Nixpkgs Security Tracker

Untriaged

Permalink CVE-2022-39306

created 1 week, 6 days ago

Grafana contains Improper Input Validation

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds.

Affected products

grafana

==>= 9.v9.0.0-beta1, < 9.2.4
==< 8.5.15

Matching in nixpkgs

pkgs.grafana

Gorgeous metric viz, dashboards & editors for Graphite, InfluxDB & OpenTSDB

nixos-unstable 12.3.0
- nixpkgs-unstable 12.3.0
- nixos-unstable-small 12.3.0
nixos-25.05 12.0.7
- nixos-25.05-small 12.0.7
- nixpkgs-25.05-darwin 12.0.7

pkgs.grafanactl

Tool designed to simplify interaction with Grafana instances

nixos-unstable 0.1.7
- nixpkgs-unstable 0.1.7
- nixos-unstable-small 0.1.7

pkgs.mcp-grafana

MCP server for Grafana

nixos-unstable 0.7.9
- nixpkgs-unstable 0.7.9
- nixos-unstable-small 0.7.9

pkgs.grafana-loki

Like Prometheus, but for logs

nixos-unstable 3.5.8
- nixpkgs-unstable 3.5.8
- nixos-unstable-small 3.5.8
nixos-25.05 3.4.5
- nixos-25.05-small 3.4.5
- nixpkgs-25.05-darwin 3.4.5

pkgs.grafana-alloy

Open source OpenTelemetry Collector distribution with built-in Prometheus pipelines and support for metrics, logs, traces, and profiles

nixos-unstable 1.11.3
- nixpkgs-unstable 1.11.3
- nixos-unstable-small 1.11.3
nixos-25.05 1.8.3
- nixos-25.05-small 1.8.3
- nixpkgs-25.05-darwin 1.8.3

pkgs.grafana-kiosk

Kiosk Utility for Grafana

nixos-unstable 1.0.10
- nixpkgs-unstable 1.0.10
- nixos-unstable-small 1.0.10
nixos-25.05 1.0.9
- nixos-25.05-small 1.0.9
- nixpkgs-25.05-darwin 1.0.9

pkgs.grafana-to-ntfy

Grafana-to-ntfy (ntfy.sh) alerts channel

nixos-unstable 0-unstable-2025-01-25
- nixpkgs-unstable 0-unstable-2025-01-25
- nixos-unstable-small 0-unstable-2025-01-25
nixos-25.05 0-unstable-2025-01-25
- nixos-25.05-small 0-unstable-2025-01-25
- nixpkgs-25.05-darwin 0-unstable-2025-01-25

pkgs.grafana-dash-n-grab

Grafana Dash-n-Grab (gdg) -- backup and restore Grafana dashboards, datasources, and other entities

nixos-unstable 0.8.1
- nixpkgs-unstable 0.8.1
- nixos-unstable-small 0.8.1
nixos-25.05 0.7.2
- nixos-25.05-small 0.7.2
- nixpkgs-25.05-darwin 0.7.2

pkgs.grafana-image-renderer

Grafana backend plugin that handles rendering of panels & dashboards to PNGs using headless browser (Chromium/Chrome)

nixos-unstable 5.0.10
- nixpkgs-unstable 5.0.10
- nixos-unstable-small 5.0.10

pkgs.dhallPackages.dhall-grafana

None

nixos-unstable 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixpkgs-unstable 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixos-unstable-small 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
nixos-25.05 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixos-25.05-small 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932
- nixpkgs-25.05-darwin 49a3ee4801cf64f479e3f0bad839a5dd8e5b4932

pkgs.terraform-providers.grafana

None

nixos-25.05 3.22.3
- nixos-25.05-small 3.22.3
- nixpkgs-25.05-darwin 3.22.3

pkgs.python312Packages.grafanalib

Library for building Grafana dashboards

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.05 0.7.1
- nixos-25.05-small 0.7.1
- nixpkgs-25.05-darwin 0.7.1

pkgs.python313Packages.grafanalib

Library for building Grafana dashboards

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.05 0.7.1
- nixos-25.05-small 0.7.1
- nixpkgs-25.05-darwin 0.7.1

pkgs.haskellPackages.amazonka-grafana

Amazon Managed Grafana SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.05 2.0
- nixos-25.05-small 2.0
- nixpkgs-25.05-darwin 2.0

pkgs.grafanaPlugins.grafana-oncall-app

Developer-friendly incident response for Grafana

nixos-unstable 1.16.6
- nixpkgs-unstable 1.16.6
- nixos-unstable-small 1.16.6

pkgs.grafanaPlugins.grafana-clock-panel

Clock panel for Grafana

nixos-unstable 2.1.9
- nixpkgs-unstable 2.1.9
- nixos-unstable-small 2.1.9

pkgs.terraform-providers.grafana_grafana

None

nixos-unstable 4.17.0
- nixpkgs-unstable 4.17.0
- nixos-unstable-small 4.17.0

pkgs.grafanaPlugins.grafana-pyroscope-app

Integrate seamlessly with Pyroscope, the open-source continuous profiling platform, providing a smooth, query-less experience for browsing and analyzing profiling data