{"id":"OESA-2024-2260","summary":"grafana security update","details":"Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &amp; OpenTSDB.\r\n\r\nSecurity Fix(es):\r\n\r\nGrafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user&apos;s login attempt by registering someone else&apos;e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`&apos;s password won’t match with `user_2`&apos;s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.(CVE-2022-39229)","modified":"2026-03-11T06:52:32.468576Z","published":"2024-10-18T11:09:23Z","upstream":["CVE-2022-39229"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2260"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39229"}],"affected":[{"package":{"name":"grafana","ecosystem":"openEuler:22.03-LTS-SP1","purl":"pkg:rpm/openEuler/grafana&distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.5.15-7.oe2203sp1"}]}],"ecosystem_specific":{"x86_64":["grafana-7.5.15-7.oe2203sp1.x86_64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp1.x86_64.rpm"],"src":["grafana-7.5.15-7.oe2203sp1.src.rpm"],"aarch64":["grafana-7.5.15-7.oe2203sp1.aarch64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp1.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2024-2260.json"}},{"package":{"name":"grafana","ecosystem":"openEuler:24.03-LTS","purl":"pkg:rpm/openEuler/grafana&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.5.15-7.oe2403"}]}],"ecosystem_specific":{"x86_64":["grafana-7.5.15-7.oe2403.x86_64.rpm","grafana-debuginfo-7.5.15-7.oe2403.x86_64.rpm"],"src":["grafana-7.5.15-7.oe2403.src.rpm"],"aarch64":["grafana-7.5.15-7.oe2403.aarch64.rpm","grafana-debuginfo-7.5.15-7.oe2403.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2024-2260.json"}},{"package":{"name":"grafana","ecosystem":"openEuler:22.03-LTS-SP4","purl":"pkg:rpm/openEuler/grafana&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.5.15-7.oe2203sp4"}]}],"ecosystem_specific":{"x86_64":["grafana-7.5.15-7.oe2203sp4.x86_64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp4.x86_64.rpm"],"src":["grafana-7.5.15-7.oe2203sp4.src.rpm"],"aarch64":["grafana-7.5.15-7.oe2203sp4.aarch64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp4.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2024-2260.json"}},{"package":{"name":"grafana","ecosystem":"openEuler:22.03-LTS-SP3","purl":"pkg:rpm/openEuler/grafana&distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.5.15-7.oe2203sp3"}]}],"ecosystem_specific":{"x86_64":["grafana-7.5.15-7.oe2203sp3.x86_64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp3.x86_64.rpm"],"src":["grafana-7.5.15-7.oe2203sp3.src.rpm"],"aarch64":["grafana-7.5.15-7.oe2203sp3.aarch64.rpm","grafana-debuginfo-7.5.15-7.oe2203sp3.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2024-2260.json"}},{"package":{"name":"grafana","ecosystem":"openEuler:20.03-LTS-SP4","purl":"pkg:rpm/openEuler/grafana&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.5.15-7.oe2003sp4"}]}],"ecosystem_specific":{"x86_64":["grafana-7.5.15-7.oe2003sp4.x86_64.rpm","grafana-debuginfo-7.5.15-7.oe2003sp4.x86_64.rpm"],"src":["grafana-7.5.15-7.oe2003sp4.src.rpm"],"aarch64":["grafana-7.5.15-7.oe2003sp4.aarch64.rpm","grafana-debuginfo-7.5.15-7.oe2003sp4.aarch64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2024-2260.json"}}],"schema_version":"1.7.5"}