vulnerability

FreeBSD: VID-4e60d660-6298-11ed-9ca2-6c3be5272acd (CVE-2022-31123): Grafana -- Plugin signature bypass

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:M/C:C/I:C/A:P)	Nov 12, 2022	Nov 13, 2022	Dec 10, 2025

Severity

CVSS

(AV:L/AC:M/Au:M/C:C/I:C/A:P)

Published

Nov 12, 2022

Added

Nov 13, 2022

Modified

Dec 10, 2025

Description

Grafana Labs reports: On July 4th as a result of an internal security audit we have discovered a bypass in the plugin signature verification by exploiting a versioning flaw. We believe that this vulnerability is rated at CVSS 6.1 (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L).

Solutions

freebsd-upgrade-package-grafanafreebsd-upgrade-package-grafana7freebsd-upgrade-package-grafana8freebsd-upgrade-package-grafana9

References

CVE-2022-31123
https://attackerkb.com/topics/CVE-2022-31123
CWE-347

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today