Back to bug 2168037
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-02-08 05:07:19 UTC | CC | security-response-team | |
| Sandipan Roy | 2023-02-08 05:16:17 UTC | CC | amctagga, aoconnor, bniver, flucifre, gmeno, gparvin, jkurik, jwendell, mbenjamin, mhackett, nathans, njean, ovanders, owatkins, pahickey, rcernich, scox, sostapov, stcannon, teagle, vereddy | |
| Avinash Hanwate | 2023-02-08 05:18:02 UTC | Blocks | 2168039 | |
| Jan Kurik | 2023-02-08 05:50:15 UTC | Doc Type | --- | If docs needed, set a value |
| RaTasha Tillery-Smith | 2023-02-08 13:03:37 UTC | Doc Text | A flaw was found in the grafana package. A malicious user with the ability to introduce trace data could provide a JavaScript that changes the password for the user viewing the trace view (this could be an admin) to a known password, thus getting access to the admin account. | A flaw was found in the grafana package. This flaw allows a malicious user with the ability to introduce trace data to provide a JavaScript that changes the password for the user viewing the trace view (this could be an admin) to a known password, thus gaining access to the admin account. |
| Avinash Hanwate | 2023-02-21 10:45:33 UTC | Group | team ocp_embargoes | |
| Avinash Hanwate | 2023-02-21 10:50:25 UTC | Depends On | 2172060 | |
| TEJ RATHI | 2023-02-21 12:19:53 UTC | Depends On | 2172079, 2172081, 2172082, 2172078, 2172076, 2172080, 2172077 | |
| Guilherme de Almeida Suckevicz | 2023-03-01 18:23:46 UTC | Group | qe_staff, security, team ocp_embargoes | |
| CC | dfreiber, grafana-maint, jburrell, rogbas, vkumar | |||
| Summary | EMBARGOED CVE-2023-0594 grafana: cross site scripting | CVE-2023-0594 grafana: cross site scripting | ||
| Guilherme de Almeida Suckevicz | 2023-03-01 18:24:04 UTC | Depends On | 2174476 | |
| Red Hat Bugzilla | 2023-07-07 08:33:11 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody |
Back to bug 2168037