CVE-2022-39201

medium

Published 2023-11-07 · Modified 2023-11-14

CVSS v3

—

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS v2

—

VIR risk

5.5

Description

Moderate: grafana security and enhancement update

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6420.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2184483

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2161274

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2158420

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2148252

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2138015

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2138014

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2131148

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2131147

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2131146

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-39201.html

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6420

OS	Version	Status	Fixed in
rhel	9	fixed
sles		affected

Ecosystem	Package	Vulnerable	Fixed
Go	github.com/grafana/grafana	`>=5.0.0-beta1,<8.5.14`	`8.5.14`
Go	github.com/grafana/grafana	`>=9.0.0,<9.1.8`	`9.1.8`
Go	github.com/grafana/grafana	`>=5.0.0-beta1+incompatible`

Verify integrity in audit chain (admin only). AS-IS.