CVE-2022-31123: Plugin signature bypass It is possible to bypass plugin signatures by exploiting a versioning flaw in Grafana. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins <https://go.grafana.com/MzU2LVlGRy0zODkAAAGHKffeRdXtITNJ57jRLGNoDYneVd-OEEcBdv-IjxVZkAZ_sJruum93h2vIohJ4utenGSY7smU=> are not allowed. Affected versions: Grafana <= 9.1.x
Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2134708]
This issue has been addressed in the following products: Red Hat Ceph Storage 6.1 Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6420 https://access.redhat.com/errata/RHSA-2023:6420