vulnerability

CentOS Linux: CVE-2023-2801: Moderate: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update (CESA-2023:7740)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:M/Au:S/C:N/I:N/A:C)
Published
Jun 6, 2023
Added
Dec 13, 2023
Modified
Jan 28, 2025

Description

Grafana is an open-source platform for monitoring and observability.

Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance.

The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly.

This might enable malicious users to crash Grafana instances through that endpoint.

Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix.

Solutions

centos-upgrade-ceph-basecentos-upgrade-ceph-base-debuginfocentos-upgrade-ceph-commoncentos-upgrade-ceph-common-debuginfocentos-upgrade-ceph-debuginfocentos-upgrade-ceph-debugsourcecentos-upgrade-ceph-exporter-debuginfocentos-upgrade-ceph-fusecentos-upgrade-ceph-fuse-debuginfocentos-upgrade-ceph-immutable-object-cachecentos-upgrade-ceph-immutable-object-cache-debuginfocentos-upgrade-ceph-mds-debuginfocentos-upgrade-ceph-mgr-debuginfocentos-upgrade-ceph-mibcentos-upgrade-ceph-mon-debuginfocentos-upgrade-ceph-osd-debuginfocentos-upgrade-ceph-radosgw-debuginfocentos-upgrade-ceph-resource-agentscentos-upgrade-ceph-selinuxcentos-upgrade-ceph-test-debuginfocentos-upgrade-cephadmcentos-upgrade-cephadm-ansiblecentos-upgrade-cephfs-mirror-debuginfocentos-upgrade-cephfs-topcentos-upgrade-libcephfs-develcentos-upgrade-libcephfs2centos-upgrade-libcephfs2-debuginfocentos-upgrade-libcephsqlite-debuginfocentos-upgrade-librados-develcentos-upgrade-librados-devel-debuginfocentos-upgrade-libradospp-develcentos-upgrade-libradosstriper1centos-upgrade-libradosstriper1-debuginfocentos-upgrade-librbd-develcentos-upgrade-librgw-develcentos-upgrade-librgw2centos-upgrade-librgw2-debuginfocentos-upgrade-python3-ceph-argparsecentos-upgrade-python3-ceph-commoncentos-upgrade-python3-cephfscentos-upgrade-python3-cephfs-debuginfocentos-upgrade-python3-radoscentos-upgrade-python3-rados-debuginfocentos-upgrade-python3-rbdcentos-upgrade-python3-rbd-debuginfocentos-upgrade-python3-rgwcentos-upgrade-python3-rgw-debuginfocentos-upgrade-rbd-fuse-debuginfocentos-upgrade-rbd-mirror-debuginfocentos-upgrade-rbd-nbdcentos-upgrade-rbd-nbd-debuginfo

References

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report