Описание
Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.
A race condition was found in Grafana in the middleware logic that could allow bypassing authentication. This flaw allows an unauthenticated user to successfully query an administration endpoint under a heavy load by using a load testing script hitting specific endpoints.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-view-plugin-rhel9 | Not affected | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/grafana-rhel8 | Not affected | ||
| OpenShift Service Mesh 2.0 | openshift-service-mesh/grafana-rhel8 | Not affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Not affected | ||
| OpenShift Service Mesh 2.1 | openshift-service-mesh/grafana-rhel8 | Not affected | ||
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel8 | Not affected | ||
| Red Hat build of Quarkus | grafana | Not affected | ||
| Red Hat Ceph Storage 3 | grafana | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.
Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.
Grafana is an open-source platform for monitoring and observability. V ...
Grafana Race condition allowing privilege escalation
Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с параллельным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю повысить свои привилегии
EPSS
8.1 High
CVSS3