VDB
RHSA-2022%3A6322
RHSA-2022%3A6322
PUBLISHED
CVSS 7.300000190734863 HIGH
An authentication bypass was found in grafana. An attacker on the network is able to view and delete snapshots by accessing a literal path.
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-openshift-controller-manager-rhel8@sha256:3a0b5e59f3e0638fde0bb20af475ccb65c9432127e6b8a5a421a1a29db654eab_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-openshift-controller-manager-rhel8@sha256:3a0b5e59f3e0638fde0bb20af475ccb65c9432127e6b8a5a421a1a29db654eab_ppc64le |
| Red Hat | openshift4/ose-csi-external-attacher@sha256:da855caaa593d19fe27ab7860b966ded9cecf6580fc2549b494ff197225e04bb_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-csi-external-attacher@sha256:da855caaa593d19fe27ab7860b966ded9cecf6580fc2549b494ff197225e04bb_amd64 |
| Red Hat | openshift4/ose-oauth-server-rhel8@sha256:30c91ad6bddd66c1a79c3aecaf5623d340382191b4dfb8c0dda70ddca245a6d2_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | * |
| Red Hat | openshift4/ose-gcp-pd-csi-driver-rhel8@sha256:bf78d06bf019a57010a5047263c1ab8db1fc1772d70e47a14529af8a9af45f02_s390x as a component of Red Hat OpenShift Container Platform 4.7 | * |
| Red Hat | openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:1aa136db5d195be99b1c40a8c88710a17ad5ec7cc5dd350169d630270528fe79_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:1aa136db5d195be99b1c40a8c88710a17ad5ec7cc5dd350169d630270528fe79_ppc64le |
| Red Hat | openshift4/ose-service-ca-operator@sha256:2c188f2e13f8a1dae09bff174c18d4d4aec6e32fadb933cdedfa33ae7db35026_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-service-ca-operator@sha256:2c188f2e13f8a1dae09bff174c18d4d4aec6e32fadb933cdedfa33ae7db35026_s390x |
| Red Hat | openshift4/ose-mdns-publisher-rhel8@sha256:4804995c0c7227705e83a9e8d86818df851365e28992afd5b019073c69563422_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-mdns-publisher-rhel8@sha256:4804995c0c7227705e83a9e8d86818df851365e28992afd5b019073c69563422_ppc64le |
| Red Hat | openshift4/ose-mdns-publisher-rhel8@sha256:00f0c11bece849027f29ca694b53d0850c3dc79e61f758a12d59d558911d71a7_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-mdns-publisher-rhel8@sha256:00f0c11bece849027f29ca694b53d0850c3dc79e61f758a12d59d558911d71a7_amd64 |
| Red Hat | openshift4/ose-installer@sha256:0737789a4c00f992fa1e385ae2807f80685f631c9da0f86cf6b9402e490d3407_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | * |
| Red Hat | openshift4/ose-ironic-rhel8@sha256:e65d633e8b25dbddb02614e9e7543928ebe6323f365e99a005c461b1fd54355b_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-ironic-rhel8@sha256:e65d633e8b25dbddb02614e9e7543928ebe6323f365e99a005c461b1fd54355b_ppc64le |
| Red Hat | openshift4/ose-pod@sha256:104d7602a6fce0a094b951e47eee5cbb4074b7b5b991c6ef81f0e45a9fbf908f_s390x as a component of Red Hat OpenShift Container Platform 4.7 | * |
| Red Hat | openshift4/ose-haproxy-router@sha256:0d845ecc4913f50b9e97821228084bc73ea5388d0288a5c15747accf85a33a9d_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-haproxy-router@sha256:0d845ecc4913f50b9e97821228084bc73ea5388d0288a5c15747accf85a33a9d_s390x |
| Red Hat | openshift4/ose-tools-rhel8@sha256:46cfc0b3bb4e08c1dbb5c96df4df1d6a0589777c48f7ceae76f3b91e53cad359_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | * |
| Red Hat | openshift4/ose-cluster-kube-apiserver-operator@sha256:3fb70732444dde130e2d1e43d1ee4ec3c6865b6e6f404638e2732f042577bddd_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-cluster-kube-apiserver-operator@sha256:3fb70732444dde130e2d1e43d1ee4ec3c6865b6e6f404638e2732f042577bddd_amd64 |
| Red Hat | openshift4/ose-csi-node-driver-registrar-rhel8@sha256:5e5f6d44e626b42007ec26226a08f2a4283bdbe0412ad26ee04121a2a0f03dd0_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-csi-node-driver-registrar-rhel8@sha256:5e5f6d44e626b42007ec26226a08f2a4283bdbe0412ad26ee04121a2a0f03dd0_amd64 |
| Red Hat | openshift4/ose-cluster-policy-controller-rhel8@sha256:807d68810214fb572786499b771a3c5ea6142b3e50e8e73df0ae0bfa2295be7d_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-cluster-policy-controller-rhel8@sha256:807d68810214fb572786499b771a3c5ea6142b3e50e8e73df0ae0bfa2295be7d_amd64 |
| Red Hat | openshift4/ose-vsphere-problem-detector-rhel8@sha256:f4dc576d35a4d56978e3db1815c9e2e82cc8fef490d7826b203d23a8f7544d9e_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-vsphere-problem-detector-rhel8@sha256:f4dc576d35a4d56978e3db1815c9e2e82cc8fef490d7826b203d23a8f7544d9e_ppc64le |
| Red Hat | openshift4/ose-vsphere-problem-detector-rhel8@sha256:67301112c76081f1c92c0591abf5614f2bd8ff09e58a5ce8ec31b26d700de5e0_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | * |
| Red Hat | openshift4/ose-cloud-credential-operator@sha256:9dba4ca62be1433ee7222cfe55929ef507842e2b728fbec289ade18dcd6acacb_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-cloud-credential-operator@sha256:9dba4ca62be1433ee7222cfe55929ef507842e2b728fbec289ade18dcd6acacb_s390x |
| Red Hat | redhat/redhat-operator-index@sha256:11c0e9e42926dd6efe536bd610e8441b7f247cfadf457f914a940c98d04abd84_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | redhat/redhat-operator-index@sha256:11c0e9e42926dd6efe536bd610e8441b7f247cfadf457f914a940c98d04abd84_amd64 |
…and 378 more
Timeline
- Sep 13, 2022 CVE Published
- Mar 18, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2022:6322 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1969870 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1994486 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2011063 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2113999 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2117078 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2117347 issue
- https://issues.redhat.com/browse/OCPBUGS-875 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6322.json advisory
- https://access.redhat.com/security/cve/CVE-2021-39226 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-39226 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-39226 advisory
- https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9 advisory
- https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit