[SUSE-SU-2022:3765-1] Security update for grafana
Severity
Important
Affected Packages
8
CVEs
5
Security update for grafana
This update for grafana fixes the following issues:
Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439):
- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535).
- CVE-2022-31107: Fixed OAuth account takeover vulnerability (bsc#1201539).
- CVE-2022-21702: Fixed XSS through attacker-controlled data source (bsc#1195726).
- CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727).
- CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728).
Package | Affected Version |
---|---|
pkg:rpm/suse/grafana?arch=x86_64&distro=opensuse-leap-15.4 | < 8.3.10-150200.3.26.1 |
pkg:rpm/suse/grafana?arch=x86_64&distro=opensuse-leap-15.3 | < 8.3.10-150200.3.26.1 |
pkg:rpm/suse/grafana?arch=s390x&distro=opensuse-leap-15.4 | < 8.3.10-150200.3.26.1 |
pkg:rpm/suse/grafana?arch=s390x&distro=opensuse-leap-15.3 | < 8.3.10-150200.3.26.1 |
pkg:rpm/suse/grafana?arch=ppc64le&distro=opensuse-leap-15.4 | < 8.3.10-150200.3.26.1 |
pkg:rpm/suse/grafana?arch=ppc64le&distro=opensuse-leap-15.3 | < 8.3.10-150200.3.26.1 |
pkg:rpm/suse/grafana?arch=aarch64&distro=opensuse-leap-15.4 | < 8.3.10-150200.3.26.1 |
pkg:rpm/suse/grafana?arch=aarch64&distro=opensuse-leap-15.3 | < 8.3.10-150200.3.26.1 |
- ID
- SUSE-SU-2022:3765-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20223765-1/
- Published
-
2022-10-26T09:17:37
(23 months ago) - Modified
-
2022-10-26T09:17:37
(23 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALPINE:CVE-2022-21702
- ALPINE:CVE-2022-21703
- ALPINE:CVE-2022-21713
- ALPINE:CVE-2022-31097
- ALPINE:CVE-2022-31107
- ALSA-2022:5716
- ALSA-2022:5717
- ALSA-2022:7519
- ALSA-2022:8057
- ELSA-2022-5716
- ELSA-2022-5717
- ELSA-2022-7519
- ELSA-2022-8057
- FEDORA-2022-83405f9d5b
- FEDORA-2022-9dd03cab55
- FEDORA-2022-c5383675d9
- FREEBSD:0859E6D5-0415-11ED-A53B-6C3BE5272ACD
- FREEBSD:0C367E98-0415-11ED-A53B-6C3BE5272ACD
- FREEBSD:CECBC674-8B83-11EC-B369-6C3BE5272ACD
- FREEBSD:D4284C2E-8B83-11EC-B369-6C3BE5272ACD
- FREEBSD:D71D154A-8B83-11EC-B369-6C3BE5272ACD
- GO-2024-2852
- GO-2024-2857
- RHSA-2022:5716
- RHSA-2022:5717
- RHSA-2022:7519
- RHSA-2022:8057
- RLSA-2022:5717
- RLSA-2022:7519
- RLSA-2022:8057
- SUSE-SU-2022:0751-1
- SUSE-SU-2022:1396-1
- SUSE-SU-2022:2134-1
- SUSE-SU-2022:3676-1
- SUSE-SU-2022:3747-1
- SUSE-SU-2022:3751-1
- SUSE-SU-2022:4428-1
- SUSE-SU-2022:4437-1
- SUSE-SU-2022:4439-1
- SUSE-SU-2023:2575-1
- SUSE-SU-2023:2578-1
- SUSE-SU-2023:2579-1
- SUSE-SU-2024:0191-1
- SUSE-SU-2024:0196-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/grafana?arch=x86_64&distro=opensuse-leap-15.4 | suse | grafana | < 8.3.10-150200.3.26.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/grafana?arch=x86_64&distro=opensuse-leap-15.3 | suse | grafana | < 8.3.10-150200.3.26.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/grafana?arch=s390x&distro=opensuse-leap-15.4 | suse | grafana | < 8.3.10-150200.3.26.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/grafana?arch=s390x&distro=opensuse-leap-15.3 | suse | grafana | < 8.3.10-150200.3.26.1 | opensuse-leap-15.3 | s390x | |
Affected | pkg:rpm/suse/grafana?arch=ppc64le&distro=opensuse-leap-15.4 | suse | grafana | < 8.3.10-150200.3.26.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/grafana?arch=ppc64le&distro=opensuse-leap-15.3 | suse | grafana | < 8.3.10-150200.3.26.1 | opensuse-leap-15.3 | ppc64le | |
Affected | pkg:rpm/suse/grafana?arch=aarch64&distro=opensuse-leap-15.4 | suse | grafana | < 8.3.10-150200.3.26.1 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/grafana?arch=aarch64&distro=opensuse-leap-15.3 | suse | grafana | < 8.3.10-150200.3.26.1 | opensuse-leap-15.3 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |