vulnerability

Alma Linux: CVE-2022-31123: Moderate: grafana security and enhancement update (ALSA-2023-6420)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:M/C:C/I:C/A:P)	Oct 13, 2022	Nov 16, 2023	Mar 31, 2026

Severity

CVSS

(AV:L/AC:M/Au:M/C:C/I:C/A:P)

Published

Oct 13, 2022

Added

Nov 16, 2023

Modified

Mar 31, 2026

Description

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.

Solution

alma-upgrade-grafana

References

CVE-2022-31123
https://attackerkb.com/topics/CVE-2022-31123
CWE-347
EUVD-EUVD-2024-1774
https://errata.almalinux.org/9/ALSA-2023-6420.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-1774

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report