Back to bug 2167266
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-02-06 05:18:51 UTC | CC | amctagga, aoconnor, bniver, flucifre, gmeno, gparvin, grafana-maint, jkurik, jwendell, mbenjamin, mhackett, nathans, njean, ovanders, owatkins, pahickey, rcernich, scox, sostapov, stcannon, teagle, vereddy | |
| Sandipan Roy | 2023-02-06 05:44:03 UTC | Depends On | 2167271, 2167270 | |
| Avinash Hanwate | 2023-02-07 08:51:30 UTC | Doc Text | A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. | |
| Avinash Hanwate | 2023-02-07 08:52:39 UTC | Depends On | 2167664, 2167665 | |
| RaTasha Tillery-Smith | 2023-02-07 13:48:10 UTC | Doc Text | A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. | A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user’s session. |
| CC | dfreiber, jburrell, rogbas, vkumar | |||
| Red Hat Bugzilla | 2023-07-07 08:30:50 UTC | Assignee | security-response-team | nobody |
Back to bug 2167266