[SUSE-SU-2023:0362-1] Security update for grafana
Severity
Moderate
Affected Packages
4
CVEs
6
Security update for grafana
This update for grafana fixes the following issues:
- Version update from 8.5.13 to 8.5.15 (jsc#PED-2617):
- CVE-2022-39306: Security fix for privilege escalation (bsc#1205225)
- CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)
- CVE-2022-39201: Do not forward login cookie in outgoing requests (bsc#1204303)
- CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
- CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
- CVE-2022-39229: Fix blocking other users from signing in (bsc#1204304)
Package | Affected Version |
---|---|
pkg:rpm/suse/grafana?arch=x86_64&distro=opensuse-leap-15.4 | < 8.5.15-150200.3.32.1 |
pkg:rpm/suse/grafana?arch=s390x&distro=opensuse-leap-15.4 | < 8.5.15-150200.3.32.1 |
pkg:rpm/suse/grafana?arch=ppc64le&distro=opensuse-leap-15.4 | < 8.5.15-150200.3.32.1 |
pkg:rpm/suse/grafana?arch=aarch64&distro=opensuse-leap-15.4 | < 8.5.15-150200.3.32.1 |
- ID
- SUSE-SU-2023:0362-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20230362-1/
- Published
-
2023-02-10T14:15:47
(19 months ago) - Modified
-
2023-02-10T14:15:47
(19 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALSA-2023:2167
- ALSA-2023:2784
- ALSA-2023:6420
- ELSA-2023-2167
- ELSA-2023-2784
- ELSA-2023-6420
- FREEBSD:0A80F159-629B-11ED-9CA2-6C3BE5272ACD
- FREEBSD:4E60D660-6298-11ED-9CA2-6C3BE5272ACD
- FREEBSD:6877E164-6296-11ED-9CA2-6C3BE5272ACD
- FREEBSD:6EB6A442-629A-11ED-9CA2-6C3BE5272ACD
- FREEBSD:6F6C9420-6297-11ED-9CA2-6C3BE5272ACD
- FREEBSD:909A80BA-6294-11ED-9CA2-6C3BE5272ACD
- GO-2024-2843
- GO-2024-2844
- GO-2024-2848
- GO-2024-2851
- GO-2024-2855
- GO-2024-2858
- RHSA-2023:2167
- RHSA-2023:2784
- RHSA-2023:6420
- SUSE-SU-2023:0352-1
- SUSE-SU-2023:0353-1
- SUSE-SU-2024:0191-1
- SUSE-SU-2024:0196-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/grafana?arch=x86_64&distro=opensuse-leap-15.4 | suse | grafana | < 8.5.15-150200.3.32.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/grafana?arch=s390x&distro=opensuse-leap-15.4 | suse | grafana | < 8.5.15-150200.3.32.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/grafana?arch=ppc64le&distro=opensuse-leap-15.4 | suse | grafana | < 8.5.15-150200.3.32.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/grafana?arch=aarch64&distro=opensuse-leap-15.4 | suse | grafana | < 8.5.15-150200.3.32.1 | opensuse-leap-15.4 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |