CVE-2023-3128

critical

Published 2023-07-12 · Modified 2023-07-12

CVSS v3

—

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CVSS v2

—

VIR risk

9.5

Description

Critical: grafana security update

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-4030.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-6972.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2213626

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:6972

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:4030

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-3128.html

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6420

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:4030

OS	Version	Status
rhel	9	fixed
sles		affected
rocky	9	fixed

Ecosystem	Package	Vulnerable	Fixed
Go	github.com/grafana/grafana	`>=9.4.0,<9.4.13`	`9.4.13`
Go	github.com/grafana/grafana	`>=9.3.0,<9.3.16`	`9.3.16`
Go	github.com/grafana/grafana	`>=9.0.0,<9.2.20`	`9.2.20`
Go	github.com/grafana/grafana	`<8.5.27`	`8.5.27`

Verify integrity in audit chain (admin only). AS-IS.