Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:6972 - Security Advisory
Issued:
2023-11-14
Updated:
2023-11-14

RHSA-2023:6972 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: grafana security and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

  • grafana: account takeover possible when using Azure AD OAuth (CVE-2023-3128)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2193250 - Rebase to Grafana v9.2 in RHEL 8.9
  • BZ - 2213626 - CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth
  • BZ - 2224606 - grafana user is missing home directory in /etc/passwd

CVEs

  • CVE-2023-3128

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
x86_64
grafana-9.2.10-7.el8_9.x86_64.rpm SHA-256: 3862777dd9b3d950778e58c78346c404a8aa0294d4f1c39eea72b0838af6f85a
grafana-debuginfo-9.2.10-7.el8_9.x86_64.rpm SHA-256: b9071afc3e796f21770960aa8100f1f069c194c67a6901a76789ba2eafed4528
grafana-debugsource-9.2.10-7.el8_9.x86_64.rpm SHA-256: 96ed4863a4b748220a35f66029faf601877c0ec52d0182d32f58cc23c4a43350

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
s390x
grafana-9.2.10-7.el8_9.s390x.rpm SHA-256: d70f1bd5492c541ae1bc8b6d20c45ca88d10dafa821e1b002b0afd5087b56fe3
grafana-debuginfo-9.2.10-7.el8_9.s390x.rpm SHA-256: 534d62cda97a9bdba0a742789ed6da1fb4b432119db55a2f29efa628f4b4228e
grafana-debugsource-9.2.10-7.el8_9.s390x.rpm SHA-256: 05bc814f3d198b9bb7425e0c3811402a8196fbc34945ee0f49ed5f35dfd23c80

Red Hat Enterprise Linux for Power, little endian 8

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
ppc64le
grafana-9.2.10-7.el8_9.ppc64le.rpm SHA-256: 2f164249cf767d80564cb3b54e14ce184adfe4767b199d9497f84577f01b83e1
grafana-debuginfo-9.2.10-7.el8_9.ppc64le.rpm SHA-256: 2f3a9e99a97cf56534dd67e0e5a5edb6c236ba3337e9f2c086f708c86f281713
grafana-debugsource-9.2.10-7.el8_9.ppc64le.rpm SHA-256: f68a042986edbeb475c85a27204b45eef84654a7fa28d25466f2e79af3facca5

Red Hat Enterprise Linux for ARM 64 8

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
aarch64
grafana-9.2.10-7.el8_9.aarch64.rpm SHA-256: 41975afcda420bbe6f2d87383052f7d78d3dc48931b4b43323d0ba67ae99e419
grafana-debuginfo-9.2.10-7.el8_9.aarch64.rpm SHA-256: ace8e9f2309cc887130dd63280bb16db0c0bfa6ef5b0f7eb609f9216bad76b78
grafana-debugsource-9.2.10-7.el8_9.aarch64.rpm SHA-256: 738a3525858146a033712e4858546dd78c4a7973e3bf3fd7ba052bd9386c344d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility