Back to bug 2148252

Who	When	What	Removed	Added
Pedro Sampaio	2022-11-24 17:48:47 UTC	CC		security-response-team
Pedro Sampaio	2022-11-24 17:50:25 UTC	Blocks		2148254
Sandipan Roy	2022-11-25 03:15:40 UTC	Depends On		2148331, 2148332
Avinash Hanwate	2022-11-25 07:31:29 UTC	Depends On		2148355, 2148358, 2148356
		Group		team ocp_embargoes
Avinash Hanwate	2022-11-28 09:04:05 UTC	Doc Text		A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the "Open original dashboard" button.
Borja Tarraso	2022-11-28 16:26:15 UTC	CC	gparvin, njean, owatkins, pahickey, stcannon, teagle
Borja Tarraso	2022-11-28 16:26:52 UTC	CC		gparvin, njean, owatkins, pahickey, stcannon, teagle
Red Hat Bugzilla	2023-01-01 05:32:39 UTC	CC	amctagga
Red Hat Bugzilla	2023-01-01 05:47:08 UTC	CC	flucifre
Red Hat Bugzilla	2023-01-01 05:52:42 UTC	CC	mhackett
Red Hat Bugzilla	2023-01-01 06:02:31 UTC	CC	bniver
Red Hat Bugzilla	2023-01-01 08:35:03 UTC	CC	mbenjamin
Red Hat Bugzilla	2023-01-01 08:44:18 UTC	CC	sostapov
Red Hat Bugzilla	2023-01-01 08:49:03 UTC	CC	vereddy
Marian Rehak	2023-01-30 12:52:15 UTC	CC		amctagga, bniver, dfreiber, flucifre, grafana-maint, jmartisk, mbenjamin, mhackett, rogbas, sostapov, vereddy
		Summary	EMBARGOED CVE-2022-39324 grafana: Spoofing of the originalUrl parameter of snapshots	CVE-2022-39324 grafana: Spoofing of the originalUrl parameter of snapshots
		Group	team ocp_embargoes, qe_staff, security
Avinash Hanwate	2023-02-01 05:05:12 UTC	Depends On		2166179
Red Hat Bugzilla	2023-02-03 23:11:33 UTC	CC	ovanders
errata-xmlrpc	2023-06-15 16:01:21 UTC	Link ID		Red Hat Product Errata RHSA-2023:3642
Red Hat Bugzilla	2023-07-07 08:31:25 UTC	CC	security-response-team
		Assignee	security-response-team	nobody

Back to bug 2148252