[SUSE-SU-2022:3676-1] Security update for grafana
Severity
Important
CVEs
14
Security update for grafana
This update for grafana fixes the following issues:
Updated to version 8.5.13 (jsc#PED-2145, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565):
- CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation (bsc#1203596).
- CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is used (bsc#1203597).
- CVE-2022-31107: Fixed OAuth account takeover (bsc#1201539).
- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535).
- CVE-2022-21702: Fixed XSS vulnerability in handling data sources (bsc#1195726).
- CVE-2022-21703: Fixed cross-origin request forgery vulnerability (bsc#1195727).
- CVE-2022-21713: Fixed Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728).
- CVE-2022-21673: Fixed missing error return in GetUserInfo if no user was found (bsc#1194873).
- CVE-2021-43815: Fixed directory traversal for .csv files (bsc#1193686).
- CVE-2021-41244: Fixed incorrect access control vulnerability(bsc#1192763).
- CVE-2021-41174: Fixed XSS vulnerability on unauthenticated pages through interpolation binding expressions for AngularJS in URL (bsc#1192383).
- CVE-2021-3711: Fixed SM2 Decryption Buffer Overflow (bsc#1189520).
- CVE-2021-36222: Fixed a null pointer dereference in the KDC (bsc#1188571).
- CVE-2021-43798: Fixed arbitrary file read in the graph native plugin (bsc#1193492).
- ID
- SUSE-SU-2022:3676-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20223676-1/
- Published
-
2022-10-20T11:40:04
(23 months ago) - Modified
-
2022-10-20T11:40:04
(23 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALPINE:CVE-2021-36222
- ALPINE:CVE-2021-3711
- ALPINE:CVE-2021-41244
- ALPINE:CVE-2021-43798
- ALPINE:CVE-2021-43815
- ALPINE:CVE-2022-21673
- ALPINE:CVE-2022-21702
- ALPINE:CVE-2022-21703
- ALPINE:CVE-2022-21713
- ALPINE:CVE-2022-31097
- ALPINE:CVE-2022-31107
- ALPINE:CVE-2022-35957
- ALPINE:CVE-2022-36062
- ALSA-2021:3576
- ALSA-2022:5716
- ALSA-2022:5717
- ALSA-2022:7519
- ALSA-2022:8057
- ALSA-2023:2167
- ASA-202111-5
- ASA-202111-6
- ASA-202112-11
- DSA-4944-1
- DSA-4963-1
- ELSA-2021-3576
- ELSA-2022-5716
- ELSA-2022-5717
- ELSA-2022-7519
- ELSA-2022-8057
- ELSA-2023-2167
- FEDORA-2021-2bae525fd3
- FEDORA-2021-8b25e4642f
- FEDORA-2022-2eb4418018
- FEDORA-2022-83405f9d5b
- FEDORA-2022-9dd03cab55
- FEDORA-2022-c5383675d9
- FREEBSD:0859E6D5-0415-11ED-A53B-6C3BE5272ACD
- FREEBSD:0C367E98-0415-11ED-A53B-6C3BE5272ACD
- FREEBSD:4B478274-47A0-11EC-BD24-6C3BE5272ACD
- FREEBSD:95E6E6CA-3986-11ED-8E0C-6C3BE5272ACD
- FREEBSD:96811D4A-04EC-11EC-9B84-D4C9EF517024
- FREEBSD:99BFF2BD-4852-11EC-A828-6C3BE5272ACD
- FREEBSD:C2A7DE31-5B42-11EC-8398-6C3BE5272ACD
- FREEBSD:C9387E4D-2F5F-11EC-8BE6-D4C9EF517024
- FREEBSD:CECBC674-8B83-11EC-B369-6C3BE5272ACD
- FREEBSD:D4284C2E-8B83-11EC-B369-6C3BE5272ACD
- FREEBSD:D71D154A-8B83-11EC-B369-6C3BE5272ACD
- FREEBSD:E33880ED-5802-11EC-8398-6C3BE5272ACD
- GLSA-202209-02
- GLSA-202210-02
- GLSA-202405-11
- GO-2024-2847
- GO-2024-2852
- GO-2024-2854
- GO-2024-2857
- MS:CVE-2021-36222
- MS:CVE-2021-3711
- NPM:GHSA-3J9M-HCV9-RPJ8
- openSUSE-SU-2021:1182-1
- openSUSE-SU-2021:1188-1
- openSUSE-SU-2021:2800-1
- openSUSE-SU-2021:2830-1
- openSUSE-SU-2022:0283-1
- RHSA-2021:3576
- RHSA-2022:5716
- RHSA-2022:5717
- RHSA-2022:7519
- RHSA-2022:8057
- RHSA-2023:2167
- RLSA-2022:5717
- RLSA-2022:7519
- RLSA-2022:8057
- RUSTSEC-2021-0097
- SECADV-20210824-1
- SUSE-SU-2021:2800-1
- SUSE-SU-2021:2830-1
- SUSE-SU-2021:2833-1
- SUSE-SU-2022:0283-1
- SUSE-SU-2022:0751-1
- SUSE-SU-2022:1396-1
- SUSE-SU-2022:2134-1
- SUSE-SU-2022:3747-1
- SUSE-SU-2022:3751-1
- SUSE-SU-2022:3765-1
- SUSE-SU-2022:4428-1
- SUSE-SU-2022:4437-1
- SUSE-SU-2022:4439-1
- SUSE-SU-2023:2575-1
- SUSE-SU-2023:2578-1
- SUSE-SU-2023:2579-1
- SUSE-SU-2024:0191-1
- SUSE-SU-2024:0196-1
- SUSE-SU-2024:0486-1
- SUSE-SU-2024:0487-1
- USN-5051-1
- USN-5959-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |