HomeFreeBSD

www/grafana{8,9}: Update to 8.5.15 and 9.2.4 (fixes security vulnerabilities)

Description

www/grafana{8,9}: Update to 8.5.15 and 9.2.4 (fixes security vulnerabilities)

  • CVE-2022-31123 - Plugin signature bypass
  • CVE-2022-31130 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
  • CVE-2022-39201 - Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
  • CVE-2022-39229 - Improper authentication
  • CVE-2022-39306 - Privilege escalation
  • CVE-2022-39307 - Username enumeration
  • CVE-2022-39328 - Privilege escalation (Critical)

https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/

https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/

ChangeLog: https://github.com/grafana/grafana/releases/tag/v8.5.15

		https://github.com/grafana/grafana/releases/tag/v9.2.2
		https://github.com/grafana/grafana/releases/tag/v9.2.3
		https://github.com/grafana/grafana/releases/tag/v9.2.4

PR: 267728
MFH: 2022Q4
Security: 0a80f159-629b-11ed-9ca2-6c3be5272acd

		6eb6a442-629a-11ed-9ca2-6c3be5272acd
		db895ed0-6298-11ed-9ca2-6c3be5272acd
		4e60d660-6298-11ed-9ca2-6c3be5272acd
		6f6c9420-6297-11ed-9ca2-6c3be5272acd
		6877e164-6296-11ed-9ca2-6c3be5272acd
		909a80ba-6294-11ed-9ca2-6c3be5272acd

(cherry picked from commit c01da721e69d9ae724afef61bdb196543c86a461)

Details

Provenance
drtr0jan_yandex.ruAuthored on Nov 13 2022, 12:12 AM
eduardoCommitted on Nov 13 2022, 12:48 AM
Parents
R11:56377235cba5: www/grafana9: Update to 9.2.1
Branches
Unknown
Tags
Unknown