Question Grafana update for cve-2023-6152 still missing in https://autoinstall.plesk.com/grafana/deb

theunknownstuntman · Mar 1, 2024

Hi,

when may I expect the delivery of the patched grafana versions to 10.3.3, 10.2.4, 10.1.7, 10.0.11 and 9.5.16.

Email verification is not required after email change | Grafana Labs

Grafana is an open-source platform for monitoring and observability. A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option “verify_email_enabled” will only validate email only on sign up. This issue has been...

grafana.com

These are still missing in Index of /grafana/deb

Kaspar@Plesk · May 22, 2024

The issue decribed in CVE-2023-6152 does not impact the Grafana Plesk extension. Basic authentication is enabled in the settings, but not used because of the integration with Plesk where the session mechanism is used for authentication instead.

Question Grafana update for cve-2023-6152 still missing in https://autoinstall.plesk.com/grafana/deb

theunknownstuntman

Basic Pleskian

Email verification is not required after email change | Grafana Labs

Kaspar@Plesk

Community Manager up till 07/2024

Similar threads