x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-5mxf-42f5-j782 #2629

GoVulnBot · 2024-03-07T20:01:24Z

In GitHub Security Advisory GHSA-5mxf-42f5-j782, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/grafana/grafana	10.3.4	>= 10.3.0, < 10.3.4

Cross references:

Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-41244 #259 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-43798 #275 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-43813 #276 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-43815 #277 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21673 #296 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21702 #311 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21703 #312 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21713 #313 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2018-18623 #342 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana/pkg/api: GHSA-rgjg-66cx-5x9m #707 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana/pkg/api/avatar: GHSA-wc9w-wvq2-ffm9 #753 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-27358, GHSA-h5rh-w6vm-9ghc #773 #773 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-39226, GHSA-69j6-29vr-p3j9 #934 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-7rqg-hjwc-6mjf #1599 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-hjv9-hm2f-rpcj #1603 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-xw5p-hw8j-xg4q #1604 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-3cgw-hfw7-wc7j #1673 NOT_A_VULNERABILITY
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-qrrg-gw7w-vp76 #1674 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-7phr-6cc9-4m5q #1680 NOT_GO_CODE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-wm7r-3qxj-5xgq #1843 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-x2w4-c67p-g44j #1844 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-cvm3-pp2j-chr3 #1856 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-mpv3-g8m3-3fjc #1875 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-x5fh-fvvr-892f #1964 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-fw9c-75hh-89p6 #2120 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-6wh2-8hw7-jw94 #2483 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-v5gq-qvjq-8p53 #2510 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-3jq7-8ph8-63xm #2513 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-7m2x-qhrq-rp8h #2515 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-9hv8-4frf-cprf #2516 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-ccmg-w4xm-p28v #2517 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-mvpr-q6rh-8vrp #2520 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-xr3x-62qw-vc4w #2523 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-3hv4-r2fm-h27f #2551 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/grafana/grafana
      versions:
        - introduced: 10.3.0
          fixed: 10.3.4
      packages:
        - package: github.com/grafana/grafana
    - module: github.com/grafana/grafana
      versions:
        - introduced: 10.2.0
          fixed: 10.2.5
      packages:
        - package: github.com/grafana/grafana
    - module: github.com/grafana/grafana
      versions:
        - introduced: 10.1.0
          fixed: 10.1.8
      packages:
        - package: github.com/grafana/grafana
    - module: github.com/grafana/grafana
      versions:
        - introduced: 10.0.0
          fixed: 10.0.12
      packages:
        - package: github.com/grafana/grafana
    - module: github.com/grafana/grafana
      versions:
        - introduced: 8.5.0
          fixed: 9.5.7
      packages:
        - package: github.com/grafana/grafana
summary: |-
    Grafana's users with permissions to create a data source can CRUD all data
    sources
cves:
    - CVE-2024-1442
ghsas:
    - GHSA-5mxf-42f5-j782
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-1442
    - web: https://grafana.com/security/security-advisories/cve-2024-1442
    - advisory: https://github.com/advisories/GHSA-5mxf-42f5-j782

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-30T15:57:39Z

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

gopherbot · 2024-06-04T20:42:54Z

Change https://go.dev/cl/590278 mentions this issue: data/reports: add 48 unreviewed reports

gopherbot · 2024-08-16T21:16:47Z

Change https://go.dev/cl/606358 mentions this issue: data/reports: regenerate 50 reports

- data/reports/GO-2024-2428.yaml - data/reports/GO-2024-2442.yaml - data/reports/GO-2024-2444.yaml - data/reports/GO-2024-2445.yaml - data/reports/GO-2024-2446.yaml - data/reports/GO-2024-2447.yaml - data/reports/GO-2024-2448.yaml - data/reports/GO-2024-2449.yaml - data/reports/GO-2024-2450.yaml - data/reports/GO-2024-2478.yaml - data/reports/GO-2024-2485.yaml - data/reports/GO-2024-2486.yaml - data/reports/GO-2024-2488.yaml - data/reports/GO-2024-2499.yaml - data/reports/GO-2024-2501.yaml - data/reports/GO-2024-2505.yaml - data/reports/GO-2024-2508.yaml - data/reports/GO-2024-2509.yaml - data/reports/GO-2024-2511.yaml - data/reports/GO-2024-2513.yaml - data/reports/GO-2024-2514.yaml - data/reports/GO-2024-2515.yaml - data/reports/GO-2024-2517.yaml - data/reports/GO-2024-2519.yaml - data/reports/GO-2024-2520.yaml - data/reports/GO-2024-2523.yaml - data/reports/GO-2024-2540.yaml - data/reports/GO-2024-2541.yaml - data/reports/GO-2024-2566.yaml - data/reports/GO-2024-2568.yaml - data/reports/GO-2024-2569.yaml - data/reports/GO-2024-2576.yaml - data/reports/GO-2024-2578.yaml - data/reports/GO-2024-2579.yaml - data/reports/GO-2024-2580.yaml - data/reports/GO-2024-2582.yaml - data/reports/GO-2024-2588.yaml - data/reports/GO-2024-2589.yaml - data/reports/GO-2024-2590.yaml - data/reports/GO-2024-2591.yaml - data/reports/GO-2024-2592.yaml - data/reports/GO-2024-2593.yaml - data/reports/GO-2024-2594.yaml - data/reports/GO-2024-2595.yaml - data/reports/GO-2024-2597.yaml - data/reports/GO-2024-2629.yaml - data/reports/GO-2024-2635.yaml - data/reports/GO-2024-2636.yaml - data/reports/GO-2024-2637.yaml - data/reports/GO-2024-2641.yaml Updates #2428 Updates #2442 Updates #2444 Updates #2445 Updates #2446 Updates #2447 Updates #2448 Updates #2449 Updates #2450 Updates #2478 Updates #2485 Updates #2486 Updates #2488 Updates #2499 Updates #2501 Updates #2505 Updates #2508 Updates #2509 Updates #2511 Updates #2513 Updates #2514 Updates #2515 Updates #2517 Updates #2519 Updates #2520 Updates #2523 Updates #2540 Updates #2541 Updates #2566 Updates #2568 Updates #2569 Updates #2576 Updates #2578 Updates #2579 Updates #2580 Updates #2582 Updates #2588 Updates #2589 Updates #2590 Updates #2591 Updates #2592 Updates #2593 Updates #2594 Updates #2595 Updates #2597 Updates #2629 Updates #2635 Updates #2636 Updates #2637 Updates #2641 Change-Id: If02ad5ae2b621addda56b45d8c84b0476a12737b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606358 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

maceonthompson self-assigned this Mar 11, 2024

tatianab added possibly not Go and removed possibly not Go labels May 14, 2024

tatianab added the triaged label May 23, 2024

gopherbot closed this as completed in 8ed6db9 Jun 5, 2024

GoVulnBot mentioned this issue Aug 20, 2024

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-hh8p-374f-qgr5 #3079

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-5mxf-42f5-j782 #2629

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-5mxf-42f5-j782 #2629

GoVulnBot commented Mar 7, 2024

gopherbot commented Apr 30, 2024

gopherbot commented Jun 4, 2024

gopherbot commented Aug 16, 2024

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-5mxf-42f5-j782 #2629

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-5mxf-42f5-j782 #2629

Comments

GoVulnBot commented Mar 7, 2024

gopherbot commented Apr 30, 2024

gopherbot commented Jun 4, 2024

gopherbot commented Aug 16, 2024