I was able to upgrade to v9.4.12, so thanks for that btw. However, it seems that v9.4.12 is still at risk per the vulnerability scans. CVE-2023-3128 (https://nvd.nist.gov/vuln/detail/CVE-2023-3128) CVE-2024-1442 (https://nvd.nist.gov/vuln/detail/CVE-2024-1442) Affects: Grafana 6.7.x < 8.5.27, 9.x < 9.2.20, 9.3.x < 9.3.16, 9.4.x < 9.4.13, 9.5.x < 9.5.5, 10.x < 10.0.1 Authentication Bypass Vulnerability When I looked at the Ceph-Grafana Quay.io site "https://quay.io/repository/ceph/ceph-grafana?tab=tags";, it seems the last build was over a year ago. Is anyone actually working on this? Even the Quay Security Scanner has detected 586 vulnerabilities, patches are available for 283 vulnerabilities. I was looking for a place to raise an issue on it, but the quay.io site doesn't show a link any place. -- Michael ________________________________ From: Wyll Ingersoll Sent: Thursday, April 17, 2025 9:40 AM To: Sake Ceph; ceph-users@xxxxxxx Subject: Re: Grafana vulnerability - cephadm deployment This is an external email. Please take care when clicking links or opening attachments. When in doubt, check with the Help Desk or Security. ceph-grafana should be upgraded to 10.4 or later because it is not compatible with the latest prometheus alertmanager (0.27 or later) which only support the alertmanager V2 API. Is there an issue to track this? ________________________________ From: Sake Ceph <ceph@xxxxxxxxxxx> Sent: Thursday, April 17, 2025 9:35 AM To: ceph-users@xxxxxxx <ceph-users@xxxxxxx> Subject: Re: Grafana vulnerability - cephadm deployment But Grafana 9.4 is EOL for a long time. Shouldn't it be time to upgrade the image? Kind regards, Sake > Op 17-04-2025 09:14 CEST schreef Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>: > > > Hi, > > Am 4/16/25 um 21:11 schrieb Anthony D'Atri: > > This is covered in the docs: > > > > https://docs.ceph.com/en/reef/cephadm/services/monitoring/#using-custom-images<https://docs.ceph.com/en/reef/cephadm/services/monitoring/#using-custom-images> > > There is a newer Grafana container available at quay.io/ceph/ceph-grafana:9.4.12 > > You can use it with > > # ceph config set mgr mgr/cephadm/container_image_grafana quay.io/ceph/ceph-grafana:9.4.12 > # ceph orch redeploy grafana > > Regards > -- > Robert Sander > Linux Consultant > > Heinlein Consulting GmbH > Schwedter Str. 8/9b, 10119 Berlin > > https://www.heinlein-support.de/<https://www.heinlein-support.de/> > > Tel: +49 30 405051 - 0 > Fax: +49 30 405051 - 19 > > Amtsgericht Berlin-Charlottenburg - HRB 220009 B > Geschäftsführer: Peer Heinlein - Sitz: Berlin > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx This message and its attachments are from Data Dimensions and are intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and permanently delete the original email and destroy any copies or printouts of this email as well as any attachments. _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |