VIR Vulnerability Intelligence Relay

CVE-2022-31107

high
Published 2022-07-26 · Modified 2022-07-28
CVSS v3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
CVSS v2
VIR risk
8.0

Description

Important: grafana security update

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2022-5716.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2022-5717.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2104367

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2022:5717

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2022:5716

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2022:5717

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-31107.html

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2022:5716

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
suse slesaffected
rockylinux rocky8fixed
rockylinux rocky9fixed

Package impact
EcosystemPackageVulnerableFixed
golang Gogithub.com/grafana/grafana>=5.3.0-beta1,<8.3.108.3.10
golang Gogithub.com/grafana/grafana>=8.4.0,<8.4.108.4.10
golang Gogithub.com/grafana/grafana>=8.5.0,<8.5.98.5.9
golang Gogithub.com/grafana/grafana>=9.0.0,<9.0.39.0.3
golang Gogithub.com/grafana/grafana

References

Verify integrity in audit chain (admin only). AS-IS.