x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-4724-7jwc-3fpw #2867

GoVulnBot · 2024-05-20T21:01:24Z

In GitHub Security Advisory GHSA-4724-7jwc-3fpw, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/grafana/grafana	8.5.16	< 8.5.16

Cross references:

Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-41244 #259 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-43798 #275 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-43813 #276 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-43815 #277 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21673 #296 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21702 #311 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21703 #312 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21713 #313 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2018-18623 #342 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana/pkg/api: GHSA-rgjg-66cx-5x9m #707 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana/pkg/api/avatar: GHSA-wc9w-wvq2-ffm9 #753 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-27358, GHSA-h5rh-w6vm-9ghc #773 #773 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-39226, GHSA-69j6-29vr-p3j9 #934 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-7rqg-hjwc-6mjf #1599 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-hjv9-hm2f-rpcj #1603 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-xw5p-hw8j-xg4q #1604 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-3cgw-hfw7-wc7j #1673 NOT_A_VULNERABILITY
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-qrrg-gw7w-vp76 #1674 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-7phr-6cc9-4m5q #1680 NOT_GO_CODE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-wm7r-3qxj-5xgq #1843 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-x2w4-c67p-g44j #1844 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-cvm3-pp2j-chr3 #1856 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-mpv3-g8m3-3fjc #1875 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-x5fh-fvvr-892f #1964 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-fw9c-75hh-89p6 #2120 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-6wh2-8hw7-jw94 #2483 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-v5gq-qvjq-8p53 #2510 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-3jq7-8ph8-63xm #2513 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-7m2x-qhrq-rp8h #2515 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-9hv8-4frf-cprf #2516 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-ccmg-w4xm-p28v #2517 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-mvpr-q6rh-8vrp #2520 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-xr3x-62qw-vc4w #2523 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-3hv4-r2fm-h27f #2551 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana/pkg/tsdb/mysql: GHSA-4pwp-cx67-5cpx #2661

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/grafana/grafana
      versions:
        - fixed: 8.5.16
        - introduced: 9.0.0
          fixed: 9.2.8
      packages:
        - package: github.com/grafana/grafana
summary: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana
cves:
    - CVE-2022-39324
ghsas:
    - GHSA-4724-7jwc-3fpw
references:
    - advisory: https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw
    - fix: https://github.com/grafana/grafana/pull/60232
    - fix: https://github.com/grafana/grafana/pull/60256
    - fix: https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a
    - fix: https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c
source:
    id: GHSA-4724-7jwc-3fpw
    created: 2024-05-20T21:01:23.835616249Z

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-06-04T20:42:39Z

Change https://go.dev/cl/590277 mentions this issue: data/reports: add 26 unreviewed reports

gopherbot · 2024-08-16T21:19:28Z

Change https://go.dev/cl/606359 mentions this issue: data/reports: regenerate 50 reports

- data/reports/GO-2024-2642.yaml - data/reports/GO-2024-2644.yaml - data/reports/GO-2024-2645.yaml - data/reports/GO-2024-2664.yaml - data/reports/GO-2024-2665.yaml - data/reports/GO-2024-2675.yaml - data/reports/GO-2024-2684.yaml - data/reports/GO-2024-2690.yaml - data/reports/GO-2024-2697.yaml - data/reports/GO-2024-2704.yaml - data/reports/GO-2024-2707.yaml - data/reports/GO-2024-2718.yaml - data/reports/GO-2024-2719.yaml - data/reports/GO-2024-2728.yaml - data/reports/GO-2024-2741.yaml - data/reports/GO-2024-2752.yaml - data/reports/GO-2024-2757.yaml - data/reports/GO-2024-2769.yaml - data/reports/GO-2024-2792.yaml - data/reports/GO-2024-2801.yaml - data/reports/GO-2024-2815.yaml - data/reports/GO-2024-2843.yaml - data/reports/GO-2024-2844.yaml - data/reports/GO-2024-2847.yaml - data/reports/GO-2024-2848.yaml - data/reports/GO-2024-2851.yaml - data/reports/GO-2024-2852.yaml - data/reports/GO-2024-2854.yaml - data/reports/GO-2024-2855.yaml - data/reports/GO-2024-2856.yaml - data/reports/GO-2024-2857.yaml - data/reports/GO-2024-2858.yaml - data/reports/GO-2024-2866.yaml - data/reports/GO-2024-2867.yaml - data/reports/GO-2024-2877.yaml - data/reports/GO-2024-2886.yaml - data/reports/GO-2024-2891.yaml - data/reports/GO-2024-2898.yaml - data/reports/GO-2024-2901.yaml - data/reports/GO-2024-2902.yaml - data/reports/GO-2024-2905.yaml - data/reports/GO-2024-2911.yaml - data/reports/GO-2024-2917.yaml - data/reports/GO-2024-2919.yaml - data/reports/GO-2024-2922.yaml - data/reports/GO-2024-2939.yaml - data/reports/GO-2024-2941.yaml - data/reports/GO-2024-2972.yaml - data/reports/GO-2024-2981.yaml - data/reports/GO-2024-2987.yaml Updates #2642 Updates #2644 Updates #2645 Updates #2664 Updates #2665 Updates #2675 Updates #2684 Updates #2690 Updates #2697 Updates #2704 Updates #2707 Updates #2718 Updates #2719 Updates #2728 Updates #2741 Updates #2752 Updates #2757 Updates #2769 Updates #2792 Updates #2801 Updates #2815 Updates #2843 Updates #2844 Updates #2847 Updates #2848 Updates #2851 Updates #2852 Updates #2854 Updates #2855 Updates #2856 Updates #2857 Updates #2858 Updates #2866 Updates #2867 Updates #2877 Updates #2886 Updates #2891 Updates #2898 Updates #2901 Updates #2902 Updates #2905 Updates #2911 Updates #2917 Updates #2919 Updates #2922 Updates #2939 Updates #2941 Updates #2972 Updates #2981 Updates #2987 Change-Id: I2dff127628eabc7c25afa4020c15a4d35a46a2c4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606359 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com>

tatianab added the triaged label May 23, 2024

gopherbot closed this as completed in 69991d5 Jun 5, 2024

GoVulnBot mentioned this issue Aug 20, 2024

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-hh8p-374f-qgr5 #3079

Closed

This was referenced Oct 25, 2024

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-q99m-qcv4-fpm7 #3215

Closed

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-66c4-2g2v-54qw #3240

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-4724-7jwc-3fpw #2867

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-4724-7jwc-3fpw #2867

GoVulnBot commented May 20, 2024

gopherbot commented Jun 4, 2024

gopherbot commented Aug 16, 2024

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-4724-7jwc-3fpw #2867

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-4724-7jwc-3fpw #2867

Comments

GoVulnBot commented May 20, 2024

gopherbot commented Jun 4, 2024

gopherbot commented Aug 16, 2024