Back to bug 2138014
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Nick Tait | 2022-10-26 21:20:54 UTC | CC | security-response-team | |
| Sage McTaggart | 2022-10-27 00:01:58 UTC | Depends On | 2138033, 2138032, 2138031 | |
| Sandipan Roy | 2022-10-27 06:08:17 UTC | Depends On | 2138069, 2138068 | |
| Borja Tarraso | 2022-10-27 20:04:44 UTC | Depends On | 2138264 | |
| Red Hat Bugzilla | 2022-10-28 13:13:02 UTC | CC | krathod | |
| Avinash Hanwate | 2022-11-09 04:44:05 UTC | CC | grafana-maint | |
| Group | qe_staff, security | |||
| Summary | EMBARGOED CVE-2022-39306 grafana: email addresses and usernames cannot be trusted | CVE-2022-39306 grafana: email addresses and usernames cannot be trusted | ||
| Avinash Hanwate | 2022-11-09 04:45:00 UTC | Depends On | 2141184 | |
| Nick Tait | 2022-11-11 18:22:09 UTC | CC | jburrell, vkumar | |
| Nick Tait | 2022-11-11 18:38:48 UTC | Fixed In Version | grafana 9.2.4 grafana 8.5.15 | |
| Nick Tait | 2022-11-11 21:29:14 UTC | Doc Text | An authentication bypass flaw was discovered in Grafana which might allow a remote unauthenticated attacker to create an account and provide access to a certain organization. This could be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity. | |
| Paige Jung | 2022-11-14 15:14:29 UTC | Doc Text | An authentication bypass flaw was discovered in Grafana which might allow a remote unauthenticated attacker to create an account and provide access to a certain organization. This could be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity. | An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity. |
| Red Hat Bugzilla | 2023-01-01 05:32:28 UTC | CC | amctagga | |
| Red Hat Bugzilla | 2023-01-01 05:47:17 UTC | CC | flucifre | |
| Red Hat Bugzilla | 2023-01-01 05:52:33 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-01-01 06:01:57 UTC | CC | bniver | |
| Red Hat Bugzilla | 2023-01-01 08:33:56 UTC | CC | mbenjamin | |
| Red Hat Bugzilla | 2023-01-01 08:42:48 UTC | CC | sostapov | |
| Red Hat Bugzilla | 2023-01-01 08:47:24 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 05:43:50 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 06:11:25 UTC | CC | bniver | |
| Alasdair Kergon | 2023-01-04 06:19:28 UTC | CC | mbenjamin | |
| Alasdair Kergon | 2023-01-04 06:29:04 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 06:43:51 UTC | CC | flucifre | |
| Alasdair Kergon | 2023-01-04 11:29:24 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-02-03 23:11:31 UTC | CC | ovanders | |
| errata-xmlrpc | 2023-06-15 16:01:18 UTC | Link ID | Red Hat Product Errata RHSA-2023:3642 | |
| Red Hat Bugzilla | 2023-07-07 08:30:06 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team |
Back to bug 2138014