wazuh-qa icon indicating copy to clipboard operation
wazuh-qa copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Missing CVE-2023-4822 in grafana metadata package

Open Rebits opened this issue 9 months ago • 2 comments

Description

It has been detected Additional Vulnerability Detection End-to-End that Vulnerability Detector E2E grafana package metadata vulnerabilities do not contain CVE-2023-4822. It is necessary to include it for all the affected grafana versions

Rebits avatar Apr 30 '24 12:04 Rebits

Regarding https://nvd.nist.gov/vuln/detail/CVE-2023-4822, this vulnerability affects the following grafana packages

image

Currently, E2E test packages that should include this vulnerability are:

  • grafana-8.5.5
  • grafana-8.5.6
  • grafana-9.2.0
  • grafana-9.1.1
  • grafana-9.2.1
  • grafana-10.0.0

No substantial change is necessary in the test case due to expected nonvulnerable packages (grafana-9.5.13, grafana-9.4.17) are still not vulnerable

CVE-2023-4822 included in d19ab01a36c2f6bcf438c7dc675f5c24a76420be

Currently testing in a local environment. Further information regarding changes will be provided when test is over

Rebits avatar May 03 '24 08:05 Rebits

LGTM

santipadilla avatar May 07 '24 09:05 santipadilla