CGA-75r3-2hvh-c2r7

Published

Last updated

https://images.chainguard.dev/security/CGA-75r3-2hvh-c2r7

Package

grafana-7

Repository

Chainguard

Latest Update

Not affected

Aliases

Severity

6.1

Medium

CVSS CVSS_V3

References

Updates

Status

Not affected

Justification

Component not present

Impact

Prometheus ships a Go (Golang) library with a versioning scheme that follows the 0.x format. However, the Prometheus application itself uses a versioning scheme based on 1.x, 2.x, etc. The vulnerability identified in CVE-2019-3826 is specifically associated with the Prometheus application, not the Golang library.

Status

Not affected

Justification

Vulnerable code not present

Impact

This impacts the Prometheus UI, and according to https://github.com/grafana/grafana/issues/34633#issuecomment-848552586 Grafana does not include that

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal