https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28148 states that this only happens to the Enterprise edition of Grafana, while the default version deployed by Cephadm is the community one.
Kind Regards, Ernesto On Tue, Jan 4, 2022 at 4:14 AM Jeremy Hansen <[email protected]> wrote: > I’m running 16.2.7 Pacific with Cephadm. Is there a way to upgrade an > individual component without breaking orchestration? I’m just trying to > clean up security issues and my scanner found problems with the version of > Grafana Ceph deploys: > > CVE > CVE-2021-28148 (https://gsa.la1.clx.corp/cve/CVE-2021-28148) > > CERT > > DFN-CERT-2021-1741 ( > https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1741)DFN-CERT-2021-1739 ( > https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1739)CB-K21/0293 ( > https://gsa.la1.clx.corp/certbund/CB-K21%2F0293) > > Summary > Grafana is prone to a denial of service (DoS) vulnerability. > > Detection Result > Installed version: 6.7.4 Fixed version: 6.7.6 Installation path / port: / > > Thanks > -jeremy > > _______________________________________________ > ceph-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > _______________________________________________ ceph-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
