{"schema_version":"1.7.2","id":"OESA-2024-2260","modified":"2024-10-18T11:09:23Z","published":"2024-10-18T11:09:23Z","upstream":["CVE-2022-39229"],"summary":"grafana security update","details":"Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026amp; OpenTSDB.\r\n\r\nSecurity Fix(es):\r\n\r\nGrafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user\u0026apos;s login attempt by registering someone else\u0026apos;e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`\u0026apos;s password won’t match with `user_2`\u0026apos;s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.(CVE-2022-39229)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"grafana","purl":"pkg:rpm/openEuler/grafana\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.5.15-7.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["grafana-7.5.15-7.oe2203sp1.aarch64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp1.aarch64.rpm"],"src":["grafana-7.5.15-7.oe2203sp1.src.rpm"],"x86_64":["grafana-7.5.15-7.oe2203sp1.x86_64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS","name":"grafana","purl":"pkg:rpm/openEuler/grafana\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.5.15-7.oe2403"}]}],"ecosystem_specific":{"aarch64":["grafana-7.5.15-7.oe2403.aarch64.rpm","grafana-debuginfo-7.5.15-7.oe2403.aarch64.rpm"],"src":["grafana-7.5.15-7.oe2403.src.rpm"],"x86_64":["grafana-7.5.15-7.oe2403.x86_64.rpm","grafana-debuginfo-7.5.15-7.oe2403.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"grafana","purl":"pkg:rpm/openEuler/grafana\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.5.15-7.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["grafana-7.5.15-7.oe2203sp4.aarch64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp4.aarch64.rpm"],"src":["grafana-7.5.15-7.oe2203sp4.src.rpm"],"x86_64":["grafana-7.5.15-7.oe2203sp4.x86_64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"grafana","purl":"pkg:rpm/openEuler/grafana\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.5.15-7.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["grafana-7.5.15-7.oe2203sp3.aarch64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp3.aarch64.rpm"],"src":["grafana-7.5.15-7.oe2203sp3.src.rpm"],"x86_64":["grafana-7.5.15-7.oe2203sp3.x86_64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"grafana","purl":"pkg:rpm/openEuler/grafana\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.5.15-7.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["grafana-7.5.15-7.oe2003sp4.aarch64.rpm","grafana-debuginfo-7.5.15-7.oe2003sp4.aarch64.rpm"],"src":["grafana-7.5.15-7.oe2003sp4.src.rpm"],"x86_64":["grafana-7.5.15-7.oe2003sp4.x86_64.rpm","grafana-debuginfo-7.5.15-7.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2260"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39229"}],"database_specific":{"severity":"Medium"}}