Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/vulndb: potential Go vuln in github.com/grafana/grafana: GHSA-m25m-5778-fm22 #2519

Closed
GoVulnBot opened this issue Feb 1, 2024 · 3 comments
Assignees
Labels

Comments

@GoVulnBot
Copy link

In GitHub Security Advisory GHSA-m25m-5778-fm22, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/grafana/grafana 7.2.1 >= 6.0, < 7.2.1

Cross references:

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/grafana/grafana
      versions:
        - introduced: 6.0.0
          fixed: 7.2.1
      packages:
        - package: github.com/grafana/grafana
summary: Grafana world readable configuration files
cves:
    - CVE-2020-12459
ghsas:
    - GHSA-m25m-5778-fm22
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2020-12459
    - report: https://github.com/grafana/grafana/issues/8283
    - web: https://access.redhat.com/security/cve/CVE-2020-12459
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1827765
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1829724
    - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/
    - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/
    - web: https://security.netapp.com/advisory/ntap-20200518-0004/
    - web: https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277
    - fix: https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00
    - advisory: https://github.com/advisories/GHSA-m25m-5778-fm22

@timothy-king
Copy link
Contributor

timothy-king commented Feb 1, 2024

Duplicate of #2513

@timothy-king timothy-king marked this as a duplicate of #2517 Feb 1, 2024
@timothy-king timothy-king marked this as a duplicate of #2513 Feb 1, 2024
@tatianab tatianab closed this as completed Feb 7, 2024
@tatianab tatianab removed the duplicate label Jul 2, 2024
@tatianab tatianab self-assigned this Jul 2, 2024
@tatianab tatianab reopened this Jul 2, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/596175 mentions this issue: data/reports: add GO-2024-2519, update GO-2024-2833

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/606358 mentions this issue: data/reports: regenerate 50 reports

gopherbot pushed a commit that referenced this issue Aug 19, 2024
  - data/reports/GO-2024-2428.yaml
  - data/reports/GO-2024-2442.yaml
  - data/reports/GO-2024-2444.yaml
  - data/reports/GO-2024-2445.yaml
  - data/reports/GO-2024-2446.yaml
  - data/reports/GO-2024-2447.yaml
  - data/reports/GO-2024-2448.yaml
  - data/reports/GO-2024-2449.yaml
  - data/reports/GO-2024-2450.yaml
  - data/reports/GO-2024-2478.yaml
  - data/reports/GO-2024-2485.yaml
  - data/reports/GO-2024-2486.yaml
  - data/reports/GO-2024-2488.yaml
  - data/reports/GO-2024-2499.yaml
  - data/reports/GO-2024-2501.yaml
  - data/reports/GO-2024-2505.yaml
  - data/reports/GO-2024-2508.yaml
  - data/reports/GO-2024-2509.yaml
  - data/reports/GO-2024-2511.yaml
  - data/reports/GO-2024-2513.yaml
  - data/reports/GO-2024-2514.yaml
  - data/reports/GO-2024-2515.yaml
  - data/reports/GO-2024-2517.yaml
  - data/reports/GO-2024-2519.yaml
  - data/reports/GO-2024-2520.yaml
  - data/reports/GO-2024-2523.yaml
  - data/reports/GO-2024-2540.yaml
  - data/reports/GO-2024-2541.yaml
  - data/reports/GO-2024-2566.yaml
  - data/reports/GO-2024-2568.yaml
  - data/reports/GO-2024-2569.yaml
  - data/reports/GO-2024-2576.yaml
  - data/reports/GO-2024-2578.yaml
  - data/reports/GO-2024-2579.yaml
  - data/reports/GO-2024-2580.yaml
  - data/reports/GO-2024-2582.yaml
  - data/reports/GO-2024-2588.yaml
  - data/reports/GO-2024-2589.yaml
  - data/reports/GO-2024-2590.yaml
  - data/reports/GO-2024-2591.yaml
  - data/reports/GO-2024-2592.yaml
  - data/reports/GO-2024-2593.yaml
  - data/reports/GO-2024-2594.yaml
  - data/reports/GO-2024-2595.yaml
  - data/reports/GO-2024-2597.yaml
  - data/reports/GO-2024-2629.yaml
  - data/reports/GO-2024-2635.yaml
  - data/reports/GO-2024-2636.yaml
  - data/reports/GO-2024-2637.yaml
  - data/reports/GO-2024-2641.yaml

Updates #2428
Updates #2442
Updates #2444
Updates #2445
Updates #2446
Updates #2447
Updates #2448
Updates #2449
Updates #2450
Updates #2478
Updates #2485
Updates #2486
Updates #2488
Updates #2499
Updates #2501
Updates #2505
Updates #2508
Updates #2509
Updates #2511
Updates #2513
Updates #2514
Updates #2515
Updates #2517
Updates #2519
Updates #2520
Updates #2523
Updates #2540
Updates #2541
Updates #2566
Updates #2568
Updates #2569
Updates #2576
Updates #2578
Updates #2579
Updates #2580
Updates #2582
Updates #2588
Updates #2589
Updates #2590
Updates #2591
Updates #2592
Updates #2593
Updates #2594
Updates #2595
Updates #2597
Updates #2629
Updates #2635
Updates #2636
Updates #2637
Updates #2641

Change-Id: If02ad5ae2b621addda56b45d8c84b0476a12737b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606358
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants