1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2022:3676-1

[SUSE-SU-2022:3676-1] Security update for grafana

Severity Important
CVEs 14
Info References Vulnerabilities

Security update for grafana

This update for grafana fixes the following issues:

Updated to version 8.5.13 (jsc#PED-2145, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565):

  • CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation (bsc#1203596).
  • CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is used (bsc#1203597).
  • CVE-2022-31107: Fixed OAuth account takeover (bsc#1201539).
  • CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535).
  • CVE-2022-21702: Fixed XSS vulnerability in handling data sources (bsc#1195726).
  • CVE-2022-21703: Fixed cross-origin request forgery vulnerability (bsc#1195727).
  • CVE-2022-21713: Fixed Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728).
  • CVE-2022-21673: Fixed missing error return in GetUserInfo if no user was found (bsc#1194873).
  • CVE-2021-43815: Fixed directory traversal for .csv files (bsc#1193686).
  • CVE-2021-41244: Fixed incorrect access control vulnerability(bsc#1192763).
  • CVE-2021-41174: Fixed XSS vulnerability on unauthenticated pages through interpolation binding expressions for AngularJS in URL (bsc#1192383).
  • CVE-2021-3711: Fixed SM2 Decryption Buffer Overflow (bsc#1189520).
  • CVE-2021-36222: Fixed a null pointer dereference in the KDC (bsc#1188571).
  • CVE-2021-43798: Fixed arbitrary file read in the graph native plugin (bsc#1193492).
ID
SUSE-SU-2022:3676-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2022/suse-su-20223676-1/
Published
2022-10-20T11:40:04
(23 months ago)
Modified
2022-10-20T11:40:04
(23 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3676-1.json
Suse URL for SUSE-SU-2022:3676-1 https://www.suse.com/support/update/announcement/2022/suse-su-20223676-1/
Suse E-Mail link for SUSE-SU-2022:3676-1 https://lists.suse.com/pipermail/sle-security-updates/2022-October/012594.html
Bugzilla SUSE Bug 1188571 https://bugzilla.suse.com/1188571
Bugzilla SUSE Bug 1189520 https://bugzilla.suse.com/1189520
Bugzilla SUSE Bug 1192383 https://bugzilla.suse.com/1192383
Bugzilla SUSE Bug 1192763 https://bugzilla.suse.com/1192763
Bugzilla SUSE Bug 1193492 https://bugzilla.suse.com/1193492
Bugzilla SUSE Bug 1193686 https://bugzilla.suse.com/1193686
Bugzilla SUSE Bug 1194873 https://bugzilla.suse.com/1194873
Bugzilla SUSE Bug 1195726 https://bugzilla.suse.com/1195726
Bugzilla SUSE Bug 1195727 https://bugzilla.suse.com/1195727
Bugzilla SUSE Bug 1195728 https://bugzilla.suse.com/1195728
Bugzilla SUSE Bug 1201535 https://bugzilla.suse.com/1201535
Bugzilla SUSE Bug 1201539 https://bugzilla.suse.com/1201539
Bugzilla SUSE Bug 1203596 https://bugzilla.suse.com/1203596
Bugzilla SUSE Bug 1203597 https://bugzilla.suse.com/1203597
CVE SUSE CVE CVE-2021-36222 page https://www.suse.com/security/cve/CVE-2021-36222/
CVE SUSE CVE CVE-2021-3711 page https://www.suse.com/security/cve/CVE-2021-3711/
CVE SUSE CVE CVE-2021-41174 page https://www.suse.com/security/cve/CVE-2021-41174/
CVE SUSE CVE CVE-2021-41244 page https://www.suse.com/security/cve/CVE-2021-41244/
CVE SUSE CVE CVE-2021-43798 page https://www.suse.com/security/cve/CVE-2021-43798/
CVE SUSE CVE CVE-2021-43815 page https://www.suse.com/security/cve/CVE-2021-43815/
CVE SUSE CVE CVE-2022-21673 page https://www.suse.com/security/cve/CVE-2022-21673/
CVE SUSE CVE CVE-2022-21702 page https://www.suse.com/security/cve/CVE-2022-21702/
CVE SUSE CVE CVE-2022-21703 page https://www.suse.com/security/cve/CVE-2022-21703/
CVE SUSE CVE CVE-2022-21713 page https://www.suse.com/security/cve/CVE-2022-21713/
CVE SUSE CVE CVE-2022-31097 page https://www.suse.com/security/cve/CVE-2022-31097/
CVE SUSE CVE CVE-2022-31107 page https://www.suse.com/security/cve/CVE-2022-31107/
CVE SUSE CVE CVE-2022-35957 page https://www.suse.com/security/cve/CVE-2022-35957/
CVE SUSE CVE CVE-2022-36062 page https://www.suse.com/security/cve/CVE-2022-36062/
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date