x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-vw7q-p2qg-4m5f #2857

GoVulnBot · 2024-05-15T00:01:39Z

In GitHub Security Advisory GHSA-vw7q-p2qg-4m5f, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/grafana/grafana	8.3.10	>= 8.0.0, < 8.3.10

Cross references:

Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-41244 #259 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-43798 #275 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-43813 #276 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-43815 #277 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21673 #296 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21702 #311 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21703 #312 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2022-21713 #313 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2018-18623 #342 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana/pkg/api: GHSA-rgjg-66cx-5x9m #707 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana/pkg/api/avatar: GHSA-wc9w-wvq2-ffm9 #753 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-27358, GHSA-h5rh-w6vm-9ghc #773 #773 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: CVE-2021-39226, GHSA-69j6-29vr-p3j9 #934 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-7rqg-hjwc-6mjf #1599 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-hjv9-hm2f-rpcj #1603 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-xw5p-hw8j-xg4q #1604 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-3cgw-hfw7-wc7j #1673 NOT_A_VULNERABILITY
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-qrrg-gw7w-vp76 #1674 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-7phr-6cc9-4m5q #1680 NOT_GO_CODE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-wm7r-3qxj-5xgq #1843 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-x2w4-c67p-g44j #1844 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-cvm3-pp2j-chr3 #1856 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-mpv3-g8m3-3fjc #1875 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-x5fh-fvvr-892f #1964 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-fw9c-75hh-89p6 #2120 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-6wh2-8hw7-jw94 #2483 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-v5gq-qvjq-8p53 #2510 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-3jq7-8ph8-63xm #2513 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-7m2x-qhrq-rp8h #2515 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-9hv8-4frf-cprf #2516 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-ccmg-w4xm-p28v #2517 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-mvpr-q6rh-8vrp #2520 NOT_IMPORTABLE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-xr3x-62qw-vc4w #2523 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-3hv4-r2fm-h27f #2551 EFFECTIVELY_PRIVATE
Module github.com/grafana/grafana appears in issue x/vulndb: potential Go vuln in github.com/grafana/grafana/pkg/tsdb/mysql: GHSA-4pwp-cx67-5cpx #2661

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/grafana/grafana
      versions:
        - introduced: 8.0.0
          fixed: 8.3.10
        - introduced: 8.4.0
          fixed: 8.4.10
        - introduced: 8.5.0
          fixed: 8.5.9
        - introduced: 9.0.0
          fixed: 9.0.3
      packages:
        - package: github.com/grafana/grafana
summary: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
cves:
    - CVE-2022-31097
ghsas:
    - GHSA-vw7q-p2qg-4m5f
references:
    - advisory: https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f
    - web: https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9
    - web: https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3
    - web: https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10
    - web: https://security.netapp.com/advisory/ntap-20220901-0010
source:
    id: GHSA-vw7q-p2qg-4m5f

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-06-04T20:42:38Z

Change https://go.dev/cl/590277 mentions this issue: data/reports: add 26 unreviewed reports

tatianab added the triaged label May 23, 2024

gopherbot closed this as completed in 69991d5 Jun 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-vw7q-p2qg-4m5f #2857

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-vw7q-p2qg-4m5f #2857

GoVulnBot commented May 15, 2024

gopherbot commented Jun 4, 2024

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-vw7q-p2qg-4m5f #2857

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-vw7q-p2qg-4m5f #2857

Comments

GoVulnBot commented May 15, 2024

gopherbot commented Jun 4, 2024