Issue CVE-2025-68121 - Grafana 10.4.19_security_01-1

[J.Wick]

Server operating system version

Rocky 8.10 x86_64

Plesk version and microupdate number

18.0.76.3

During session resumption in crypto/TLS, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config. Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
https://www.cve.org/CVERecord?id=CVE-2025-68121
https://www.cve.org/CVERecord?id=CVE-2025-68121

Please fix.

 

[Sebahat.hadzhi]

Hi, @J.Wick . Our team is already working on addressing the vulnerabilities. The update has already been performed and it is currently in the testing stage, so it should be released soon.