Search before asking
What happened
our internal qualy scan reports a grafana authentication bypass vulnerability
Grafana has released patch addressing the issue. For more information please refer to Grafana Security Advisory(https://grafana.com/blog/2023/...-cve-2023-3128/)
Patch: Following are links for downloading patches to fix the vulnerabilities:Grafana Security Advisory (https://grafana.com/blog/2023/...-cve-2023-3128/)
What do you expect to happen
due to my investigations this can be fixed by using grafana version 9.5.5 or higher
I expect a change of the used dockerfile
https://github.com/apache/incubator-devlake/blob/main/grafana/Dockerfile#L26
FROM grafana/grafana:9.5.5
How to reproduce
please see also
https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/
Anything else
No response
Version
v0.19.0-beta6
Are you willing to submit PR?
Code of Conduct
Search before asking
What happened
our internal qualy scan reports a grafana authentication bypass vulnerability
Grafana has released patch addressing the issue. For more information please refer to Grafana Security Advisory(https://grafana.com/blog/2023/...-cve-2023-3128/)
Patch: Following are links for downloading patches to fix the vulnerabilities:Grafana Security Advisory (https://grafana.com/blog/2023/...-cve-2023-3128/)
What do you expect to happen
due to my investigations this can be fixed by using grafana version 9.5.5 or higher
I expect a change of the used dockerfile
https://github.com/apache/incubator-devlake/blob/main/grafana/Dockerfile#L26
FROM grafana/grafana:9.5.5
How to reproduce
please see also
https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/
Anything else
No response
Version
v0.19.0-beta6
Are you willing to submit PR?
Code of Conduct