{"id":"RHSA-2022:8057","summary":"Red Hat Security Advisory: grafana security, bug fix, and enhancement update","modified":"2026-04-08T10:01:19Z","published":"2024-09-30T14:26:41Z","upstream":["CVE-2021-23648","CVE-2022-1705","CVE-2022-1962","CVE-2022-21673","CVE-2022-21698","CVE-2022-21702","CVE-2022-21703","CVE-2022-21713","CVE-2022-28131","CVE-2022-30630","CVE-2022-30631","CVE-2022-30632","CVE-2022-30633","CVE-2022-30635","CVE-2022-32148"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2022:8057"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044628"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045880"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050648"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050742"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050743"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055349"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2065290"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2104367"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107342"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107371"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107374"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107376"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107383"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107386"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107388"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107390"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107392"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8057.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-23648"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-23648"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23648"},{"type":"ARTICLE","url":"https://github.com/braintree/sanitize-url/pull/40"},{"type":"ARTICLE","url":"https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-1705"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-1705"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1705"},{"type":"ARTICLE","url":"https://go.dev/issue/53188"},{"type":"ARTICLE","url":"https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-1962"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-1962"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1962"},{"type":"ARTICLE","url":"https://go.dev/issue/53616"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-21673"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-21673"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21673"},{"type":"ARTICLE","url":"https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-21698"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-21698"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21698"},{"type":"ARTICLE","url":"https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-21702"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-21702"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21702"},{"type":"ARTICLE","url":"https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g"},{"type":"ARTICLE","url":"https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-21703"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-21703"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21703"},{"type":"ARTICLE","url":"https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-21713"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-21713"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21713"},{"type":"ARTICLE","url":"https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-28131"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-28131"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28131"},{"type":"ARTICLE","url":"https://go.dev/issue/53614"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-30630"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-30630"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30630"},{"type":"ARTICLE","url":"https://go.dev/issue/53415"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-30631"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-30631"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30631"},{"type":"ARTICLE","url":"https://go.dev/issue/53168"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-30632"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-30632"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30632"},{"type":"ARTICLE","url":"https://go.dev/issue/53416"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-30633"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-30633"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30633"},{"type":"ARTICLE","url":"https://go.dev/issue/53611"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-30635"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-30635"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30635"},{"type":"ARTICLE","url":"https://go.dev/issue/53615"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-32148"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-32148"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32148"},{"type":"ARTICLE","url":"https://go.dev/issue/53423"}],"affected":[{"package":{"name":"grafana","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/grafana"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.5.15-3.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:8057.json"}},{"package":{"name":"grafana-debuginfo","ecosystem":"Red Hat:enterprise_linux:9::appstream","purl":"pkg:rpm/redhat/grafana-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.5.15-3.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:8057.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}