openEuler update for grafana
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-39229 |
| CWE-ID | CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system grafana-debuginfo Operating systems & Components / Operating system package or component grafana Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Authentication
EUVDB-ID: #VU72132
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-39229
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to deny access to the application.
The vulnerability exists due to a logic error in the authentication process, where application allows usage of the same email address by different accounts. A remote user can set an existing email address that belongs to another user as their username and prevent that user from accessing the application.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4 - 24.03 LTS
grafana-debuginfo: before 7.5.15-7
grafana: before 7.5.15-7
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP1:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:22.03:LTS SP3:*:*:*:*:*:*
- cpe:2.3:a:openeuler:grafana-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:grafana:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2260
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
