjamin, mhackett, nathans, sostapov, vereddy | |
| TEJ RATHI | 2022-09-30 06:04:53 UTC | CC | gparvin, jramanat, njean, pahickey, stcannon | |
| TEJ RATHI | 2022-09-30 06:24:29 UTC | CC | jburrell, vkumar | |
| TEJ RATHI | 2022-09-30 06:27:25 UTC | CC | anstephe, avibelli, bgeorges, chazlett, clement.escoffier, dandread, dkreling, gsmet, hamadhan, jochrist, jwon, krathod, lthon, peholase, pgallagh, pjindal, probinso, rruss, rsvoboda, sbiarozk, sdouglas | |
| TEJ RATHI | 2022-09-30 06:28:59 UTC | Blocks | 2131159 | |
| Sandipan Roy | 2022-09-30 08:36:19 UTC | Depends On | 2131185, 2131186 | |
| Borja Tarraso | 2022-09-30 13:38:11 UTC | Depends On | 2131260 | |
| Sage McTaggart | 2022-10-07 17:35:26 UTC | Depends On | 2133063, 2133064, 2133062 | |
| Group | team ocp_embargoes | |||
| Marian Rehak | 2022-10-14 05:39:06 UTC | Group | qe_staff, security, team ocp_embargoes | |
| CC | go-sig, grafana-maint, scox | |||
| Summary | EMBARGOED CVE-2022-31130 grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins | CVE-2022-31130 grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins | ||
| Marian Rehak | 2022-10-14 05:39:25 UTC | Depends On | 2134707 | |
| Sage McTaggart | 2022-10-14 18:02:07 UTC | Depends On | 2134937 | |
| Sage McTaggart | 2022-10-14 18:09:46 UTC | Doc Text | A flaw was found with Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This could result the destination plugin receiving a Grafana authentication token of the user, resulting in an impact to confidentiality if an attacker use the authentication token. | |
| Paige Jung | 2022-10-14 18:32:10 UTC | Doc Text | A flaw was found with Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This could result the destination plugin receiving a Grafana authentication token of the user, resulting in an impact to confidentiality if an attacker use the authentication token. | A flaw was found in Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user's authentication token, which could be used by an attacker. |
| Red Hat Bugzilla | 2022-10-28 13:13:08 UTC | CC | krathod | |
| Red Hat Bugzilla | 2023-01-01 05:32:56 UTC | CC | amctagga | |
| Red Hat Bugzilla | 2023-01-01 05:47:20 UTC | CC | flucifre | |
| Red Hat Bugzilla | 2023-01-01 05:52:54 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-01-01 06:02:13 UTC | CC | bniver | |
| Red Hat Bugzilla | 2023-01-01 08:34:28 UTC | CC | mbenjamin | |
| Red Hat Bugzilla | 2023-01-01 08:43:31 UTC | CC | sostapov | |
| Red Hat Bugzilla | 2023-01-01 08:47:53 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 05:43:50 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 06:11:25 UTC | CC | bniver | |
| Alasdair Kergon | 2023-01-04 06:19:28 UTC | CC | mbenjamin | |
| Alasdair Kergon | 2023-01-04 06:29:04 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 06:43:51 UTC | CC | flucifre | |
| Alasdair Kergon | 2023-01-04 11:29:24 UTC | CC | mhackett | |
| errata-xmlrpc | 2023-06-15 16:01:09 UTC | Link ID | Red Hat Product Errata RHSA-2023:3642 | |
| Red Hat Bugzilla | 2023-07-07 08:34:48 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody |
Back to bug 2131146