https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28148 states that this only happens to the Enterprise edition of Grafana, while the default version deployed by Cephadm is the community one. Kind Regards, Ernesto On Tue, Jan 4, 2022 at 4:14 AM Jeremy Hansen <jeremy@xxxxxxxxxx> wrote: > I’m running 16.2.7 Pacific with Cephadm. Is there a way to upgrade an > individual component without breaking orchestration? I’m just trying to > clean up security issues and my scanner found problems with the version of > Grafana Ceph deploys: > > CVE > CVE-2021-28148 (https://gsa.la1.clx.corp/cve/CVE-2021-28148) > > CERT > > DFN-CERT-2021-1741 ( > https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1741)DFN-CERT-2021-1739 ( > https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1739)CB-K21/0293 ( > https://gsa.la1.clx.corp/certbund/CB-K21%2F0293) > > Summary > Grafana is prone to a denial of service (DoS) vulnerability. > > Detection Result > Installed version: 6.7.4 Fixed version: 6.7.6 Installation path / port: / > > Thanks > -jeremy > > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |