Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3711 (GCVE-0-2021-3711)
Vulnerability from cvelistv5 – Published: 2021-08-24 14:50 – Updated: 2024-09-16 18:29
VLAI
EPSS
Title
SM2 Decryption Buffer Overflow
Summary
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
Severity
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
17 references
Impacted products
Date Public
2021-08-24 00:00
Credits
John Ouyang
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20210824.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
},
{
"name": "DSA-4963",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4963"
},
{
"name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
},
{
"name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-16"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"name": "GLSA-202209-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-02"
},
{
"name": "GLSA-202210-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "John Ouyang"
}
],
"datePublic": "2021-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#High",
"value": "High"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:59.573Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20210824.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
},
{
"name": "DSA-4963",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4963"
},
{
"name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
},
{
"name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.tenable.com/security/tns-2021-16"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
},
{
"url": "https://www.tenable.com/security/tns-2022-02"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"name": "GLSA-202209-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-02"
},
{
"name": "GLSA-202210-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "SM2 Decryption Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2021-3711",
"datePublished": "2021-08-24T14:50:13.114Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:29:03.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-3711",
"date": "2026-06-21",
"epss": "0.87816",
"percentile": "0.99741"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.1.1\", \"versionEndExcluding\": \"1.1.1l\", \"matchCriteriaId\": \"A9592A08-7FF0-490F-B684-6EA8E49F36C7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FE996B1-6951-4F85-AA58-B99A379D2163\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62347994-1353-497C-9C4A-D5D8D95F67E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndIncluding\": \"11.50.2\", \"matchCriteriaId\": \"433D435D-13D0-4EAA-ACD9-DD88DA712D00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3C19813-E823-456A-B1CE-EC0684CE1953\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D39DCAE7-494F-40B2-867F-6C6A077939DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735E553-9731-4AAC-BCFF-989377F817B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"361B791A-D336-4431-8F68-8135BEFFAEA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storage_encryption:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D82795C-F1ED-4D2C-B578-75B9EECBB99C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6EAA723-2A23-4151-930B-86ACF9CC1C0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C416FD3-2E2F-4BBC-BD5F-F896825883F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D886339E-EDB2-4879-BD54-1800E4CA9CAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB468FEE-A0F4-49A0-BBEE-10D0733C87D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC5C177E-0C77-48C9-847A-A9E5AA7DBC1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"348EEE70-E114-4720-AAAF-E77DE5C9A2D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DCDD73B-57B1-4580-B922-5662E3AC13B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7015A8CB-8FA6-423E-8307-BD903244F517\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9A4E206-56C7-4578-AC9C-088B0C8D9CFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.1.2.4.47\", \"matchCriteriaId\": \"C78A7E07-AB08-46C5-942D-B40BBE0C0D06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"21.1\", \"versionEndExcluding\": \"21.3\", \"matchCriteriaId\": \"F2A9C248-94B0-4F7B-AD9C-4BE55AA1E3F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F12453B-0E7B-46B9-ADEC-0AC5EDC41058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D105A5B-0AA8-4782-B804-CB1384F85884\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.2.6.3\", \"matchCriteriaId\": \"BE34D4F7-5C18-4578-8D0A-722FDF931333\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B1CAD50-749F-4ADB-A046-BF3585677A58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.0.27\", \"matchCriteriaId\": \"AE23C7E1-F849-411D-850F-A504D4BA3414\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.0.25\", \"matchCriteriaId\": \"88627B99-16DC-4878-A63A-A40F6FC1F477\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.7.0\", \"versionEndIncluding\": \"5.7.35\", \"matchCriteriaId\": \"E667933A-37EA-4BC2-9180-C3B4B7038866\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.0.26\", \"matchCriteriaId\": \"709E83B4-8C66-4255-870B-2F72B37BA8C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E1E416B-920B-49A0-9523-382898C2979D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.13.1\", \"matchCriteriaId\": \"5FD1ED11-84AA-47E6-AD00-E08D035AF53B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16.0\", \"versionEndIncluding\": \"5.19.1\", \"matchCriteriaId\": \"8D977244-DC29-4301-8D89-0BD01BC328B8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \\\"out\\\" parameter can be NULL and, on exit, the \\\"outlen\\\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \\\"out\\\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\"}, {\"lang\": \"es\", \"value\": \"Para descifrar los datos cifrados de SM2 se espera que una aplicaci\\u00f3n llame a la funci\\u00f3n de la API EVP_PKEY_decrypt(). Normalmente, una aplicaci\\u00f3n llamar\\u00e1 a esta funci\\u00f3n dos veces. La primera vez, al entrar, el par\\u00e1metro \\\"out\\\" puede ser NULL y, al salir, el par\\u00e1metro \\\"outlen\\\" se rellena con el tama\\u00f1o del b\\u00fafer necesario para contener el texto plano descifrado. La aplicaci\\u00f3n puede entonces asignar un b\\u00fafer de tama\\u00f1o suficiente y llamar de nuevo a EVP_PKEY_decrypt(), pero esta vez pasando un valor no NULL para el par\\u00e1metro \\\"out\\\". Un bug en la implementaci\\u00f3n del c\\u00f3digo de descifrado SM2 significa que el c\\u00e1lculo del tama\\u00f1o del b\\u00fafer necesario para mantener el texto plano devuelto por la primera llamada a EVP_PKEY_decrypt() puede ser menor que el tama\\u00f1o real requerido por la segunda llamada. Esto puede conllevar a un desbordamiento del b\\u00fafer cuando la aplicaci\\u00f3n llama a EVP_PKEY_decrypt() por segunda vez con un b\\u00fafer demasiado peque\\u00f1o. Un atacante malicioso que sea capaz de presentar el contenido de SM2 para su descifrado a una aplicaci\\u00f3n podr\\u00eda causar que los datos elegidos por el atacante desborden el b\\u00fafer hasta un m\\u00e1ximo de 62 bytes alterando el contenido de otros datos mantenidos despu\\u00e9s del b\\u00fafer, posiblemente cambiando el comportamiento de la aplicaci\\u00f3n o causando el bloqueo de la misma. La ubicaci\\u00f3n del b\\u00fafer depende de la aplicaci\\u00f3n, pero normalmente se asigna a la pila. Corregido en OpenSSL versi\\u00f3n 1.1.1l (Afectada 1.1.1-1.1.1k).\"}]",
"id": "CVE-2021-3711",
"lastModified": "2024-11-21T06:22:12.960",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-08-24T15:15:09.133",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2021/08/26/2\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202209-02\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-02\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210827-0010/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20211022-0003/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.debian.org/security/2021/dsa-4963\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20210824.txt\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2021-16\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-02\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/08/26/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202209-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210827-0010/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20211022-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2021/dsa-4963\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20210824.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2021-16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3711\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2021-08-24T15:15:09.133\",\"lastModified\":\"2026-06-17T04:05:36.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \\\"out\\\" parameter can be NULL and, on exit, the \\\"outlen\\\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \\\"out\\\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\"},{\"lang\":\"es\",\"value\":\"Para descifrar los datos cifrados de SM2 se espera que una aplicaci\u00f3n llame a la funci\u00f3n de la API EVP_PKEY_decrypt(). Normalmente, una aplicaci\u00f3n llamar\u00e1 a esta funci\u00f3n dos veces. La primera vez, al entrar, el par\u00e1metro \\\"out\\\" puede ser NULL y, al salir, el par\u00e1metro \\\"outlen\\\" se rellena con el tama\u00f1o del b\u00fafer necesario para contener el texto plano descifrado. La aplicaci\u00f3n puede entonces asignar un b\u00fafer de tama\u00f1o suficiente y llamar de nuevo a EVP_PKEY_decrypt(), pero esta vez pasando un valor no NULL para el par\u00e1metro \\\"out\\\". Un bug en la implementaci\u00f3n del c\u00f3digo de descifrado SM2 significa que el c\u00e1lculo del tama\u00f1o del b\u00fafer necesario para mantener el texto plano devuelto por la primera llamada a EVP_PKEY_decrypt() puede ser menor que el tama\u00f1o real requerido por la segunda llamada. Esto puede conllevar a un desbordamiento del b\u00fafer cuando la aplicaci\u00f3n llama a EVP_PKEY_decrypt() por segunda vez con un b\u00fafer demasiado peque\u00f1o. Un atacante malicioso que sea capaz de presentar el contenido de SM2 para su descifrado a una aplicaci\u00f3n podr\u00eda causar que los datos elegidos por el atacante desborden el b\u00fafer hasta un m\u00e1ximo de 62 bytes alterando el contenido de otros datos mantenidos despu\u00e9s del b\u00fafer, posiblemente cambiando el comportamiento de la aplicaci\u00f3n o causando el bloqueo de la misma. La ubicaci\u00f3n del b\u00fafer depende de la aplicaci\u00f3n, pero normalmente se asigna a la pila. Corregido en OpenSSL versi\u00f3n 1.1.1l (Afectada 1.1.1-1.1.1k).\"}],\"affected\":[{\"source\":\"openssl-security@openssl.org\",\"affectedData\":[{\"vendor\":\"OpenSSL\",\"product\":\"OpenSSL\",\"versions\":[{\"version\":\"Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.1\",\"versionEndExcluding\":\"1.1.1l\",\"matchCriteriaId\":\"A9592A08-7FF0-490F-B684-6EA8E49F36C7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62347994-1353-497C-9C4A-D5D8D95F67E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndIncluding\":\"11.50.2\",\"matchCriteriaId\":\"433D435D-13D0-4EAA-ACD9-DD88DA712D00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C19813-E823-456A-B1CE-EC0684CE1953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D39DCAE7-494F-40B2-867F-6C6A077939DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"361B791A-D336-4431-8F68-8135BEFFAEA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_encryption:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D82795C-F1ED-4D2C-B578-75B9EECBB99C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6EAA723-2A23-4151-930B-86ACF9CC1C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C416FD3-2E2F-4BBC-BD5F-F896825883F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D886339E-EDB2-4879-BD54-1800E4CA9CAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB468FEE-A0F4-49A0-BBEE-10D0733C87D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC5C177E-0C77-48C9-847A-A9E5AA7DBC1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348EEE70-E114-4720-AAAF-E77DE5C9A2D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DCDD73B-57B1-4580-B922-5662E3AC13B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7015A8CB-8FA6-423E-8307-BD903244F517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9A4E206-56C7-4578-AC9C-088B0C8D9CFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1.2.4.47\",\"matchCriteriaId\":\"C78A7E07-AB08-46C5-942D-B40BBE0C0D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21.1\",\"versionEndExcluding\":\"21.3\",\"matchCriteriaId\":\"F2A9C248-94B0-4F7B-AD9C-4BE55AA1E3F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F12453B-0E7B-46B9-ADEC-0AC5EDC41058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D105A5B-0AA8-4782-B804-CB1384F85884\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.6.3\",\"matchCriteriaId\":\"BE34D4F7-5C18-4578-8D0A-722FDF931333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B1CAD50-749F-4ADB-A046-BF3585677A58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.27\",\"matchCriteriaId\":\"AE23C7E1-F849-411D-850F-A504D4BA3414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.25\",\"matchCriteriaId\":\"88627B99-16DC-4878-A63A-A40F6FC1F477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.7.0\",\"versionEndIncluding\":\"5.7.35\",\"matchCriteriaId\":\"E667933A-37EA-4BC2-9180-C3B4B7038866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.26\",\"matchCriteriaId\":\"709E83B4-8C66-4255-870B-2F72B37BA8C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.13.1\",\"matchCriteriaId\":\"5FD1ED11-84AA-47E6-AD00-E08D035AF53B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16.0\",\"versionEndIncluding\":\"5.19.1\",\"matchCriteriaId\":\"8D977244-DC29-4301-8D89-0BD01BC328B8\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/08/26/2\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.gentoo.org/glsa/202209-02\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-02\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210827-0010/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211022-0003/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.debian.org/security/2021/dsa-4963\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20210824.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-16\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-02\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/08/26/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202209-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210827-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211022-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2021/dsa-4963\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20210824.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
rustsec-2021-0097
Vulnerability from osv_rustsec
Published
2021-08-24 12:00
Modified
2023-06-13 13:10
Summary
SM2 Decryption Buffer Overflow
Details
In order to decrypt SM2 encrypted data an application is expected to call the
API function EVP_PKEY_decrypt(). Typically an application will call this
function twice. The first time, on entry, the "out" parameter can be NULL and,
on exit, the "outlen" parameter is populated with the buffer size required to
hold the decrypted plaintext. The application can then allocate a sufficiently
sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
value for the "out" parameter.
A bug in the implementation of the SM2 decryption code means that the
calculation of the buffer size required to hold the plaintext returned by the
first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
called by the application a second time with a buffer that is too small.
A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated.
Severity
9.8 (Critical)
References
{
"affected": [
{
"database_specific": {
"categories": [
"crypto-failure"
],
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"informational": null
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "openssl-src",
"purl": "pkg:cargo/openssl-src"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-0"
},
{
"fixed": "111.16.0"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [
"CVE-2021-3711",
"GHSA-5ww6-px42-wc85"
],
"database_specific": {
"license": "CC0-1.0"
},
"details": "In order to decrypt SM2 encrypted data an application is expected to call the\nAPI function `EVP_PKEY_decrypt()`. Typically an application will call this\nfunction twice. The first time, on entry, the \"out\" parameter can be NULL and,\non exit, the \"outlen\" parameter is populated with the buffer size required to\nhold the decrypted plaintext. The application can then allocate a sufficiently\nsized buffer and call `EVP_PKEY_decrypt()` again, but this time passing a non-NULL\nvalue for the \"out\" parameter.\n\nA bug in the implementation of the SM2 decryption code means that the\ncalculation of the buffer size required to hold the plaintext returned by the\nfirst call to `EVP_PKEY_decrypt()` can be smaller than the actual size required by\nthe second call. This can lead to a buffer overflow when `EVP_PKEY_decrypt()` is\ncalled by the application a second time with a buffer that is too small.\n\nA malicious attacker who is able present SM2 content for decryption to an\napplication could cause attacker chosen data to overflow the buffer by up to a\nmaximum of 62 bytes altering the contents of other data held after the\nbuffer, possibly changing application behaviour or causing the application to\ncrash. The location of the buffer is application dependent but is typically\nheap allocated.",
"id": "RUSTSEC-2021-0097",
"modified": "2023-06-13T13:10:24Z",
"published": "2021-08-24T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/openssl-src"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0097.html"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20210824.txt"
}
],
"related": [],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "SM2 Decryption Buffer Overflow"
}
SCA-2022-0011
Vulnerability from csaf_sick - Published: 2022-06-08 15:00 - Updated: 2022-06-08 15:00Summary
Vulnerabilities in SICK Package Analytics
Notes
SICK received a report about multiple vulnerabilities in the SICK Package Analytics. The vulnerabilities result from the used MySQL database with version 5.7.25. The vulnerable MySQL version include Buffer-Overflow, Improper Access Control, and Improper Certification Validation vulnerabilities.
SICK has released a new version of the SICK Package Analytics and recommends updating to the newest version.
General Security Measures: As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification: SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behavior, or causing the application to crash.
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Package Analytics <4.4
SICK AG / Package Analytics
|
<4.4 |
Vendor Fix
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
5.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Package Analytics <4.4
SICK AG / Package Analytics
|
<4.4 |
Vendor Fix
|
When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name. If the application runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Package Analytics <4.4
SICK AG / Package Analytics
|
<4.4 |
Vendor Fix
|
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "SICK received a report about multiple vulnerabilities in the SICK Package Analytics. The vulnerabilities result from the used MySQL database with version 5.7.25. The vulnerable MySQL version include Buffer-Overflow, Improper Access Control, and Improper Certification Validation vulnerabilities. \n\nSICK has released a new version of the SICK Package Analytics and recommends updating to the newest version."
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "http://ics-cert.us-cert.gov/content/recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0011.json"
}
],
"title": "Vulnerabilities in SICK Package Analytics",
"tracking": {
"current_release_date": "2022-06-08T15:00:00.000Z",
"generator": {
"date": "2023-02-10T09:52:49.725Z",
"engine": {
"name": "Secvisogram",
"version": "2.0.0"
}
},
"id": "SCA-2022-0011",
"initial_release_date": "2022-06-08T15:00:00.000Z",
"revision_history": [
{
"date": "2022-06-08T15:00:00.000Z",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2023-02-10T11:00:00.000Z",
"number": "2",
"summary": "Updated Advisory (only visual changes)"
},
{
"date": "2025-07-30T07:29:45.000Z",
"number": "3",
"summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.4",
"product": {
"name": "SICK Package Analytics \u003c4.4",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"x_generic_uris": [
{
"namespace": "SICK:Website",
"uri": "SICK:Website:https://www.sick.com/de/de/p/p600146"
}
]
}
}
}
],
"category": "product_name",
"name": "Package Analytics"
}
],
"category": "vendor",
"name": "SICK AG"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3711",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behavior, or causing the application to crash."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-08T15:00:00.000Z",
"details": "The patch and installation procedure for the software update is available from the responsible SICK customer contact person.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-35604",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "description",
"text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-01T15:00:00.000Z",
"details": "The patch and installation procedure for the software update is available from the responsible SICK customer contact person.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-22926",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "description",
"text": "When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name. If the application runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The patch and installation procedure for the software update is available from the responsible SICK customer contact person.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
SSA-028723
Vulnerability from csaf_siemens - Published: 2025-08-12 00:00 - Updated: 2025-08-13 00:00Summary
SSA-028723: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Notes
Summary: Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition.
Siemens has released a new version for BFCClient and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BFCClient
Siemens / BFCClient
|
vers:intdot/<2.17 |
Vendor Fix
|
CWE-125
- Out-of-bounds Read
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BFCClient
Siemens / BFCClient
|
vers:intdot/<2.17 |
Vendor Fix
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BFCClient
Siemens / BFCClient
|
vers:intdot/<2.17 |
Vendor Fix
|
7.4 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BFCClient
Siemens / BFCClient
|
vers:intdot/<2.17 |
Mitigation
Vendor Fix
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BFCClient
Siemens / BFCClient
|
vers:intdot/<2.17 |
Vendor Fix
|
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition.\n\nSiemens has released a new version for BFCClient and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-028723: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-028723.html"
},
{
"category": "self",
"summary": "SSA-028723: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-028723.json"
}
],
"title": "SSA-028723: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17",
"tracking": {
"current_release_date": "2025-08-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-028723",
"initial_release_date": "2025-08-12T00:00:00Z",
"revision_history": [
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-08-13T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated acknowledgments for CVE-2023-0286"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17",
"product": {
"name": "BFCClient",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "BFCClient"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3711",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17 or later version. Contact customer support to obtain the update",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-3711"
},
{
"cve": "CVE-2021-3712",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17 or later version. Contact customer support to obtain the update",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-3712"
},
{
"cve": "CVE-2022-0778",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The BN_mod_sqrt() function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17 or later version. Contact customer support to obtain the update",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable CRL (certification revocation list) checking, if possible",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.17 or later version. Contact customer support to obtain the update",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-0464",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()` function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17 or later version. Contact customer support to obtain the update",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-0464"
}
]
}
SSA-389290
Vulnerability from csaf_siemens - Published: 2022-03-08 00:00 - Updated: 2022-03-08 00:00Summary
SSA-389290: Third-Party Component Vulnerabilities in SINEC INS
Notes
Summary: 71 vulnerabilities in third-party components as Node.js, cURL, SQLite, CivetWeb and DNS(ISC BIND) could allow an attacker to interfere with the affected product in various ways.
Siemens has released an update for SINEC INS and recommends to update to the latest versions.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
References
145 references
{
"document": {
"category": "Siemens Security Advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "71 vulnerabilities in third-party components as Node.js, cURL, SQLite, CivetWeb and DNS(ISC BIND) could allow an attacker to interfere with the affected product in various ways.\n\nSiemens has released an update for SINEC INS and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-389290: Third-Party Component Vulnerabilities in SINEC INS - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"category": "self",
"summary": "SSA-389290: Third-Party Component Vulnerabilities in SINEC INS - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-389290.txt"
},
{
"category": "self",
"summary": "SSA-389290: Third-Party Component Vulnerabilities in SINEC INS - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-389290.json"
}
],
"title": "SSA-389290: Third-Party Component Vulnerabilities in SINEC INS",
"tracking": {
"current_release_date": "2022-03-08T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-389290",
"initial_release_date": "2022-03-08T00:00:00Z",
"revision_history": [
{
"date": "2022-03-08T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V1.0.1.1",
"product": {
"name": "SINEC INS",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SINEC INS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19242",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "SQLite 3.30.1 mishandles pExpr-\u003ey.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19242 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19242 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19242.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19242"
},
{
"cve": "CVE-2019-19244",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19244 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19244 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19244.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19244"
},
{
"cve": "CVE-2019-19317",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"notes": [
{
"category": "summary",
"text": "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19317 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19317 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19317.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19317"
},
{
"cve": "CVE-2019-19603",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19603 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19603 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19603.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19603"
},
{
"cve": "CVE-2019-19645",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19645 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19645 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19645.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19645"
},
{
"cve": "CVE-2019-19646",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19646 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19646 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19646.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19646"
},
{
"cve": "CVE-2019-19880",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19880 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19880 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19880.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19880"
},
{
"cve": "CVE-2019-19923",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19923 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19923 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19923.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19923"
},
{
"cve": "CVE-2019-19924",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19924 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19924 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19924.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19924"
},
{
"cve": "CVE-2019-19925",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "summary",
"text": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19925 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19925 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19925.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19925"
},
{
"cve": "CVE-2019-19926",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2019-19926 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2019-19926 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19926.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2019-19926"
},
{
"cve": "CVE-2020-1971",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\u0027s s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\u0027s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-1971 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-1971 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-1971.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-1971"
},
{
"cve": "CVE-2020-7774",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"notes": [
{
"category": "summary",
"text": "This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require(\u0027y18n\u0027)(); y18n.setLocale(\u0027PROTO\u0027); y18n.updateLocale({polluted: true}); console.log(polluted); // true",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-7774 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-7774 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-7774.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-7774"
},
{
"cve": "CVE-2020-8169",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The libcurl library versions 7.62.0 to and including 7.70.0 are vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-8169 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-8169 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8169.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-8169"
},
{
"cve": "CVE-2020-8177",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-8177 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-8177 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8177.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-8177"
},
{
"cve": "CVE-2020-8231",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-8231 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-8231 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8231.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8265",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-8265 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-8265 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8265.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-8265"
},
{
"cve": "CVE-2020-8284",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-8284 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-8284 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8284.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-8285 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-8285 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8285.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "The libcurl library versions 7.41.0 to and including 7.73.0 are vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. This vulnerability could allow an attacker to pass a revoked certificate as valid.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-8286 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-8286 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8286.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2020-8287",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-8287 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-8287 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8287.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-8287"
},
{
"cve": "CVE-2020-8625",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND\u0027s default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -\u003e 9.11.27, 9.12.0 -\u003e 9.16.11, and versions BIND 9.11.3-S1 -\u003e 9.11.27-S1 and 9.16.8-S1 -\u003e 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -\u003e 9.17.1 of the BIND 9.17 development branch",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-8625 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-8625 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8625.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-8625"
},
{
"cve": "CVE-2020-9327",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-9327 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-9327 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-9327.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-9327"
},
{
"cve": "CVE-2020-11655",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object\u0027s initialization is mishandled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-11655 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-11655 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-11655.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-11655"
},
{
"cve": "CVE-2020-11656",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-11656 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-11656 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-11656.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-11656"
},
{
"cve": "CVE-2020-13630",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-13630 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-13630 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-13630.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-13630"
},
{
"cve": "CVE-2020-13631",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-13631 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-13631 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-13631.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-13631"
},
{
"cve": "CVE-2020-13632",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-13632 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-13632 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-13632.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-13632"
},
{
"cve": "CVE-2020-13871",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-13871 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-13871 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-13871.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-13871"
},
{
"cve": "CVE-2020-15358",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-15358 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-15358 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15358.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-15358"
},
{
"cve": "CVE-2020-27304",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2020-27304 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2020-27304 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-27304.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2020-27304"
},
{
"cve": "CVE-2021-3449",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-3449 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-3449 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-3449.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-3449"
},
{
"cve": "CVE-2021-3450",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-3450 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-3450 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-3450.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-3450"
},
{
"cve": "CVE-2021-3672",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-3672 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-3672 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-3672.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-3672"
},
{
"cve": "CVE-2021-3711",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-3711 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-3711 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-3711.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-3711"
},
{
"cve": "CVE-2021-3712",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-3712 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-3712 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-3712.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-3712"
},
{
"cve": "CVE-2021-22876",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22876 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22876 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22876.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22876"
},
{
"cve": "CVE-2021-22883",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an \u0027unknownProtocol\u0027 are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22883 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22883 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22883.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22883"
},
{
"cve": "CVE-2021-22884",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes \u201clocalhost6\u201d. When \u201clocalhost6\u201d is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim\u0027s DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the \u201clocalhost6\u201d domain. As long as the attacker uses the \u201clocalhost6\u201d domain, they can still apply the attack described in CVE-2018-7160.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22884 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22884 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22884.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22884"
},
{
"cve": "CVE-2021-22890",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "summary",
"text": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22890 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22890.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22890"
},
{
"cve": "CVE-2021-22897",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "summary",
"text": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22897 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22897 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22897.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22897"
},
{
"cve": "CVE-2021-22898",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "summary",
"text": "curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22898 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22898 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22898.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22898"
},
{
"cve": "CVE-2021-22901",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22901 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22901 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22901.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-22918",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22918 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22918 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22918.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22918"
},
{
"cve": "CVE-2021-22921",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22921 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22921 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22921.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22921"
},
{
"cve": "CVE-2021-22922",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22922 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22922 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22922.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22922"
},
{
"cve": "CVE-2021-22923",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "summary",
"text": "When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user\u0027s expectations and intentions and without telling the user it happened.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22923 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22923 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22923.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22923"
},
{
"cve": "CVE-2021-22924",
"cwe": {
"id": "CWE-706",
"name": "Use of Incorrectly-Resolved Name or Reference"
},
"notes": [
{
"category": "summary",
"text": "libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths _case insensitively_,which could lead to libcurl reusing wrong connections. File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems. The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can set to qualify how to verify the server certificate.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22924 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22924 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22924.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22924"
},
{
"cve": "CVE-2021-22925",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22925 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22925 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22925.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22925"
},
{
"cve": "CVE-2021-22926",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPT_SSLCERT option (--cert with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like /tmp), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22926 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22926 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22926.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22926"
},
{
"cve": "CVE-2021-22930",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22930 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22930 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22930.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22930"
},
{
"cve": "CVE-2021-22931",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22931 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22931 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22931.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22931"
},
{
"cve": "CVE-2021-22939",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "If the Node.js https API was used incorrectly and \"undefined\" was in passed for the \"rejectUnauthorized\" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22939 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22939 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22939.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22939"
},
{
"cve": "CVE-2021-22940",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22940 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22940 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22940.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22940"
},
{
"cve": "CVE-2021-22945",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "When sending data to an MQTT server, libcurl \u003c= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it _again_.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22945 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22945 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22945.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22945"
},
{
"cve": "CVE-2021-22946",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations WITHOUTTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22946 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22946 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22946.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22946"
},
{
"cve": "CVE-2021-22947",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "summary",
"text": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got _before_ the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker\u0027s injected data comes from the TLS-protected server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-22947 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-22947 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22947.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-22947"
},
{
"cve": "CVE-2021-23362",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-23362 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-23362 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-23362.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-23362"
},
{
"cve": "CVE-2021-23840",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-23840 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-23840 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-23840.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-23840"
},
{
"cve": "CVE-2021-25214",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In BIND 9.8.5 -\u003e 9.8.8, 9.9.3 -\u003e 9.11.29, 9.12.0 -\u003e 9.16.13, and versions BIND 9.9.3-S1 -\u003e 9.11.29-S1 and 9.16.8-S1 -\u003e 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-25214 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-25214 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-25214.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-25214"
},
{
"cve": "CVE-2021-25215",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In BIND 9.0.0 -\u003e 9.11.29, 9.12.0 -\u003e 9.16.13, and versions BIND 9.9.3-S1 -\u003e 9.11.29-S1 and 9.16.8-S1 -\u003e 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-25215 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-25215 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-25215.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-25215"
},
{
"cve": "CVE-2021-25216",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In BIND 9.5.0 -\u003e 9.11.29, 9.12.0 -\u003e 9.16.13, and versions BIND 9.11.3-S1 -\u003e 9.11.29-S1 and 9.16.8-S1 -\u003e 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND\u0027s default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-25216 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-25216 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-25216.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-25216"
},
{
"cve": "CVE-2021-25219",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In BIND 9.3.0 -\u003e 9.11.35, 9.12.0 -\u003e 9.16.21, and versions 9.9.3-S1 -\u003e 9.11.35-S1 and 9.16.8-S1 -\u003e 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-25219 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-25219 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-25219.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-25219"
},
{
"cve": "CVE-2021-27290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-27290 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-27290 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-27290.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-27290"
},
{
"cve": "CVE-2021-32803",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The npm package \"tar\" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the node-tar directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where node-tar checks for symlinks occur. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-32803 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-32803 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-32803.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-32803"
},
{
"cve": "CVE-2021-32804",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The npm package \"tar\" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example /home/user/.bashrc would turn into home/user/.bashrc. This logic was insufficient when file paths contained repeated path roots such as ////home/user/.bashrc. node-tar would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. ///home/user/.bashrc) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.2, 4.4.14, 5.0.6 and 6.1.1. Users may work around this vulnerability without upgrading by creating a custom onentry method which sanitizes the entry.path or a filter method which removes entries with absolute paths. See referenced GitHub Advisory for details. Be aware of CVE-2021-32803 which fixes a similar bug in later versions of tar.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-32804 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-32804 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-32804.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-32804"
},
{
"cve": "CVE-2021-37701",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The npm package \"tar\" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both \\ and / characters as path separators, however \\ is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at FOO, followed by a symbolic link named foo, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the FOO directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-9r2w-394v-53qc.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-37701 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-37701 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-37701.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-37701"
},
{
"cve": "CVE-2021-37712",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The npm package \"tar\" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 \"short path\" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-37712 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-37712 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-37712.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-37712"
},
{
"cve": "CVE-2021-37713",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The npm package \"tar\" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain .. path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as C:some\\path. If the drive letter does not match the extraction target, for example D:\\extraction\\dir, then the result of path.resolve(extractionDirectory, entryPath) would resolve against the current working directory on the C: drive, rather than the extraction target directory. Additionally, a .. portion of the path could occur immediately after the drive letter, such as C:../foo, and was not properly sanitized by the logic that checked for .. within the normalized and split portions of the path. This only affects users of node-tar on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-37713 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-37713 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-37713.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-37713"
},
{
"cve": "CVE-2021-39134",
"cwe": {
"id": "CWE-61",
"name": "UNIX Symbolic Link (Symlink) Following"
},
"notes": [
{
"category": "summary",
"text": "@npmcli/arborist, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in package.json manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist\u0027s internal data structure saw them as separate items that could coexist within the same level in the node_modules hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as file:/some/path, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package pwn-a could define a dependency in their package.json file such as \"foo\": \"file:/some/path\". Another package, pwn-b could define a dependency such as FOO: \"file:foo.tgz\". On case-insensitive file systems, if pwn-a was installed, and then pwn-b was installed afterwards, the contents of foo.tgz would be written to /some/path, and any existing contents of /some/path would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-39134 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-39134 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-39134.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-39134"
},
{
"cve": "CVE-2021-39135",
"cwe": {
"id": "CWE-61",
"name": "UNIX Symbolic Link (Symlink) Following"
},
"notes": [
{
"category": "summary",
"text": "@npmcli/arborist, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project\u0027s node_modules folder. If the node_modules folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a node_modules symbolic link would have to be employed. 1. A preinstall script could replace node_modules with a symlink. (This is prevented by using --ignore-scripts.) 2. An attacker could supply the target with a git repository, instructing them to run npm install --ignore-scripts in the root. This may be successful, because npm install --ignore-scripts is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"references": [
{
"summary": "CVE-2021-39135 - SINEC INS",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
},
{
"summary": "CVE-2021-39135 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-39135.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.0.1.1 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-39135"
}
]
}
SUSE-FU-2022:1419-1
Vulnerability from csaf_suse - Published: 2022-04-27 07:20 - Updated: 2022-04-27 07:20Summary
Feature update for grafana
Severity
Moderate
Notes
Title of the patch: Feature update for grafana
Description of the patch: This update for grafana fixes the following issues:
Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23422)
- Security:
* CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726)
* CVE-2022-21703: cross-origin request forgery vulnerability (bsc#1195727)
* CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728)
* CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873)
* CVE-2021-43813, CVE-2021-43815, CVE-2021-41244, CVE-2021-41174, CVE-2021-43798, CVE-2021-39226.
* Upgrade Docker base image to Alpine 3.14.3.
* CVE-2021-3711: Docker: Force use of libcrypto1.1 and libssl1.1 versions
* Update dependencies to fix CVE-2021-36222.
* Upgrade Go to 1.17.2.
* Fix stylesheet injection vulnerability.
* Fix short URL vulnerability.
- License update:
* AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL).
- Breaking changes:
* Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting.
* Fix No Data behaviour in Legacy Alerting.
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
* `GET /dashboards/db/:slug`
* `GET /dashboard-solo/db/:slug`
* `GET /api/dashboard/db/:slug`
* `DELETE /api/dashboards/db/:slug`
* The default HTTP method for Prometheus data source is now POST.
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
- Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
- Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group bys.
* Configuration: You can now see your expired API keys if you have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single field.
* Export: Fix error when exporting dashboards using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of `$__rate_interval` variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin.
* Variables: Fix so data source variables are added to adhoc configuration.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with multiple fields.
* TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed variables.
* Variables: Fix so queryparam option works for scoped variables.
* Alerting: Clear alerting rule evaluation errors after intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only sets color.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring spanIDs.
* Tracing: Show start time of trace with milliseconds precision.
* Variables: Make renamed or missing variable section expandable.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data source.
* Azure monitor: Make sure alert rule editor is not enabled when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor.
* Dashboard: Remove the current panel from the list of options in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS field.
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series.
* Alerting: Fix a bug where the metric in the evaluation string was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL queries.
* Dashboards: 'Copy' is no longer added to new dashboard titles.
* DataProxy: Fix overriding response body when response is a WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field for date_histogram aggregations.
* Explore: Fix running queries without a datasource property set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
* Alerting: Fix panic when Slack's API sends unexpected response.
* Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is parsed to an object.
* Prometheus: the system did not reuse TCP connections when querying from Grafana alerting.
* Prometheus: error when a user created a query with a `$__interval` min step.
* RowsToFields: the system was not properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data min = data max.
* Table panel: You can now create a filter that includes special characters.
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not found.
* Packaging: Remove systemcallfilters sections from systemd unit files.
* Prometheus: Add Headers to HTTP client options.
* CodeEditor: Ensure that we trigger the latest onSave callback provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8 alert rules.
* Alerting: Fixed the silence file content generated during migration.
* Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use resultFormat.
* Loki: Fixed creating context query for logs with parsed labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable
input.
* Variables: Panel no longer crash when using the adhoc variable in data links.
* Admin: Prevent user from deleting user's current/active organization.
* LibraryPanels: Fix library panel getting saved in the dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All.
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
* BarChart: Fixes panel error that happens on second refresh.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly.
* Prometheus: Fix validate selector in metrics browser.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Elasticsearch: Fix metric names for alert queries.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* CloudWatch Logs: Fix crash when no region is selected.
* Annotations: Correct annotations that are displayed upon page refresh.
* Annotations: Fix Enabled button that disappeared from Grafana v8.0.6.
* Annotations: Fix data source template variable that was not available for annotations.
* AzureMonitor: Fix annotations query editor that does not load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list response.
* Loki: Update labels in log browser when time range changes in dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting -> Normal.
* PasswordField: Prevent a password from being displayed when you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Docker: Fix builds by delaying go mod verify until all required files are copied over.
* Exemplars: Fix disable exemplars only on the query that failed.
* SQL: Fix SQL dataframe resampling (fill mode + time intervals).
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
results.
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
created.
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
dashboard.
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
responses.
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
fields.
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
load.
* Variables: Refreshes all panels even if panel is full screen.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
set.
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Variables: Refreshes all panels even if panel is full screen.
* Alerting: Fix NoDataFound for alert rules using AND operator.
- Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource migration.
* BarChart: Use new data error view component to show actions in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic
* Alerting: Prevent folders from being deleted when they contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit panel.
* Visualizations: Limit y label width to 40% of visualization width.
* Alerting: Create DatasourceError alert if evaluation returns error.
* Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data sources and to the changelog.
* Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo and Zipkin.
* Alerting: Add UI for contact point testing with custom annotations and labels.
* Alerting: Make alert state indicator in panel header work with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time fields.
* Variables: Only update panels that are impacted by variable change.
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource filter query.
* Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in
LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations.
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation.
* Alerting: Allows more characters in label names so notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using `/api/v1/rules` endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with special characters.
* AccessControl: Document new permissions restricting data source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using configuration options.
* Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and
disabling them for specific organisations.
* CloudWatch: Introduced new math expression where it is necessary to specify the period field.
* InfluxDB: Added support for `$__interval` and `$__interval_ms` inFlux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them easier to locate.
* Alerting: Support org level isolation of notification configuration.
* AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request fails in ConfigEditor.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs.
* CloudWatch Logs: Disable query path using websockets (Live) feature.
* CloudWatch/Logs: Don't group dataframes for non time series queries.
* Cloudwatch: Migrate queries that use multiple stats to one query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource responses.
* Explore: Add filter by trace or span ID to trace to logs feature.
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing library elements.
* LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a
library panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Add stricter systemd unit options.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in everywhere.
* TimeRangePicker: Improve accessibility.
* Alerting: Support label matcher syntax in alert rule list filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Alerting: Expand the value string in alert annotations and labels.
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication proxy.
* Gazetteer: Update countries.json file to allow for linking to 3-letter country codes.
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
configuration.
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
Monitor Logs.
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
navigation.
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
metrics.
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
editor.
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
source.
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
queries.
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
- Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing.
* Select: Select menus now properly scroll during keyboard navigation.
* grafana/ui: Enable slider marks display.
* Plugins: Create a mock icon component to prevent console errors.
* Grafana UI: Fix TS error property css is missing in type.
* Toolkit: Fix matchMedia not found error.
* Toolkit: Improve error messages when tasks fail.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
* QueryField: Remove carriage return character from pasted text.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext (breaking change).
- Other changes:
* Update to Go 1.17.
* Add build-time dependency on `wire`.
Patchnames: SUSE-2022-1419,openSUSE-SLE-15.3-2022-1419,openSUSE-SLE-15.4-2022-1419
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.3 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.1 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Feature update for grafana",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for grafana fixes the following issues:\n\nUpdate from version 7.5.12 to version 8.3.5 (jsc#SLE-23422)\n\n- Security:\n\n * CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726)\n * CVE-2022-21703: cross-origin request forgery vulnerability (bsc#1195727)\n * CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728)\n * CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873)\n * CVE-2021-43813, CVE-2021-43815, CVE-2021-41244, CVE-2021-41174, CVE-2021-43798, CVE-2021-39226.\n * Upgrade Docker base image to Alpine 3.14.3.\n * CVE-2021-3711: Docker: Force use of libcrypto1.1 and libssl1.1 versions\n * Update dependencies to fix CVE-2021-36222.\n * Upgrade Go to 1.17.2.\n * Fix stylesheet injection vulnerability.\n * Fix short URL vulnerability.\n\n- License update:\n * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL).\n\n- Breaking changes:\n * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.\n * Keep Last State for \u0027If execution error or timeout\u0027 when upgrading to Grafana 8 alerting.\n * Fix No Data behaviour in Legacy Alerting.\n * The following endpoints were deprecated for Grafana v5.0 and\n support for them has now been removed:\n * `GET /dashboards/db/:slug`\n * `GET /dashboard-solo/db/:slug`\n * `GET /api/dashboard/db/:slug`\n * `DELETE /api/dashboards/db/:slug`\n * The default HTTP method for Prometheus data source is now POST.\n * Removes the never refresh option for Query variables.\n * Removes the experimental Tags feature for Variables.\n\n- Deprecations:\n * The InfoBox \u0026 FeatureInfoBox are now deprecated please use\n the Alert component instead with severity info.\n\n- Bug fixes:\n * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns.\n * Azure Monitor: Improved error messages for variable queries.\n * CloudMonitoring: Fixes broken variable queries that use group bys.\n * Configuration: You can now see your expired API keys if you have no active ones.\n * Elasticsearch: Fix handling multiple datalinks for a single field.\n * Export: Fix error when exporting dashboards using query variables that reference the default datasource.\n * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid.\n * Login: Page no longer overflows on mobile.\n * Plugins: Set backend metadata property for core plugins.\n * Prometheus: Fill missing steps with null values.\n * Prometheus: Fix interpolation of `$__rate_interval` variable.\n * Prometheus: Interpolate variables with curly brackets syntax.\n * Prometheus: Respect the http-method data source setting.\n * Table: Fixes issue with field config applied to wrong fields when hiding columns.\n * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin.\n * Variables: Fix so data source variables are added to adhoc configuration.\n * AnnoListPanel: Fix interpolation of variables in tags.\n * CloudWatch: Allow queries to have no dimensions specified.\n * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0.\n * CloudWatch: Make sure MatchExact flag gets the right value.\n * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page.\n * InfluxDB: Improve handling of metadata query errors in InfluxQL.\n * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions.\n * Prometheus: Fix running of exemplar queries for non-histogram metrics.\n * Prometheus: Interpolate template variables in interval.\n * StateTimeline: Fix toolitp not showing when for frames with multiple fields.\n * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore.\n * Variables: Fix repeating panels for on time range changed variables.\n * Variables: Fix so queryparam option works for scoped variables.\n * Alerting: Clear alerting rule evaluation errors after intermittent failures.\n * Alerting: Fix refresh on legacy Alert List panel.\n * Dashboard: Fix queries for panels with non-integer widths.\n * Explore: Fix url update inconsistency.\n * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second.\n * ValueMappings: Fixes issue with regex value mapping that only sets color.\n * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1.\n * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor.\n * CodeEditor: Prevent suggestions from being clipped.\n * Dashboard: Fix cache timeout persistence.\n * Datasource: Fix stable sort order of query responses.\n * Explore: Fix error in query history when removing last item.\n * Logs: Fix requesting of older logs when flipped order.\n * Prometheus: Fix running of health check query based on access mode.\n * TextPanel: Fix suggestions for existing panels.\n * Tracing: Fix incorrect indentations due to reoccurring spanIDs.\n * Tracing: Show start time of trace with milliseconds precision.\n * Variables: Make renamed or missing variable section expandable.\n * API: Fix dashboard quota limit for imports.\n * Alerting: Fix rule editor issues with Azure Monitor data source.\n * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used.\n * CloudMonitoring: Fix annotation queries.\n * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor.\n * Dashboard: Remove the current panel from the list of options in the Dashboard datasource.\n * Encryption: Fix decrypting secrets in alerting migration.\n * InfluxDB: Fix corner case where index is too large in ALIAS field.\n * NavBar: Order App plugins alphabetically.\n * NodeGraph: Fix zooming sensitivity on touchpads.\n * Plugins: Add OAuth pass-through logic to api/ds/query endpoint.\n * Snapshots: Fix panel inspector for snapshot data.\n * Tempo: Fix basic auth password reset on adding tag.\n * ValueMapping: Fixes issue with regex mappings.\n * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series.\n * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated.\n * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator.\n * CloudMonitoring: Ignore min and max aggregation in MQL queries.\n * Dashboards: \u0027Copy\u0027 is no longer added to new dashboard titles.\n * DataProxy: Fix overriding response body when response is a WebSocket upgrade.\n * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations.\n * Explore: Fix running queries without a datasource property set.\n * InfluxDB: Fix numeric aliases in queries.\n * Plugins: Ensure consistent plugin settings list response.\n * Tempo: Fix validation of float durations.\n * Tracing: Correct tags for each span are shown.\n * Alerting: Fix panic when Slack\u0027s API sends unexpected response.\n * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default \n datasource.\n * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no \n results.\n * Graph: You can now see annotation descriptions on hover.\n * Logs: The system now uses the JSON parser only if the line is parsed to an object.\n * Prometheus: the system did not reuse TCP connections when querying from Grafana alerting.\n * Prometheus: error when a user created a query with a `$__interval` min step.\n * RowsToFields: the system was not properly interpreting number values.\n * Scale: We fixed how the system handles NaN percent when data min = data max.\n * Table panel: You can now create a filter that includes special characters.\n * Dashboard: Fix rendering of repeating panels.\n * Datasources: Fix deletion of data source if plugin is not found.\n * Packaging: Remove systemcallfilters sections from systemd unit files.\n * Prometheus: Add Headers to HTTP client options.\n * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component.\n * DashboardList/AlertList: Fix for missing All folder value.\n * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set.\n * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules.\n * Alerting: Fixed the silence file content generated during migration.\n * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights.\n * BarGauge: Fixed an issue where the cell color was lit even though there was no data.\n * BarGauge: Improved handling of streaming data.\n * CloudMonitoring: Fixed INT64 label unmarshal error.\n * ConfirmModal: Fixes confirm button focus on modal open.\n * Dashboard: Add option to generate short URL for variables with values containing spaces.\n * Explore: No longer hides errors containing refId property.\n * Fixed an issue that produced State timeline panel tooltip error when data was not in sync.\n * InfluxDB: InfluxQL query editor is set to always use resultFormat.\n * Loki: Fixed creating context query for logs with parsed labels.\n * PageToolbar: Fixed alignment of titles.\n * Plugins Catalog: Update to the list of available panels after an install, update or uninstall.\n * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel.\n * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable \n input.\n * Variables: Panel no longer crash when using the adhoc variable in data links.\n * Admin: Prevent user from deleting user\u0027s current/active organization.\n * LibraryPanels: Fix library panel getting saved in the dashboard\u0027s folder.\n * OAuth: Make generic teams URL and JMES path configurable.\n * QueryEditor: Fix broken copy-paste for mouse middle-click\n * Thresholds: Fix undefined color in \u0027Add threshold\u0027.\n * Timeseries: Add wide-to-long, and fix multi-frame output.\n * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All.\n * Alerting: Fix alerts with evaluation interval more than 30\n seconds resolving before notification.\n * Elasticsearch/Prometheus: Fix usage of proper SigV4 service\n namespace.\n * BarChart: Fixes panel error that happens on second refresh.\n * Alerting: Fix notification channel migration.\n * Annotations: Fix blank panels for queries with unknown data\n sources.\n * BarChart: Fix stale values and x axis labels.\n * Graph: Make old graph panel thresholds work even if ngalert\n is enabled.\n * InfluxDB: Fix regex to identify / as separator.\n * LibraryPanels: Fix update issues related to library panels in\n rows.\n * Variables: Fix variables not updating inside a Panel when the\n preceding Row uses \u0027Repeat For\u0027.\n * Alerting: Fix alert flapping in the internal alertmanager.\n * Alerting: Fix request handler failed to convert dataframe\n \u0027results\u0027 to plugins.DataTimeSeriesSlice: input frame is not\n recognized as a time series.\n * Dashboard: Fix UIDs are not preserved when importing/creating\n dashboards thru importing .json file.\n * Dashboard: Forces panel re-render when exiting panel edit.\n * Dashboard: Prevent folder from changing when navigating to\n general settings.\n * Elasticsearch: Fix metric names for alert queries.\n * Elasticsearch: Limit Histogram field parameter to numeric values.\n * Elasticsearch: Prevent pipeline aggregations to show up in\n terms order by options.\n * LibraryPanels: Prevent duplicate repeated panels from being created.\n * Loki: Fix ad-hoc filter in dashboard when used with parser.\n * Plugins: Track signed files + add warn log for plugin assets\n which are not signed.\n * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly.\n * Prometheus: Fix validate selector in metrics browser.\n * Alerting: Fix saving LINE contact point.\n * Annotations: Fix alerting annotation coloring.\n * Annotations: Alert annotations are now visible in the correct\n Panel.\n * Auth: Hide SigV4 config UI and disable middleware when its\n config flag is disabled.\n * Dashboard: Prevent incorrect panel layout by comparing window\n width against theme breakpoints.\n * Elasticsearch: Fix metric names for alert queries.\n * Explore: Fix showing of full log context.\n * PanelEdit: Fix \u0027Actual\u0027 size by passing the correct panel\n size to Dashboard.\n * Plugins: Fix TLS datasource settings.\n * Variables: Fix issue with empty drop downs on navigation.\n * Variables: Fix URL util converting false into true.\n * CloudWatch Logs: Fix crash when no region is selected.\n * Annotations: Correct annotations that are displayed upon page refresh.\n * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6.\n * Annotations: Fix data source template variable that was not available for annotations.\n * AzureMonitor: Fix annotations query editor that does not load.\n * Geomap: Fix scale calculations.\n * GraphNG: Fix y-axis autosizing.\n * Live: Display stream rate and fix duplicate channels in list response.\n * Loki: Update labels in log browser when time range changes in dashboard.\n * NGAlert: Send resolve signal to alertmanager on alerting -\u003e Normal.\n * PasswordField: Prevent a password from being displayed when you click the Enter button.\n * Renderer: Remove debug.log file when Grafana is stopped.\n * Docker: Fix builds by delaying go mod verify until all required files are copied over.\n * Exemplars: Fix disable exemplars only on the query that failed.\n * SQL: Fix SQL dataframe resampling (fill mode + time intervals).\n * Alerting: Handle marshaling Inf values.\n * AzureMonitor: Fix macro resolution for template variables.\n * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes\n resources.\n * AzureMonitor: Request and concat subsequent resource pages.\n * Bug: Fix parse duration for day.\n * Datasources: Improve error handling for error messages.\n * Explore: Correct the functionality of shift-enter shortcut\n across all uses.\n * Explore: Show all dataFrames in data tab in Inspector.\n * GraphNG: Fix Tooltip mode \u0027All\u0027 for XYChart.\n * Loki: Fix highlight of logs when using filter expressions\n with backticks.\n * Modal: Force modal content to overflow with scroll.\n * Plugins: Ignore symlinked folders when verifying plugin\n signature.\n * Alerting: Fix improper alert by changing the handling of\n empty labels.\n * CloudWatch/Logs: Reestablish Cloud Watch alert behavior.\n * Dashboard: Avoid migration breaking on fieldConfig without\n defaults field in folded panel.\n * DashboardList: Fix issue not re-fetching dashboard list after\n variable change.\n * Database: Fix incorrect format of isolation level\n configuration parameter for MySQL.\n * InfluxDB: Correct tag filtering on InfluxDB data.\n * Links: Fix links that caused a full page reload.\n * Live: Fix HTTP error when InfluxDB metrics have an incomplete\n or asymmetrical field set.\n * Postgres/MySQL/MSSQL: Change time field to \u0027Time\u0027 for time\n series queries.\n * Postgres: Fix the handling of a null return value in query\n results.\n * Tempo: Show hex strings instead of uints for IDs.\n * TimeSeries: Improve tooltip positioning when tooltip\n overflows.\n * Transformations: Add \u0027prepare time series\u0027 transformer.\n * AzureMonitor: Fix issue where resource group name is missing\n on the resource picker button.\n * Chore: Fix AWS auth assuming role with workspace IAM.\n * DashboardQueryRunner: Fixes unrestrained subscriptions being\n created.\n * DateFormats: Fix reading correct setting key for\n use_browser_locale.\n * Links: Fix links to other apps outside Grafana when under sub\n path.\n * Snapshots: Fix snapshot absolute time range issue.\n * Table: Fix data link color.\n * Time Series: Fix X-axis time format when tick increment is\n larger than a year.\n * Tooltip Plugin: Prevent tooltip render if field is undefined.\n * Elasticsearch: Allow case sensitive custom options in\n date_histogram interval.\n * Elasticsearch: Restore previous field naming strategy when\n using variables.\n * Explore: Fix import of queries between SQL data sources.\n * InfluxDB: InfluxQL query editor: fix retention policy\n handling.\n * Loki: Send correct time range in template variable queries.\n * TimeSeries: Preserve RegExp series overrides when migrating\n from old graph panel.\n * Annotations: Fix annotation line and marker colors.\n * AzureMonitor: Fix KQL template variable queries without\n default workspace.\n * CloudWatch/Logs: Fix missing response data for log queries.\n * Elasticsearch: Restore previous field naming strategy when\n using variables.\n * LibraryPanels: Fix crash in library panels list when panel\n plugin is not found.\n * LogsPanel: Fix performance drop when moving logs panel in\n dashboard.\n * Loki: Parse log levels when ANSI coloring is enabled.\n * MSSQL: Fix issue with hidden queries still being executed.\n * PanelEdit: Display the VisualizationPicker that was not\n displayed if a panel has an unknown panel plugin.\n * Plugins: Fix loading symbolically linked plugins.\n * Prometheus: Fix issue where legend name was replaced with\n name Value in stat and gauge panels.\n * State Timeline: Fix crash when hovering over panel.\n * Configuration: Fix changing org preferences in FireFox.\n * PieChart: Fix legend dimension limits.\n * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.\n * Variables: Hide default data source if missing from regex.\n * Alerting/SSE: Fix \u0027count_non_null\u0027 reducer validation.\n * Cloudwatch: Fix duplicated time series.\n * Cloudwatch: Fix missing defaultRegion.\n * Dashboard: Fix Dashboard init failed error on dashboards with\n old singlestat panels in collapsed rows.\n * Datasource: Fix storing timeout option as numeric.\n * Postgres/MySQL/MSSQL: Fix annotation parsing for empty\n responses.\n * Postgres/MySQL/MSSQL: Numeric/non-string values are now\n returned from query variables.\n * Postgres: Fix an error that was thrown when the annotation\n query did not return any results.\n * StatPanel: Fix an issue with the appearance of the graph when\n switching color mode.\n * Visualizations: Fix an issue in the\n Stat/BarGauge/Gauge/PieChart panels where all values mode\n were showing the same name if they had the same value.\n * AzureMonitor: Fix Azure Resource Graph queries in Azure\n China.\n * Checkbox: Fix vertical layout issue with checkboxes due to\n fixed height.\n * Dashboard: Fix Table view when editing causes the panel data\n to not update.\n * Dashboard: Fix issues where unsaved-changes warning is not\n displayed.\n * Login: Fixes Unauthorized message showing when on login page\n or snapshot page.\n * NodeGraph: Fix sorting markers in grid view.\n * Short URL: Include orgId in generated short URLs.\n * Variables: Support raw values of boolean type.\n * Admin: Fix infinite loading edit on the profile page.\n * Color: Fix issues with random colors in string and date\n fields.\n * Dashboard: Fix issue with title or folder change has no\n effect after exiting settings view.\n * DataLinks: Fix an issue __series.name is not working in data\n link.\n * Datasource: Fix dataproxy timeout should always be applied\n for outgoing data source HTTP requests.\n * Elasticsearch: Fix NewClient not passing httpClientProvider\n to client impl.\n * Explore: Fix Browser title not updated on Navigation to\n Explore.\n * GraphNG: Remove fieldName and hideInLegend properties from\n UPlotSeriesBuilder.\n * OAuth: Fix fallback to auto_assign_org_role setting for Azure\n AD OAuth when no role claims exists.\n * PanelChrome: Fix issue with empty panel after adding a non\n data panel and coming back from panel edit.\n * StatPanel: Fix data link tooltip not showing for single\n value.\n * Table: Fix sorting for number fields.\n * Table: Have text underline for datalink, and add support for\n image datalink.\n * Time series panel: Position tooltip correctly when window is\n scrolled or resized.\n * Transformations: Prevent FilterByValue transform from\n crashing panel edit.\n * Annotations panel: Remove subpath from dashboard links.\n * Content Security Policy: Allow all image sources by default.\n * Content Security Policy: Relax default template wrt. loading\n of scripts, due to nonces not working.\n * Datasource: Fix tracing propagation for alert execution by\n introducing HTTP client outgoing tracing middleware.\n * InfluxDB: InfluxQL always apply time interval end.\n * Library Panels: Fixes \u0027error while loading library panels\u0027.\n * NewsPanel: Fixes rendering issue in Safari.\n * PanelChrome: Fix queries being issued again when scrolling in\n and out of view.\n * Plugins: Fix Azure token provider cache panic and auth param\n nil value.\n * Snapshots: Fix key and deleteKey being ignored when creating\n an external snapshot.\n * Table: Fix issue with cell border not showing with colored\n background cells.\n * Table: Makes tooltip scrollable for long JSON values.\n * TimeSeries: Fix for Connected null values threshold toggle\n during panel editing.\n * Variables: Fixes inconsistent selected states on dashboard\n load.\n * Variables: Refreshes all panels even if panel is full screen.\n * APIKeys: Fixes issue with adding first api key.\n * Alerting: Add checks for non supported units - disable\n defaulting to seconds.\n * Alerting: Fix issue where Slack notifications won\u0027t link to\n user IDs.\n * Alerting: Omit empty message in PagerDuty notifier.\n * AzureMonitor: Fix migration error from older versions of App\n Insights queries.\n * CloudWatch: Fix AWS/Connect dimensions.\n * CloudWatch: Fix broken AWS/MediaTailor dimension name.\n * Dashboards: Allow string manipulation as advanced variable\n format option.\n * DataLinks: Includes harmless extended characters like\n Cyrillic characters.\n * Drawer: Fixes title overflowing its container.\n * Explore: Fix issue when some query errors were not shown.\n * Generic OAuth: Prevent adding duplicated users.\n * Graphite: Handle invalid annotations.\n * Graphite: Fix autocomplete when tags are not available.\n * InfluxDB: Fix Cannot read property \u0027length\u0027 of undefined in\n when parsing response.\n * Instrumentation: Enable tracing when Jaeger host and port are\n set.\n * Instrumentation: Prefix metrics with grafana.\n * MSSQL: By default let driver choose port.\n * OAuth: Add optional strict parsing of role_attribute_path.\n * Panel: Fixes description markdown with inline code being\n rendered on newlines and full width.\n * PanelChrome: Ignore data updates \u0026 errors for non data\n panels.\n * Permissions: Fix inherited folder permissions can prevent new\n permissions being added to a dashboard.\n * Plugins: Remove pre-existing plugin installs when installing\n with grafana-cli.\n * Plugins: Support installing to folders with whitespace and\n fix pluginUrl trailing and leading whitespace failures.\n * Postgres/MySQL/MSSQL: Don\u0027t return connection failure details\n to the client.\n * Postgres: Fix ms precision of interval in time group macro\n when TimescaleDB is enabled.\n * Provisioning: Use dashboard checksum field as change\n indicator.\n * SQL: Fix so that all captured errors are returned from sql\n engine.\n * Shortcuts: Fixes panel shortcuts so they always work.\n * Table: Fixes so border is visible for cells with links.\n * Variables: Clear query when data source type changes.\n * Variables: Filters out builtin variables from unknown list.\n * Variables: Refreshes all panels even if panel is full screen.\n * Alerting: Fix NoDataFound for alert rules using AND operator.\n\n- Features and enhancements:\n * Alerting: Allow configuration of non-ready alertmanagers.\n * Alerting: Allow customization of Google chat message.\n * AppPlugins: Support app plugins with only default nav.\n * InfluxDB: query editor: skip fields in metadata queries.\n * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana.\n * Prometheus: Forward oauth tokens after prometheus datasource migration.\n * BarChart: Use new data error view component to show actions in panel edit.\n * CloudMonitor: Iterate over pageToken for resources.\n * Macaron: Prevent WriteHeader invalid HTTP status code panic\n * Alerting: Prevent folders from being deleted when they contain alerts.\n * Alerting: Show full preview value in tooltip.\n * BarGauge: Limit title width when name is really long.\n * CloudMonitoring: Avoid to escape regexps in filters.\n * CloudWatch: Add support for AWS Metric Insights.\n * TooltipPlugin: Remove other panels\u0027 shared tooltip in edit panel.\n * Visualizations: Limit y label width to 40% of visualization width.\n * Alerting: Create DatasourceError alert if evaluation returns error.\n * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting.\n * Alerting: Support mute timings configuration through the api for the embedded alert manager.\n * CloudWatch: Add missing AWS/Events metrics.\n * Docs: Add easier to find deprecation notices to certain data sources and to the changelog.\n * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag.\n * Table: Add space between values for the DefaultCell and JSONViewCell.\n * Tracing: Make query editors available in dashboard for Tempo and Zipkin.\n * Alerting: Add UI for contact point testing with custom annotations and labels.\n * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts.\n * Alerting: Option for Discord notifier to use webhook name.\n * Annotations: Deprecate AnnotationsSrv.\n * Auth: Omit all base64 paddings in JWT tokens for the JWT auth.\n * Azure Monitor: Clean up fields when editing Metrics.\n * AzureMonitor: Add new starter dashboards.\n * AzureMonitor: Add starter dashboard for app monitoring with Application Insights.\n * Barchart/Time series: Allow x axis label.\n * CLI: Improve error handling for installing plugins.\n * CloudMonitoring: Migrate to use backend plugin SDK contracts.\n * CloudWatch Logs: Add retry strategy for hitting max concurrent queries.\n * CloudWatch: Add AWS RoboMaker metrics and dimension.\n * CloudWatch: Add AWS Transfer metrics and dimension.\n * Dashboard: replace datasource name with a reference object.\n * Dashboards: Show logs on time series when hovering.\n * Elasticsearch: Add support for Elasticsearch 8.0 (Beta).\n * Elasticsearch: Add time zone setting to Date Histogram aggregation.\n * Elasticsearch: Enable full range log volume histogram.\n * Elasticsearch: Full range logs volume.\n * Explore: Allow changing the graph type.\n * Explore: Show ANSI colors when highlighting matched words in the logs panel.\n * Graph(old) panel: Listen to events from Time series panel.\n * Import: Load gcom dashboards from URL.\n * LibraryPanels: Improves export and import of library panels between orgs.\n * OAuth: Support PKCE.\n * Panel edit: Overrides now highlight correctly when searching.\n * PanelEdit: Display drag indicators on draggable sections.\n * Plugins: Refactor Plugin Management.\n * Prometheus: Add custom query parameters when creating PromLink url.\n * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser.\n * StateTimeline: Share cursor with rest of the panels.\n * Tempo: Add error details when json upload fails.\n * Tempo: Add filtering for service graph query.\n * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics.\n * Time series/Bar chart panel: Add ability to sort series via legend.\n * TimeSeries: Allow multiple axes for the same unit.\n * TraceView: Allow span links defined on dataFrame.\n * Transformations: Support a rows mode in labels to fields.\n * ValueMappings: Don\u0027t apply field config defaults to time fields.\n * Variables: Only update panels that are impacted by variable change.\n * Annotations: We have improved tag search performance.\n * Application: You can now configure an error-template title.\n * AzureMonitor: We removed a restriction from the resource filter query.\n * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in \n LXC environments.\n * Prometheus: We removed the autocomplete limit for metrics.\n * Table: We improved the styling of the type icons to make them more distinct from column / field name.\n * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations.\n * AWS: Updated AWS authentication documentation.\n * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation.\n * Alerting: Allows more characters in label names so notifications are sent.\n * Alerting: Get alert rules for a dashboard or a panel using `/api/v1/rules` endpoints.\n * Annotations: Improved rendering performance of event markers.\n * CloudWatch Logs: Skip caching for log queries.\n * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo.\n * Packaging: Add stricter systemd unit options.\n * Prometheus: Metrics browser can now handle label values with special characters.\n * AccessControl: Document new permissions restricting data source access.\n * TimePicker: Add fiscal years and search to time picker.\n * Alerting: Added support for Unified Alerting with Grafana HA.\n * Alerting: Added support for tune rule evaluation using configuration options.\n * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts.\n * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and \n disabling them for specific organisations.\n * CloudWatch: Introduced new math expression where it is necessary to specify the period field.\n * InfluxDB: Added support for `$__interval` and `$__interval_ms` inFlux queries for alerting.\n * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision.\n * Plugins Catalog: Make the catalog the default way to interact with plugins.\n * Prometheus: Removed autocomplete limit for metrics.\n * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration.\n * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval.\n * Alerting: Add a Test button to test contact point.\n * Alerting: Allow creating/editing recording rules for Loki and Cortex.\n * Alerting: Metrics should have the label org instead of user.\n * Alerting: Sort notification channels by name to make them easier to locate.\n * Alerting: Support org level isolation of notification configuration.\n * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph.\n * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services.\n * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor.\n * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs.\n * CloudWatch Logs: Disable query path using websockets (Live) feature.\n * CloudWatch/Logs: Don\u0027t group dataframes for non time series queries.\n * Cloudwatch: Migrate queries that use multiple stats to one query per stat.\n * Dashboard: Keep live timeseries moving left (v2).\n * Datasources: Introduce response_limit for datasource responses.\n * Explore: Add filter by trace or span ID to trace to logs feature.\n * Explore: Download traces as JSON in Explore Inspector.\n * Explore: Reuse Dashboard\u0027s QueryRows component.\n * Explore: Support custom display label for derived fields buttons for Loki datasource.\n * Grafana UI: Update monaco-related dependencies.\n * Graphite: Deprecate browser access mode.\n * InfluxDB: Improve handling of intervals in alerting.\n * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better.\n * Jaeger: Add ability to upload JSON file for trace data.\n * LibraryElements: Enable specifying UID for new and existing library elements.\n * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a \n library panel from the dashboard view.\n * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order.\n * Loki: Add fuzzy search to label browser.\n * Navigation: Implement active state for items in the Sidemenu.\n * Packaging: Add stricter systemd unit options.\n * Packaging: Update PID file location from /var/run to /run.\n * Plugins: Add Hide OAuth Forward config option.\n * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed.\n * Prometheus: Add browser access mode deprecation warning.\n * Prometheus: Add interpolation for built-in-time variables to backend.\n * Tempo: Add ability to upload trace data in JSON format.\n * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels.\n * Transformations: Convert field types to time string number or boolean.\n * Value mappings: Add regular-expression based value mapping.\n * Zipkin: Add ability to upload trace JSON.\n * Explore: Ensure logs volume bar colors match legend colors.\n * LDAP: Search all DNs for users.\n * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers.\n * Datasource: Change HTTP status code for failed datasource\n health check to 400.\n * Explore: Add span duration to left panel in trace viewer.\n * Plugins: Use file extension allowlist when serving plugin\n assets instead of checking for UNIX executable.\n * Profiling: Add support for binding pprof server to custom\n network interfaces.\n * Search: Make search icon keyboard navigable.\n * Template variables: Keyboard navigation improvements.\n * Tooltip: Display ms within minute time range.\n * Alerting: Deduplicate receivers during migration.\n * ColorPicker: Display colors as RGBA.\n * Select: Make portalling the menu opt-in, but opt-in everywhere.\n * TimeRangePicker: Improve accessibility.\n * Alerting: Support label matcher syntax in alert rule list filter.\n * IconButton: Put tooltip text as aria-label.\n * Live: Experimental HA with Redis.\n * UI: FileDropzone component.\n * CloudWatch: Add AWS LookoutMetrics.\n * Alerting: Expand the value string in alert annotations and labels.\n * Auth: Add Azure HTTP authentication middleware.\n * Auth: Auth: Pass user role when using the authentication proxy.\n * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes.\n * Alerting: Add Alertmanager notifications tab.\n * Alerting: Add button to deactivate current Alertmanager\n configuration.\n * Alerting: Add toggle in Loki/Prometheus data source\n configuration to opt out of alerting UI.\n * Alerting: Allow any \u0027evaluate for\u0027 value \u003e=0 in the alert\n rule form.\n * Alerting: Load default configuration from status endpoint, if\n Cortex Alertmanager returns empty user configuration. \n * Alerting: view to display alert rule and its underlying data.\n * Annotation panel: Release the annotation panel.\n * Annotations: Add typeahead support for tags in built-in\n annotations.\n * AzureMonitor: Add curated dashboards for Azure services.\n * AzureMonitor: Add support for deep links to Microsoft Azure\n portal for Metrics.\n * AzureMonitor: Remove support for different credentials for\n Azure Monitor Logs.\n * AzureMonitor: Support querying any Resource for Logs queries.\n * Elasticsearch: Add frozen indices search support.\n * Elasticsearch: Name fields after template variables values\n instead of their name.\n * Elasticsearch: add rate aggregation.\n * Email: Allow configuration of content types for email\n notifications.\n * Explore: Add more meta information when line limit is hit.\n * Explore: UI improvements to trace view.\n * FieldOverrides: Added support to change display name in an\n override field and have it be matched by a later rule.\n * HTTP Client: Introduce dataproxy_max_idle_connections config\n variable.\n * InfluxDB: InfluxQL: adds tags to timeseries data.\n * InfluxDB: InfluxQL: make measurement search case insensitive.\n Legacy Alerting: Replace simplejson with a struct in webhook\n notification channel.\n * Legend: Updates display name for Last (not null) to just\n Last*.\n * Logs panel: Add option to show common labels.\n * Loki: Add $__range variable.\n * Loki: Add support for \u0027label_values(log stream selector,\n label)\u0027 in templating.\n * Loki: Add support for ad-hoc filtering in dashboard.\n * MySQL Datasource: Add timezone parameter.\n * NodeGraph: Show gradient fields in legend.\n * PanelOptions: Don\u0027t mutate panel options/field config object\n when updating.\n * PieChart: Make pie gradient more subtle to match other\n charts.\n * Prometheus: Update PromQL typeahead and highlighting.\n * Prometheus: interpolate variable for step field.\n * Provisioning: Improve validation by validating across all\n dashboard providers.\n * SQL Datasources: Allow multiple string/labels columns with\n time series.\n * Select: Portal select menu to document.body.\n * Team Sync: Add group mapping to support team sync in the\n Generic OAuth provider.\n * Tooltip: Make active series more noticeable.\n * Tracing: Add support to configure trace to logs start and end\n time.\n * Transformations: Skip merge when there is only a single data\n frame.\n * ValueMapping: Added support for mapping text to color,\n boolean values, NaN and Null. Improved UI for value mapping.\n * Visualizations: Dynamically set any config (min, max, unit,\n color, thresholds) from query results.\n * live: Add support to handle origin without a value for the\n port when matching with root_url.\n * Alerting: Add annotation upon alert state change.\n * Alerting: Allow space in label and annotation names.\n * InfluxDB: Improve legend labels for InfluxDB query results.\n * Cloudwatch Logs: Send error down to client.\n * Folders: Return 409 Conflict status when folder already\n exists.\n * TimeSeries: Do not show series in tooltip if it\u0027s hidden in\n the viz.\n * Live: Rely on app url for origin check.\n * PieChart: Sort legend descending, update placeholder.\n * TimeSeries panel: Do not reinitialize plot when thresholds\n mode change.\n * Alerting: Increase alertmanager_conf column if MySQL.\n * Time series/Bar chart panel: Handle infinite numbers as nulls\n when converting to plot array.\n * TimeSeries: Ensure series overrides that contain color are\n migrated, and migrate the previous fieldConfig when changing\n the panel type.\n * ValueMappings: Improve singlestat value mappings migration.\n * Datasource: Add support for max_conns_per_host in dataproxy\n settings.\n * AzureMonitor: Require default subscription for workspaces()\n template variable query.\n * AzureMonitor: Use resource type display names in the UI.\n * Dashboard: Remove support for loading and deleting dashboard\n by slug.\n * InfluxDB: Deprecate direct browser access in data source.\n * VizLegend: Add a read-only property.\n * API: Support folder UID in dashboards API.\n * Alerting: Add support for configuring avatar URL for the\n Discord notifier.\n * Alerting: Clarify that Threema Gateway Alerts support only\n Basic IDs.\n * Azure: Expose Azure settings to external plugins.\n * AzureMonitor: Deprecate using separate credentials for Azure\n Monitor Logs.\n * AzureMonitor: Display variables in resource picker for Azure\n Monitor Logs.\n * AzureMonitor: Hide application insights for data sources not\n using it.\n * AzureMonitor: Support querying subscriptions and resource\n groups in Azure Monitor Logs.\n * AzureMonitor: remove requirement for default subscription.\n * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.\n * CloudWatch: Add missing AWS AppSync metrics.\n * ConfirmModal: Auto focus delete button.\n * Explore: Add caching for queries that are run from logs\n navigation.\n * Loki: Add formatting for annotations.\n * Loki: Bring back processed bytes as meta information.\n * NodeGraph: Display node graph collapsed by default with trace\n view.\n * Overrides: Include a manual override option to hide something\n from visualization.\n * PieChart: Support row data in pie charts.\n * Prometheus: Update default HTTP method to POST for existing\n data sources.\n * Time series panel: Position tooltip correctly when window is\n scrolled or resized.\n * AppPlugins: Expose react-router to apps.\n * AzureMonitor: Add Azure Resource Graph.\n * AzureMonitor: Managed Identity configuration UI.\n * AzureMonitor: Token provider with support for Managed\n Identities.\n * AzureMonitor: Update Logs workspace() template variable query\n to return resource URIs.\n * BarChart: Value label sizing.\n * CloudMonitoring: Add support for preprocessing.\n * CloudWatch: Add AWS/EFS StorageBytes metric.\n * CloudWatch: Allow use of missing AWS namespaces using custom\n metrics.\n * Datasource: Shared HTTP client provider for core backend data\n sources and any data source using the data source proxy.\n * InfluxDB: InfluxQL: allow empty tag values in the query\n editor.\n * Instrumentation: Instrument incoming HTTP request with\n histograms by default.\n * Library Panels: Add name endpoint \u0026 unique name validation to\n AddLibraryPanelModal.\n * Logs panel: Support details view.\n * PieChart: Always show the calculation options dropdown in the\n editor.\n * PieChart: Remove beta flag.\n * Plugins: Enforce signing for all plugins.\n * Plugins: Remove support for deprecated backend plugin\n protocol version.\n * Tempo/Jaeger: Add better display name to legend.\n * Timeline: Add time range zoom.\n * Timeline: Adds opacity \u0026 line width option.\n * Timeline: Value text alignment option.\n * ValueMappings: Add duplicate action, and disable dismiss on\n backdrop click.\n * Zipkin: Add node graph view to trace response.\n * API: Add org users with pagination.\n * API: Return 404 when deleting nonexistent API key.\n * API: Return query results as JSON rather than base64 encoded\n Arrow.\n * Alerting: Allow sending notification tags to Opsgenie as\n extra properties.\n * Alerts: Replaces all uses of InfoBox \u0026 FeatureInfoBox with\n Alert.\n * Auth: Add support for JWT Authentication.\n * AzureMonitor: Add support for\n Microsoft.SignalRService/SignalR metrics.\n * AzureMonitor: Azure settings in Grafana server config.\n * AzureMonitor: Migrate Metrics query editor to React.\n * BarChart panel: enable series toggling via legend.\n * BarChart panel: Adds support for Tooltip in BarChartPanel.\n * PieChart panel: Change look of highlighted pie slices.\n * CloudMonitoring: Migrate config editor from angular to react.\n * CloudWatch: Add Amplify Console metrics and dimensions.\n * CloudWatch: Add missing Redshift metrics to CloudWatch data\n source.\n * CloudWatch: Add metrics for managed RabbitMQ service.\n * DashboardList: Enable templating on search tag input.\n * Datasource config: correctly remove single custom http\n header.\n * Elasticsearch: Add generic support for template variables.\n * Elasticsearch: Allow omitting field when metric supports\n inline script.\n * Elasticsearch: Allow setting a custom limit for log queries.\n * Elasticsearch: Guess field type from first non-empty value.\n * Elasticsearch: Use application/x-ndjson content type for\n multisearch requests.\n * Elasticsearch: Use semver strings to identify ES version.\n * Explore: Add logs navigation to request more logs.\n * Explore: Map Graphite queries to Loki.\n * Explore: Scroll split panes in Explore independently.\n * Explore: Wrap each panel in separate error boundary.\n * FieldDisplay: Smarter naming of stat values when visualising\n row values (all values) in stat panels.\n * Graphite: Expand metric names for variables.\n * Graphite: Handle unknown Graphite functions without breaking\n the visual editor.\n * Graphite: Show graphite functions descriptions.\n * Graphite: Support request cancellation properly (Uses new\n backendSrv.fetch Observable request API).\n * InfluxDB: Flux: Improve handling of complex\n response-structures.\n * InfluxDB: Support region annotations.\n * Inspector: Download logs for manual processing.\n * Jaeger: Add node graph view for trace.\n * Jaeger: Search traces.\n * Loki: Use data source settings for alerting queries.\n * NodeGraph: Exploration mode.\n * OAuth: Add support for empty scopes.\n * PanelChrome: New logic-less emotion based component with no\n dependency on PanelModel or DashboardModel.\n * PanelEdit: Adds a table view toggle to quickly view data in\n table form.\n * PanelEdit: Highlight matched words when searching options.\n * PanelEdit: UX improvements.\n * Plugins: PanelRenderer and simplified QueryRunner to be used\n from plugins.\n * Plugins: AuthType in route configuration and params\n interpolation.\n * Plugins: Enable plugin runtime install/uninstall\n capabilities.\n * Plugins: Support set body content in plugin routes.\n * Plugins: Introduce marketplace app.\n * Plugins: Moving the DataSourcePicker to grafana/runtime so it\n can be reused in plugins.\n * Prometheus: Add custom query params for alert and exemplars\n queries.\n * Prometheus: Use fuzzy string matching to autocomplete metric\n names and label.\n * Routing: Replace Angular routing with react-router.\n * Slack: Use chat.postMessage API by default.\n * Tempo: Search for Traces by querying Loki directly from\n Tempo.\n * Tempo: Show graph view of the trace.\n * Themes: Switch theme without reload using global shortcut.\n * TimeSeries panel: Add support for shared cursor.\n * TimeSeries panel: Do not crash the panel if there is no time\n series data in the response.\n * Variables: Do not save repeated panels, rows and scopedVars.\n * Variables: Removes experimental Tags feature.\n * Variables: Removes the never refresh option.\n * Visualizations: Unify tooltip options across visualizations.\n * Visualizations: Refactor and unify option creation between\n new visualizations.\n * Visualizations: Remove singlestat panel.\n\n- Plugin development fixes \u0026 changes:\n * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing.\n * Select: Select menus now properly scroll during keyboard navigation.\n * grafana/ui: Enable slider marks display.\n * Plugins: Create a mock icon component to prevent console errors.\n * Grafana UI: Fix TS error property css is missing in type.\n * Toolkit: Fix matchMedia not found error.\n * Toolkit: Improve error messages when tasks fail.\n * Toolkit: Resolve external fonts when Grafana is served from a\n sub path.\n * QueryField: Remove carriage return character from pasted text.\n * Button: Introduce buttonStyle prop.\n * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode.\n * grafana/ui: Update React Hook Form to v7.\n * IconButton: Introduce variant for red and blue icon buttons.\n * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone.\n * TagsInput: Add className to TagsInput.\n * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change).\n\n- Other changes:\n\n * Update to Go 1.17.\n * Add build-time dependency on `wire`.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1419,openSUSE-SLE-15.3-2022-1419,openSUSE-SLE-15.4-2022-1419",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-fu-2022_1419-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-FU-2022:1419-1",
"url": "https://www.suse.com/support/update/announcement//suse-fu-20221419-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-FU-2022:1419-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2022-April/022823.html"
},
{
"category": "self",
"summary": "SUSE Bug 1194873",
"url": "https://bugzilla.suse.com/1194873"
},
{
"category": "self",
"summary": "SUSE Bug 1195726",
"url": "https://bugzilla.suse.com/1195726"
},
{
"category": "self",
"summary": "SUSE Bug 1195727",
"url": "https://bugzilla.suse.com/1195727"
},
{
"category": "self",
"summary": "SUSE Bug 1195728",
"url": "https://bugzilla.suse.com/1195728"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36222 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3711 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39226 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41174 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41244 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43798 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43813 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43815 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21713/"
}
],
"title": "Feature update for grafana",
"tracking": {
"current_release_date": "2022-04-27T07:20:15Z",
"generator": {
"date": "2022-04-27T07:20:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-FU-2022:1419-1",
"initial_release_date": "2022-04-27T07:20:15Z",
"revision_history": [
{
"date": "2022-04-27T07:20:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.3.5-150200.3.21.1.aarch64",
"product": {
"name": "grafana-8.3.5-150200.3.21.1.aarch64",
"product_id": "grafana-8.3.5-150200.3.21.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.3.5-150200.3.21.1.i586",
"product": {
"name": "grafana-8.3.5-150200.3.21.1.i586",
"product_id": "grafana-8.3.5-150200.3.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.3.5-150200.3.21.1.ppc64le",
"product": {
"name": "grafana-8.3.5-150200.3.21.1.ppc64le",
"product_id": "grafana-8.3.5-150200.3.21.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.3.5-150200.3.21.1.s390x",
"product": {
"name": "grafana-8.3.5-150200.3.21.1.s390x",
"product_id": "grafana-8.3.5-150200.3.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.3.5-150200.3.21.1.x86_64",
"product": {
"name": "grafana-8.3.5-150200.3.21.1.x86_64",
"product_id": "grafana-8.3.5-150200.3.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150200.3.21.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64"
},
"product_reference": "grafana-8.3.5-150200.3.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150200.3.21.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le"
},
"product_reference": "grafana-8.3.5-150200.3.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150200.3.21.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x"
},
"product_reference": "grafana-8.3.5-150200.3.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150200.3.21.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64"
},
"product_reference": "grafana-8.3.5-150200.3.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150200.3.21.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64"
},
"product_reference": "grafana-8.3.5-150200.3.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150200.3.21.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le"
},
"product_reference": "grafana-8.3.5-150200.3.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150200.3.21.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x"
},
"product_reference": "grafana-8.3.5-150200.3.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150200.3.21.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
},
"product_reference": "grafana-8.3.5-150200.3.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36222"
}
],
"notes": [
{
"category": "general",
"text": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36222",
"url": "https://www.suse.com/security/cve/CVE-2021-36222"
},
{
"category": "external",
"summary": "SUSE Bug 1188571 for CVE-2021-36222",
"url": "https://bugzilla.suse.com/1188571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "important"
}
],
"title": "CVE-2021-36222"
},
{
"cve": "CVE-2021-3711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3711"
}
],
"notes": [
{
"category": "general",
"text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3711",
"url": "https://www.suse.com/security/cve/CVE-2021-3711"
},
{
"category": "external",
"summary": "SUSE Bug 1189520 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1189520"
},
{
"category": "external",
"summary": "SUSE Bug 1190129 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1190129"
},
{
"category": "external",
"summary": "SUSE Bug 1192100 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1192100"
},
{
"category": "external",
"summary": "SUSE Bug 1205663 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1205663"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "critical"
}
],
"title": "CVE-2021-3711"
},
{
"cve": "CVE-2021-39226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39226"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39226",
"url": "https://www.suse.com/security/cve/CVE-2021-39226"
},
{
"category": "external",
"summary": "SUSE Bug 1191454 for CVE-2021-39226",
"url": "https://bugzilla.suse.com/1191454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "important"
}
],
"title": "CVE-2021-39226"
},
{
"cve": "CVE-2021-41174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41174"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim\u0027s browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(\u0027alert(1)\u0027)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41174",
"url": "https://www.suse.com/security/cve/CVE-2021-41174"
},
{
"category": "external",
"summary": "SUSE Bug 1192383 for CVE-2021-41174",
"url": "https://bugzilla.suse.com/1192383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "moderate"
}
],
"title": "CVE-2021-41174"
},
{
"cve": "CVE-2021-41244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41244"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users\u0027 roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users\u0027 roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41244",
"url": "https://www.suse.com/security/cve/CVE-2021-41244"
},
{
"category": "external",
"summary": "SUSE Bug 1192763 for CVE-2021-41244",
"url": "https://bugzilla.suse.com/1192763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "critical"
}
],
"title": "CVE-2021-41244"
},
{
"cve": "CVE-2021-43798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43798"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `\u003cgrafana_host_url\u003e/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43798",
"url": "https://www.suse.com/security/cve/CVE-2021-43798"
},
{
"category": "external",
"summary": "SUSE Bug 1193492 for CVE-2021-43798",
"url": "https://bugzilla.suse.com/1193492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "important"
}
],
"title": "CVE-2021-43798"
},
{
"cve": "CVE-2021-43813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43813"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43813",
"url": "https://www.suse.com/security/cve/CVE-2021-43813"
},
{
"category": "external",
"summary": "SUSE Bug 1193686 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193686"
},
{
"category": "external",
"summary": "SUSE Bug 1193688 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "moderate"
}
],
"title": "CVE-2021-43813"
},
{
"cve": "CVE-2021-43815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43815"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43815",
"url": "https://www.suse.com/security/cve/CVE-2021-43815"
},
{
"category": "external",
"summary": "SUSE Bug 1193686 for CVE-2021-43815",
"url": "https://bugzilla.suse.com/1193686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "moderate"
}
],
"title": "CVE-2021-43815"
},
{
"cve": "CVE-2022-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21673"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21673",
"url": "https://www.suse.com/security/cve/CVE-2022-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1194873 for CVE-2022-21673",
"url": "https://bugzilla.suse.com/1194873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "moderate"
}
],
"title": "CVE-2022-21673"
},
{
"cve": "CVE-2022-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21702"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21702",
"url": "https://www.suse.com/security/cve/CVE-2022-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1195726 for CVE-2022-21702",
"url": "https://bugzilla.suse.com/1195726"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "moderate"
}
],
"title": "CVE-2022-21702"
},
{
"cve": "CVE-2022-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21703"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21703",
"url": "https://www.suse.com/security/cve/CVE-2022-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1195727 for CVE-2022-21703",
"url": "https://bugzilla.suse.com/1195727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "moderate"
}
],
"title": "CVE-2022-21703"
},
{
"cve": "CVE-2022-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21713"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21713",
"url": "https://www.suse.com/security/cve/CVE-2022-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1195728 for CVE-2022-21713",
"url": "https://bugzilla.suse.com/1195728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x",
"openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-27T07:20:15Z",
"details": "moderate"
}
],
"title": "CVE-2022-21713"
}
]
}
SUSE-SU-2021:2830-1
Vulnerability from csaf_suse - Published: 2021-08-24 14:20 - Updated: 2021-08-24 14:20Summary
Security update for openssl-1_1
Severity
Important
Notes
Title of the patch: Security update for openssl-1_1
Description of the patch: This update for openssl-1_1 fixes the following security issues:
- CVE-2021-3711: A bug in the implementation of the SM2 decryption code
could lead to buffer overflows. [bsc#1189520]
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
Patchnames: SUSE-2021-2830,SUSE-SLE-Module-Basesystem-15-SP2-2021-2830,SUSE-SLE-Module-Basesystem-15-SP3-2021-2830,SUSE-SUSE-MicroOS-5.0-2021-2830
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.3 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following security issues:\n\n- CVE-2021-3711: A bug in the implementation of the SM2 decryption code\n could lead to buffer overflows. [bsc#1189520]\n\n- CVE-2021-3712: a bug in the code for printing certificate details could\n lead to a buffer overrun that a malicious actor could exploit to crash\n the application, causing a denial-of-service attack. [bsc#1189521]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-2830,SUSE-SLE-Module-Basesystem-15-SP2-2021-2830,SUSE-SLE-Module-Basesystem-15-SP3-2021-2830,SUSE-SUSE-MicroOS-5.0-2021-2830",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2830-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:2830-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212830-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:2830-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009341.html"
},
{
"category": "self",
"summary": "SUSE Bug 1189520",
"url": "https://bugzilla.suse.com/1189520"
},
{
"category": "self",
"summary": "SUSE Bug 1189521",
"url": "https://bugzilla.suse.com/1189521"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3711 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3712 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3712/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2021-08-24T14:20:41Z",
"generator": {
"date": "2021-08-24T14:20:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:2830-1",
"initial_release_date": "2021-08-24T14:20:41Z",
"revision_history": [
{
"date": "2021-08-24T14:20:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-11.27.1.aarch64",
"product": {
"name": "libopenssl1_1-1.1.1d-11.27.1.aarch64",
"product_id": "libopenssl1_1-1.1.1d-11.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"product_id": "libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-11.27.1.aarch64",
"product": {
"name": "openssl-1_1-1.1.1d-11.27.1.aarch64",
"product_id": "openssl-1_1-1.1.1d-11.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-64bit-1.1.1d-11.27.1.aarch64_ilp32",
"product": {
"name": "libopenssl-1_1-devel-64bit-1.1.1d-11.27.1.aarch64_ilp32",
"product_id": "libopenssl-1_1-devel-64bit-1.1.1d-11.27.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-64bit-1.1.1d-11.27.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-64bit-1.1.1d-11.27.1.aarch64_ilp32",
"product_id": "libopenssl1_1-64bit-1.1.1d-11.27.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-64bit-1.1.1d-11.27.1.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-hmac-64bit-1.1.1d-11.27.1.aarch64_ilp32",
"product_id": "libopenssl1_1-hmac-64bit-1.1.1d-11.27.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.i586",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.i586",
"product_id": "libopenssl-1_1-devel-1.1.1d-11.27.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-11.27.1.i586",
"product": {
"name": "libopenssl1_1-1.1.1d-11.27.1.i586",
"product_id": "libopenssl1_1-1.1.1d-11.27.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.i586",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.i586",
"product_id": "libopenssl1_1-hmac-1.1.1d-11.27.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-11.27.1.i586",
"product": {
"name": "openssl-1_1-1.1.1d-11.27.1.i586",
"product_id": "openssl-1_1-1.1.1d-11.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_1-doc-1.1.1d-11.27.1.noarch",
"product": {
"name": "openssl-1_1-doc-1.1.1d-11.27.1.noarch",
"product_id": "openssl-1_1-doc-1.1.1d-11.27.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"product_id": "libopenssl1_1-1.1.1d-11.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"product_id": "libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-11.27.1.ppc64le",
"product": {
"name": "openssl-1_1-1.1.1d-11.27.1.ppc64le",
"product_id": "openssl-1_1-1.1.1d-11.27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"product_id": "libopenssl-1_1-devel-1.1.1d-11.27.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-11.27.1.s390x",
"product": {
"name": "libopenssl1_1-1.1.1d-11.27.1.s390x",
"product_id": "libopenssl1_1-1.1.1d-11.27.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"product_id": "libopenssl1_1-hmac-1.1.1d-11.27.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-11.27.1.s390x",
"product": {
"name": "openssl-1_1-1.1.1d-11.27.1.s390x",
"product_id": "openssl-1_1-1.1.1d-11.27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1d-11.27.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-11.27.1.x86_64",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1d-11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-11.27.1.x86_64",
"product": {
"name": "libopenssl1_1-1.1.1d-11.27.1.x86_64",
"product_id": "libopenssl1_1-1.1.1d-11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"product_id": "libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"product_id": "libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-11.27.1.x86_64",
"product": {
"name": "openssl-1_1-1.1.1d-11.27.1.x86_64",
"product_id": "openssl-1_1-1.1.1d-11.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-11.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-11.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-11.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1d-11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-11.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-11.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1d-11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-11.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1d-11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-11.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-11.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-11.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1d-11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-11.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-11.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1d-11.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-11.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.s390x"
},
"product_reference": "openssl-1_1-1.1.1d-11.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-11.27.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-11.27.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-11.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-11.27.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-11.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3711"
}
],
"notes": [
{
"category": "general",
"text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3711",
"url": "https://www.suse.com/security/cve/CVE-2021-3711"
},
{
"category": "external",
"summary": "SUSE Bug 1189520 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1189520"
},
{
"category": "external",
"summary": "SUSE Bug 1190129 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1190129"
},
{
"category": "external",
"summary": "SUSE Bug 1192100 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1192100"
},
{
"category": "external",
"summary": "SUSE Bug 1205663 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1205663"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-24T14:20:41Z",
"details": "critical"
}
],
"title": "CVE-2021-3711"
},
{
"cve": "CVE-2021-3712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3712"
}
],
"notes": [
{
"category": "general",
"text": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3712",
"url": "https://www.suse.com/security/cve/CVE-2021-3712"
},
{
"category": "external",
"summary": "SUSE Bug 1189521 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1189521"
},
{
"category": "external",
"summary": "SUSE Bug 1190129 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1190129"
},
{
"category": "external",
"summary": "SUSE Bug 1191640 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1191640"
},
{
"category": "external",
"summary": "SUSE Bug 1192100 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1192100"
},
{
"category": "external",
"summary": "SUSE Bug 1192787 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1192787"
},
{
"category": "external",
"summary": "SUSE Bug 1194948 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1194948"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Micro 5.0:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:openssl-1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl-1_1-devel-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libopenssl1_1-hmac-32bit-1.1.1d-11.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:openssl-1_1-1.1.1d-11.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-24T14:20:41Z",
"details": "moderate"
}
],
"title": "CVE-2021-3712"
}
]
}
SUSE-SU-2021:2833-1
Vulnerability from csaf_suse - Published: 2021-08-24 14:21 - Updated: 2021-08-24 14:21Summary
Security update for openssl-1_1
Severity
Important
Notes
Title of the patch: Security update for openssl-1_1
Description of the patch: This update for openssl-1_1 fixes the following security issues:
- CVE-2021-3711: A bug in the implementation of the SM2 decryption code could
lead to buffer overflows. [bsc#1189520]
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
Patchnames: SUSE-2021-2833,SUSE-OpenStack-Cloud-9-2021-2833,SUSE-OpenStack-Cloud-Crowbar-9-2021-2833,SUSE-SLE-SAP-12-SP4-2021-2833,SUSE-SLE-SDK-12-SP5-2021-2833,SUSE-SLE-SERVER-12-SP4-LTSS-2021-2833,SUSE-SLE-SERVER-12-SP5-2021-2833
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.3 (Medium)
Affected products
Recommended
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:openssl-1_1-1.1.1d-2.36.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following security issues:\n\n- CVE-2021-3711: A bug in the implementation of the SM2 decryption code could\n lead to buffer overflows. [bsc#1189520]\n\n- CVE-2021-3712: a bug in the code for printing certificate details could\n lead to a buffer overrun that a malicious actor could exploit to crash\n the application, causing a denial-of-service attack. [bsc#1189521]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-2833,SUSE-OpenStack-Cloud-9-2021-2833,SUSE-OpenStack-Cloud-Crowbar-9-2021-2833,SUSE-SLE-SAP-12-SP4-2021-2833,SUSE-SLE-SDK-12-SP5-2021-2833,SUSE-SLE-SERVER-12-SP4-LTSS-2021-2833,SUSE-SLE-SERVER-12-SP5-2021-2833",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2833-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:2833-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212833-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:2833-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009346.html"
},
{
"category": "self",
"summary": "SUSE Bug 1189520",
"url": "https://bugzilla.suse.com/1189520"
},
{
"category": "self",
"summary": "SUSE Bug 1189521",
"url": "https://bugzilla.suse.com/1189521"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3711 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3712 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3712/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2021-08-24T14:21:30Z",
"generator": {
"date": "2021-08-24T14:21:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:2833-1",
"initial_release_date": "2021-08-24T14:21:30Z",
"revision_history": [
{
"date": "2021-08-24T14:21:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.36.2.aarch64",
"product": {
"name": "libopenssl1_1-1.1.1d-2.36.2.aarch64",
"product_id": "libopenssl1_1-1.1.1d-2.36.2.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.36.2.aarch64",
"product": {
"name": "openssl-1_1-1.1.1d-2.36.2.aarch64",
"product_id": "openssl-1_1-1.1.1d-2.36.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-64bit-1.1.1d-2.36.2.aarch64_ilp32",
"product": {
"name": "libopenssl-1_1-devel-64bit-1.1.1d-2.36.2.aarch64_ilp32",
"product_id": "libopenssl-1_1-devel-64bit-1.1.1d-2.36.2.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-64bit-1.1.1d-2.36.2.aarch64_ilp32",
"product": {
"name": "libopenssl1_1-64bit-1.1.1d-2.36.2.aarch64_ilp32",
"product_id": "libopenssl1_1-64bit-1.1.1d-2.36.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.i586",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.i586",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.36.2.i586"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.36.2.i586",
"product": {
"name": "libopenssl1_1-1.1.1d-2.36.2.i586",
"product_id": "libopenssl1_1-1.1.1d-2.36.2.i586"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.36.2.i586",
"product": {
"name": "openssl-1_1-1.1.1d-2.36.2.i586",
"product_id": "openssl-1_1-1.1.1d-2.36.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1_1-doc-1.1.1d-2.36.2.noarch",
"product": {
"name": "openssl-1_1-doc-1.1.1d-2.36.2.noarch",
"product_id": "openssl-1_1-doc-1.1.1d-2.36.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"product_id": "libopenssl1_1-1.1.1d-2.36.2.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.36.2.ppc64le",
"product": {
"name": "openssl-1_1-1.1.1d-2.36.2.ppc64le",
"product_id": "openssl-1_1-1.1.1d-2.36.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.s390",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.s390",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.36.2.s390"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.36.2.s390",
"product": {
"name": "libopenssl1_1-1.1.1d-2.36.2.s390",
"product_id": "libopenssl1_1-1.1.1d-2.36.2.s390"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.36.2.s390",
"product": {
"name": "openssl-1_1-1.1.1d-2.36.2.s390",
"product_id": "openssl-1_1-1.1.1d-2.36.2.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.s390x",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.36.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.36.2.s390x",
"product": {
"name": "libopenssl1_1-1.1.1d-2.36.2.s390x",
"product_id": "libopenssl1_1-1.1.1d-2.36.2.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"product": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"product_id": "libopenssl1_1-32bit-1.1.1d-2.36.2.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.36.2.s390x",
"product": {
"name": "openssl-1_1-1.1.1d-2.36.2.s390x",
"product_id": "openssl-1_1-1.1.1d-2.36.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1d-2.36.2.x86_64",
"product": {
"name": "libopenssl1_1-1.1.1d-2.36.2.x86_64",
"product_id": "libopenssl1_1-1.1.1d-2.36.2.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.1d-2.36.2.x86_64",
"product": {
"name": "openssl-1_1-1.1.1d-2.36.2.x86_64",
"product_id": "openssl-1_1-1.1.1d-2.36.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:libopenssl1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openssl-1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openssl-1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.s390x"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.s390x"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.1d-2.36.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64"
},
"product_reference": "openssl-1_1-1.1.1d-2.36.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3711"
}
],
"notes": [
{
"category": "general",
"text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openssl-1_1-1.1.1d-2.36.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3711",
"url": "https://www.suse.com/security/cve/CVE-2021-3711"
},
{
"category": "external",
"summary": "SUSE Bug 1189520 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1189520"
},
{
"category": "external",
"summary": "SUSE Bug 1190129 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1190129"
},
{
"category": "external",
"summary": "SUSE Bug 1192100 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1192100"
},
{
"category": "external",
"summary": "SUSE Bug 1205663 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1205663"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openssl-1_1-1.1.1d-2.36.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openssl-1_1-1.1.1d-2.36.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-24T14:21:30Z",
"details": "critical"
}
],
"title": "CVE-2021-3711"
},
{
"cve": "CVE-2021-3712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3712"
}
],
"notes": [
{
"category": "general",
"text": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openssl-1_1-1.1.1d-2.36.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3712",
"url": "https://www.suse.com/security/cve/CVE-2021-3712"
},
{
"category": "external",
"summary": "SUSE Bug 1189521 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1189521"
},
{
"category": "external",
"summary": "SUSE Bug 1190129 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1190129"
},
{
"category": "external",
"summary": "SUSE Bug 1191640 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1191640"
},
{
"category": "external",
"summary": "SUSE Bug 1192100 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1192100"
},
{
"category": "external",
"summary": "SUSE Bug 1192787 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1192787"
},
{
"category": "external",
"summary": "SUSE Bug 1194948 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1194948"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-3712",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openssl-1_1-1.1.1d-2.36.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-1.1.1d-2.36.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libopenssl-1_1-devel-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud 9:openssl-1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openssl-1_1-1.1.1d-2.36.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-24T14:21:30Z",
"details": "moderate"
}
],
"title": "CVE-2021-3712"
}
]
}
SUSE-SU-2022:1396-1
Vulnerability from csaf_suse - Published: 2022-04-25 14:43 - Updated: 2022-04-25 14:43Summary
Security update for SUSE Manager Client Tools
Severity
Moderate
Notes
Title of the patch: Security update for SUSE Manager Client Tools
Description of the patch:
This update fixes the following issues:
grafana:
- Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)
+ Security:
* Fixes XSS vulnerability in handling data sources
(bsc#1195726, CVE-2022-21702)
* Fixes cross-origin request forgery vulnerability
(bsc#1195727, CVE-2022-21703)
* Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713)
- Update to Go 1.17.
- Add build-time dependency on `wire`.
- Update license to GNU Affero General Public License v3.0.
- Update to version 8.3.4
* GetUserInfo: return an error if no user was found
(bsc#1194873, CVE-2022-21673)
+ Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user
cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource
migration.
+ Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics
dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group
bys.
* Configuration: You can now see your expired API keys if you
have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single
field.
* Export: Fix error being thrown when exporting dashboards
using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and
name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of $__rate_interval variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields
when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when
signing a private plugin.
* Variables: Fix so data source variables are added to adhoc
configuration.
+ Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins
to prevent plugins from crashing.
- Update to version 8.3.3:
* BarChart: Use new data error view component to show actions
in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from
8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the
manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in
InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser
and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram
metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with
multiple fields.
* TraceView: Fix virtualized scrolling when trace view is
opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed
variables.
* Variables: Fix so queryparam option works for scoped
- Update to version 8.3.2
+ Security: Fixes CVE-2021-43813 and CVE-2021-43815.
- Update to version 8.3.1
+ Security: Fixes CVE-2021-43798.
- Update to version 8.3.0
* Alerting: Prevent folders from being deleted when they
contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit
panel.
* Visualizations: Limit y label width to 40% of visualization
width.
* Alerting: Clear alerting rule evaluation errors after
intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges
smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only
sets color.
- Update to version 8.3.0-beta2
+ Breaking changes:
* Grafana 8 Alerting enabled by default for installations that
do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when
upgrading to Grafana 8 alerting.
* Alerting: Create DatasourceError alert if evaluation returns
error.
* Alerting: Make Unified Alerting enabled by default for those
who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api
for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data
sources and to the changelog.
* Plugins Catalog: Enable install controls based on the
pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and
JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo
and Zipkin.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader
introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and
other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access
mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring
spanIDs.
* Tracing: Show start time of trace with milliseconds
precision.
* Variables: Make renamed or missing variable section
expandable.
* Select: Select menus now properly scroll during keyboard
navigation.
- Update to version 8.3.0-beta1
* Alerting: Add UI for contact point testing with custom
annotations and labels.
* Alerting: Make alert state indicator in panel header work
with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT
auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with
Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max
concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram
aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in
the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels
between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating
PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in
Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to
Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via
legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time
fields.
* Variables: Only update panels that are impacted by variable
change.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data
source.
* Azure monitor: Make sure alert rule editor is not enabled
when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to
CodeEditor.
* Dashboard: Remove the current panel from the list of options
in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query
endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* grafana/ui: Enable slider marks display.
- Update to version 8.2.7
- Update to version 8.2.6
* Security: Upgrade Docker base image to Alpine 3.14.3.
* Security: Upgrade Go to 1.17.2.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of
unrelated series.
- Update to version 8.2.5
* Fix No Data behaviour in Legacy Alerting.
* Alerting: Fix a bug where the metric in the evaluation string
was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert
rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL
queries.
* Dashboards: 'Copy' is no longer added to new dashboard
titles.
* DataProxy: Fix overriding response body when response is a
WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field
for date_histogram aggregations.
* Explore: Fix running queries without a datasource property
set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
- Update to version 8.2.4
+ Security: Fixes CVE-2021-41244.
- Update to version 8.2.3
+ Security: Fixes CVE-2021-41174.
- Update to version 8.2.2
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource
filter query.
* Packaging: We removed the ProcSubset option in systemd. This
option prevented Grafana from starting in LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them
more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge,
bar gauge, and pie chart visualizations.
* Alerting: Fix panic when Slack's API sends unexpected
response.
* Alerting: The Create Alert button now appears on the
dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel
disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is
parsed to an object.
* Prometheus: We fixed the issue where the system did not reuse
TCP connections when querying from Grafana alerting.
* Prometheus: We fixed the problem that resulted in an error
when a user created a query with a $__interval min step.
* RowsToFields: We fixed the issue where the system was not
properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data
min = data max.
* Table panel: You can now create a filter that includes
special characters.
- Update to version 8.2.1
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not
found.
* Packaging: Remove systemcallfilters sections from systemd
unit files.
* Prometheus: Add Headers to HTTP client options.
- Update to version 8.2.0
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream
Prometheus AM implementation.
* Alerting: Allows more characters in label names so
notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using
/api/v1/rules endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in
Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with
* CodeEditor: Ensure that we trigger the latest onSave callback
provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Plugins: Create a mock icon component to prevent console
errors.
- Update to version 8.2.0-beta2
* AccessControl: Document new permissions restricting data
source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using
configuration options.
* Alerting: Cleanups alertmanager namespace from key-value
store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new
settings for enabling Grafana 8 alerts and disabling them for
specific organisations.
* CloudWatch: Introduced new math expression where it is
necessary to specify the period field.
* InfluxDB: Added support for $__interval and $__interval_ms in
Flux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end
timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact
with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* Alerting: Fixed an issue where the edit page crashes if you
tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8
alert rules.
* Alerting: Fixed the silence file content generated during
* Analytics: Fixed an issue related to interaction event
propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even
though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables
with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip
error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use
resultFormat.
* Loki: Fixed creating context query for logs with parsed
labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after
an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not
showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh
pages when pressing enter in a text box variable input.
* Variables: Panel no longer crash when using the adhoc
variable in data links.
- Update to version 8.2.0-beta1
* AccessControl: Introduce new permissions to restrict access
for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names,
and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and
Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them
easier to locate.
* Alerting: Support org level isolation of notification
* AzureMonitor: Add data links to deep link to Azure Portal
Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor
Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request
fails in ConfigEditor.
* Chore: Update to Golang 1.16.7.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs
in logs.
* CloudWatch Logs: Disable query path using websockets (Live)
feature.
* CloudWatch/Logs: Don't group dataframes for non time series
* Cloudwatch: Migrate queries that use multiple stats to one
query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource
responses.
* Explore: Add filter by trace or span ID to trace to logs
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields
buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in
tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing
library elements.
* LibraryPanels: Remove library panel icon from the panel
header so you can no longer tell that a panel is a library
panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting
in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number
of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to
backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in
XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or
boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Admin: Prevent user from deleting user's current/active
organization.
* LibraryPanels: Fix library panel getting saved in the
dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip
is set to All.
* Grafana UI: Fix TS error property css is missing in type.
- Update to version 8.1.8
- Update to version 8.1.7
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
- Update to version 8.1.6
+ Security: Fixes CVE-2021-39226.
- Update to version 8.1.5
* BarChart: Fixes panel error that happens on second refresh.
- Update to version 8.1.4
+ Features and enhancements
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
- Update to version 8.1.3
+ Bug fixes
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Docker: Force use of libcrypto1.1 and libssl1.1 versions to
fix CVE-2021-3711.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric
values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being
created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed
correctly.
* Prometheus: Fix validate selector in metrics browser.
* Security: Fix stylesheet injection vulnerability.
* Security: Fix short URL vulnerability.
- Update to version 8.1.2
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible
Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* Toolkit: Fix matchMedia not found error.
- Update to version 8.1.1
* CloudWatch Logs: Fix crash when no region is selected.
- Update to version 8.1.0
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in
everywhere.
* TimeRangePicker: Improve accessibility.
* Annotations: Correct annotations that are displayed upon page
refresh.
* Annotations: Fix Enabled button that disappeared from Grafana
v8.0.6.
* Annotations: Fix data source template variable that was not
available for annotations.
* AzureMonitor: Fix annotations query editor that does not
load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list
* Loki: Update labels in log browser when time range changes in
dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting ->
Normal.
* PasswordField: Prevent a password from being displayed when
you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Security: Update dependencies to fix CVE-2021-36222.
- Update to version 8.1.0-beta3
* Alerting: Support label matcher syntax in alert rule list
filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Docker: Fix builds by delaying go mod verify until all
required files are copied over.
* Exemplars: Fix disable exemplars only on the query that
failed.
* SQL: Fix SQL dataframe resampling (fill mode + time
intervals).
- Update to version 8.1.0-beta2
* Alerting: Expand the value string in alert annotations and
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication
proxy.
* Gazetteer: Update countries.json file to allow for linking to
3-letter country codes.
* Config: Fix Docker builds by correcting formatting in
sample.ini.
* Explore: Fix encoding of internal URLs.
- Update to version 8.1.0-beta1
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Toolkit: Improve error messages when tasks fail.
- Update to version 8.0.7
- Update to version 8.0.6
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
- Update to version 8.0.5
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
- Update to version 8.0.4
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
- Update to version 8.0.3
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
- Update to version 8.0.2
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
- Update to version 8.0.1
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
- Update to version 8.0.0
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
GET /dashboards/db/:slug
GET /dashboard-solo/db/:slug
GET /api/dashboard/db/:slug
DELETE /api/dashboards/db/:slug
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
- Update to version 8.0.0-beta3
* The default HTTP method for Prometheus data source is now
POST.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
- Update to version 8.0.0-beta2
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
* Variables: Refreshes all panels even if panel is full screen.
* QueryField: Remove carriage return character from pasted text.
- Update to version 8.0.0-beta1
+ License update:
* AGPL License: Update license from Apache 2.0 to the GNU
Affero General Public License (AGPL).
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
+ Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and
showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get
the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext
(breaking change).
- Update to version 7.5.13
* Alerting: Fix NoDataFound for alert rules using AND operator.
mgr-cfg:
- Version 4.2.8-1
* Fix the condition for preventing building python 2 subpackage
for SLE15 (bsc#1197579)
- Version 4.2.7-1
* Fix installation problem for SLE15SP4 due missing python-selinux
mgr-osad:
- Version 4.2.8-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
mgr-push:
- Version 4.2.5-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
mgr-virtualization:
- Version 4.2.4-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
prometheus-postgres_exporter:
- Version 0.10.0
* Added hardening to systemd service(s) with changes to `prometheus-postgres_exporter.service` (bsc#1181400)
* Package rename from golang-github-wrouesnel-postgres_exporter (jsc#SLE-23051)
rhnlib:
- Version 4.2.6-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
spacecmd:
- Version 4.2.16-1
* implement system.bootstrap (bsc#1194909)
* Fix interactive mode for 'system_applyerrata' and 'errata_apply' (bsc#1194363)
spacewalk-client-tools:
- Version 4.2.18-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
- Version 4.2.17-1
* Update translation strings
spacewalk-koan:
- Version 4.2.6-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
spacewalk-oscap:
- Version 4.2.4-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
suseRegisterInfo:
- Version 4.2.6-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
Patchnames: SUSE-2022-1396,SUSE-SLE-Manager-Tools-15-2022-1396,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1396,openSUSE-SLE-15.3-2022-1396,openSUSE-SLE-15.4-2022-1396
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.3 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.9 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
9.1 (Critical)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
53 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Client Tools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update fixes the following issues:\n\ngrafana:\n\n- Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)\n + Security:\n * Fixes XSS vulnerability in handling data sources\n (bsc#1195726, CVE-2022-21702)\n * Fixes cross-origin request forgery vulnerability\n (bsc#1195727, CVE-2022-21703)\n * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713)\n- Update to Go 1.17.\n- Add build-time dependency on `wire`.\n- Update license to GNU Affero General Public License v3.0.\n- Update to version 8.3.4\n * GetUserInfo: return an error if no user was found\n (bsc#1194873, CVE-2022-21673)\n + Features and enhancements:\n * Alerting: Allow configuration of non-ready alertmanagers.\n * Alerting: Allow customization of Google chat message.\n * AppPlugins: Support app plugins with only default nav.\n * InfluxDB: query editor: skip fields in metadata queries.\n * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user\n cancels query in grafana.\n * Prometheus: Forward oauth tokens after prometheus datasource\n migration.\n + Bug fixes:\n * Azure Monitor: Bug fix for variable interpolations in metrics\n dropdowns.\n * Azure Monitor: Improved error messages for variable queries.\n * CloudMonitoring: Fixes broken variable queries that use group\n bys.\n * Configuration: You can now see your expired API keys if you\n have no active ones.\n * Elasticsearch: Fix handling multiple datalinks for a single\n field.\n * Export: Fix error being thrown when exporting dashboards\n using query variables that reference the default datasource.\n * ImportDashboard: Fixes issue with importing dashboard and\n name ending up in uid.\n * Login: Page no longer overflows on mobile.\n * Plugins: Set backend metadata property for core plugins.\n * Prometheus: Fill missing steps with null values.\n * Prometheus: Fix interpolation of $__rate_interval variable.\n * Prometheus: Interpolate variables with curly brackets syntax.\n * Prometheus: Respect the http-method data source setting.\n * Table: Fixes issue with field config applied to wrong fields\n when hiding columns.\n * Toolkit: Fix bug with rootUrls not being properly parsed when\n signing a private plugin.\n * Variables: Fix so data source variables are added to adhoc\n configuration.\n + Plugin development fixes \u0026 changes:\n * Toolkit: Revert build config so tslib is bundled with plugins\n to prevent plugins from crashing.\n- Update to version 8.3.3:\n * BarChart: Use new data error view component to show actions\n in panel edit.\n * CloudMonitor: Iterate over pageToken for resources.\n * Macaron: Prevent WriteHeader invalid HTTP status code panic.\n * AnnoListPanel: Fix interpolation of variables in tags.\n * CloudWatch: Allow queries to have no dimensions specified.\n * CloudWatch: Fix broken queries for users migrating from\n 8.2.4/8.2.5 to 8.3.0.\n * CloudWatch: Make sure MatchExact flag gets the right value.\n * Dashboards: Fix so that empty folders can be deleted from the\n manage dashboards/folders page.\n * InfluxDB: Improve handling of metadata query errors in\n InfluxQL.\n * Loki: Fix adding of ad hoc filters for queries with parser\n and line_format expressions.\n * Prometheus: Fix running of exemplar queries for non-histogram\n metrics.\n * Prometheus: Interpolate template variables in interval.\n * StateTimeline: Fix toolitp not showing when for frames with\n multiple fields.\n * TraceView: Fix virtualized scrolling when trace view is\n opened in right pane in Explore.\n * Variables: Fix repeating panels for on time range changed\n variables.\n * Variables: Fix so queryparam option works for scoped\n- Update to version 8.3.2\n + Security: Fixes CVE-2021-43813 and CVE-2021-43815.\n- Update to version 8.3.1\n + Security: Fixes CVE-2021-43798.\n- Update to version 8.3.0\n * Alerting: Prevent folders from being deleted when they\n contain alerts.\n * Alerting: Show full preview value in tooltip.\n * BarGauge: Limit title width when name is really long.\n * CloudMonitoring: Avoid to escape regexps in filters.\n * CloudWatch: Add support for AWS Metric Insights.\n * TooltipPlugin: Remove other panels\u0027 shared tooltip in edit\n panel.\n * Visualizations: Limit y label width to 40% of visualization\n width.\n * Alerting: Clear alerting rule evaluation errors after\n intermittent failures.\n * Alerting: Fix refresh on legacy Alert List panel.\n * Dashboard: Fix queries for panels with non-integer widths.\n * Explore: Fix url update inconsistency.\n * Prometheus: Fix range variables interpolation for time ranges\n smaller than 1 second.\n * ValueMappings: Fixes issue with regex value mapping that only\n sets color.\n- Update to version 8.3.0-beta2\n + Breaking changes:\n * Grafana 8 Alerting enabled by default for installations that\n do not use legacy alerting.\n * Keep Last State for \u0027If execution error or timeout\u0027 when\n upgrading to Grafana 8 alerting.\n * Alerting: Create DatasourceError alert if evaluation returns\n error.\n * Alerting: Make Unified Alerting enabled by default for those\n who do not use legacy alerting.\n * Alerting: Support mute timings configuration through the api\n for the embedded alert manager.\n * CloudWatch: Add missing AWS/Events metrics.\n * Docs: Add easier to find deprecation notices to certain data\n sources and to the changelog.\n * Plugins Catalog: Enable install controls based on the\n pluginAdminEnabled flag.\n * Table: Add space between values for the DefaultCell and\n JSONViewCell.\n * Tracing: Make query editors available in dashboard for Tempo\n and Zipkin.\n * AccessControl: Renamed orgs roles, removed fixed:orgs:reader\n introduced in beta1.\n * Azure Monitor: Add trap focus for modals in grafana/ui and\n other small a11y fixes for Azure Monitor.\n * CodeEditor: Prevent suggestions from being clipped.\n * Dashboard: Fix cache timeout persistence.\n * Datasource: Fix stable sort order of query responses.\n * Explore: Fix error in query history when removing last item.\n * Logs: Fix requesting of older logs when flipped order.\n * Prometheus: Fix running of health check query based on access\n mode.\n * TextPanel: Fix suggestions for existing panels.\n * Tracing: Fix incorrect indentations due to reoccurring\n spanIDs.\n * Tracing: Show start time of trace with milliseconds\n precision.\n * Variables: Make renamed or missing variable section\n expandable.\n * Select: Select menus now properly scroll during keyboard\n navigation.\n- Update to version 8.3.0-beta1\n * Alerting: Add UI for contact point testing with custom\n annotations and labels.\n * Alerting: Make alert state indicator in panel header work\n with Grafana 8 alerts.\n * Alerting: Option for Discord notifier to use webhook name.\n * Annotations: Deprecate AnnotationsSrv.\n * Auth: Omit all base64 paddings in JWT tokens for the JWT\n auth.\n * Azure Monitor: Clean up fields when editing Metrics.\n * AzureMonitor: Add new starter dashboards.\n * AzureMonitor: Add starter dashboard for app monitoring with\n Application Insights.\n * Barchart/Time series: Allow x axis label.\n * CLI: Improve error handling for installing plugins.\n * CloudMonitoring: Migrate to use backend plugin SDK contracts.\n * CloudWatch Logs: Add retry strategy for hitting max\n concurrent queries.\n * CloudWatch: Add AWS RoboMaker metrics and dimension.\n * CloudWatch: Add AWS Transfer metrics and dimension.\n * Dashboard: replace datasource name with a reference object.\n * Dashboards: Show logs on time series when hovering.\n * Elasticsearch: Add support for Elasticsearch 8.0 (Beta).\n * Elasticsearch: Add time zone setting to Date Histogram\n aggregation.\n * Elasticsearch: Enable full range log volume histogram.\n * Elasticsearch: Full range logs volume.\n * Explore: Allow changing the graph type.\n * Explore: Show ANSI colors when highlighting matched words in\n the logs panel.\n * Graph(old) panel: Listen to events from Time series panel.\n * Import: Load gcom dashboards from URL.\n * LibraryPanels: Improves export and import of library panels\n between orgs.\n * OAuth: Support PKCE.\n * Panel edit: Overrides now highlight correctly when searching.\n * PanelEdit: Display drag indicators on draggable sections.\n * Plugins: Refactor Plugin Management.\n * Prometheus: Add custom query parameters when creating\n PromLink url.\n * Prometheus: Remove limits on metrics, labels, and values in\n Metrics Browser.\n * StateTimeline: Share cursor with rest of the panels.\n * Tempo: Add error details when json upload fails.\n * Tempo: Add filtering for service graph query.\n * Tempo: Add links to nodes in Service Graph pointing to\n Prometheus metrics.\n * Time series/Bar chart panel: Add ability to sort series via\n legend.\n * TimeSeries: Allow multiple axes for the same unit.\n * TraceView: Allow span links defined on dataFrame.\n * Transformations: Support a rows mode in labels to fields.\n * ValueMappings: Don\u0027t apply field config defaults to time\n fields.\n * Variables: Only update panels that are impacted by variable\n change.\n * API: Fix dashboard quota limit for imports.\n * Alerting: Fix rule editor issues with Azure Monitor data\n source.\n * Azure monitor: Make sure alert rule editor is not enabled\n when template variables are being used.\n * CloudMonitoring: Fix annotation queries.\n * CodeEditor: Trigger the latest getSuggestions() passed to\n CodeEditor.\n * Dashboard: Remove the current panel from the list of options\n in the Dashboard datasource.\n * Encryption: Fix decrypting secrets in alerting migration.\n * InfluxDB: Fix corner case where index is too large in ALIAS\n * NavBar: Order App plugins alphabetically.\n * NodeGraph: Fix zooming sensitivity on touchpads.\n * Plugins: Add OAuth pass-through logic to api/ds/query\n endpoint.\n * Snapshots: Fix panel inspector for snapshot data.\n * Tempo: Fix basic auth password reset on adding tag.\n * ValueMapping: Fixes issue with regex mappings.\n * grafana/ui: Enable slider marks display.\n- Update to version 8.2.7\n- Update to version 8.2.6\n * Security: Upgrade Docker base image to Alpine 3.14.3.\n * Security: Upgrade Go to 1.17.2.\n * TimeSeries: Fix fillBelowTo wrongly affecting fills of\n unrelated series.\n- Update to version 8.2.5\n * Fix No Data behaviour in Legacy Alerting.\n * Alerting: Fix a bug where the metric in the evaluation string\n was not correctly populated.\n * Alerting: Fix no data behaviour in Legacy Alerting for alert\n rules using the AND operator.\n * CloudMonitoring: Ignore min and max aggregation in MQL\n queries.\n * Dashboards: \u0027Copy\u0027 is no longer added to new dashboard\n titles.\n * DataProxy: Fix overriding response body when response is a\n WebSocket upgrade.\n * Elasticsearch: Use field configured in query editor as field\n for date_histogram aggregations.\n * Explore: Fix running queries without a datasource property\n set.\n * InfluxDB: Fix numeric aliases in queries.\n * Plugins: Ensure consistent plugin settings list response.\n * Tempo: Fix validation of float durations.\n * Tracing: Correct tags for each span are shown.\n- Update to version 8.2.4\n + Security: Fixes CVE-2021-41244.\n- Update to version 8.2.3\n + Security: Fixes CVE-2021-41174.\n- Update to version 8.2.2\n * Annotations: We have improved tag search performance.\n * Application: You can now configure an error-template title.\n * AzureMonitor: We removed a restriction from the resource\n filter query.\n * Packaging: We removed the ProcSubset option in systemd. This\n option prevented Grafana from starting in LXC environments.\n * Prometheus: We removed the autocomplete limit for metrics.\n * Table: We improved the styling of the type icons to make them\n more distinct from column / field name.\n * ValueMappings: You can now use value mapping in stat, gauge,\n bar gauge, and pie chart visualizations.\n * Alerting: Fix panic when Slack\u0027s API sends unexpected\n response.\n * Alerting: The Create Alert button now appears on the\n dashboard panel when you are working with a default\n datasource.\n * Explore: We fixed the problem where the Explore log panel\n disappears when an Elasticsearch logs query returns no\n results.\n * Graph: You can now see annotation descriptions on hover.\n * Logs: The system now uses the JSON parser only if the line is\n parsed to an object.\n * Prometheus: We fixed the issue where the system did not reuse\n TCP connections when querying from Grafana alerting.\n * Prometheus: We fixed the problem that resulted in an error\n when a user created a query with a $__interval min step.\n * RowsToFields: We fixed the issue where the system was not\n properly interpreting number values.\n * Scale: We fixed how the system handles NaN percent when data\n min = data max.\n * Table panel: You can now create a filter that includes\n special characters.\n- Update to version 8.2.1\n * Dashboard: Fix rendering of repeating panels.\n * Datasources: Fix deletion of data source if plugin is not\n found.\n * Packaging: Remove systemcallfilters sections from systemd\n unit files.\n * Prometheus: Add Headers to HTTP client options.\n- Update to version 8.2.0\n * AWS: Updated AWS authentication documentation.\n * Alerting: Added support Alertmanager data source for upstream\n Prometheus AM implementation.\n * Alerting: Allows more characters in label names so\n notifications are sent.\n * Alerting: Get alert rules for a dashboard or a panel using\n /api/v1/rules endpoints.\n * Annotations: Improved rendering performance of event markers.\n * CloudWatch Logs: Skip caching for log queries.\n * Explore: Added an opt-in configuration for Node Graph in\n Jaeger, Zipkin, and Tempo.\n * Packaging: Add stricter systemd unit options.\n * Prometheus: Metrics browser can now handle label values with\n * CodeEditor: Ensure that we trigger the latest onSave callback\n provided to the component.\n * DashboardList/AlertList: Fix for missing All folder value.\n * Plugins: Create a mock icon component to prevent console\n errors.\n- Update to version 8.2.0-beta2\n * AccessControl: Document new permissions restricting data\n source access.\n * TimePicker: Add fiscal years and search to time picker.\n * Alerting: Added support for Unified Alerting with Grafana HA.\n * Alerting: Added support for tune rule evaluation using\n configuration options.\n * Alerting: Cleanups alertmanager namespace from key-value\n store when disabling Grafana 8 alerts.\n * Alerting: Remove ngalert feature toggle and introduce two new\n settings for enabling Grafana 8 alerts and disabling them for\n specific organisations.\n * CloudWatch: Introduced new math expression where it is\n necessary to specify the period field.\n * InfluxDB: Added support for $__interval and $__interval_ms in\n Flux queries for alerting.\n * InfluxDB: Flux queries can use more precise start and end\n timestamps with nanosecond-precision.\n * Plugins Catalog: Make the catalog the default way to interact\n with plugins.\n * Prometheus: Removed autocomplete limit for metrics.\n * Alerting: Fixed an issue where the edit page crashes if you\n tried to preview an alert without a condition set.\n * Alerting: Fixed rules migration to keep existing Grafana 8\n alert rules.\n * Alerting: Fixed the silence file content generated during\n * Analytics: Fixed an issue related to interaction event\n propagation in Azure Application Insights.\n * BarGauge: Fixed an issue where the cell color was lit even\n though there was no data.\n * BarGauge: Improved handling of streaming data.\n * CloudMonitoring: Fixed INT64 label unmarshal error.\n * ConfirmModal: Fixes confirm button focus on modal open.\n * Dashboard: Add option to generate short URL for variables\n with values containing spaces.\n * Explore: No longer hides errors containing refId property.\n * Fixed an issue that produced State timeline panel tooltip\n error when data was not in sync.\n * InfluxDB: InfluxQL query editor is set to always use\n resultFormat.\n * Loki: Fixed creating context query for logs with parsed\n labels.\n * PageToolbar: Fixed alignment of titles.\n * Plugins Catalog: Update to the list of available panels after\n an install, update or uninstall.\n * TimeSeries: Fixed an issue where the shared cursor was not\n showing when hovering over in old Graph panel.\n * Variables: Fixed issues related to change of focus or refresh\n pages when pressing enter in a text box variable input.\n * Variables: Panel no longer crash when using the adhoc\n variable in data links.\n- Update to version 8.2.0-beta1\n * AccessControl: Introduce new permissions to restrict access\n for reloading provisioning configuration.\n * Alerting: Add UI to edit Cortex/Loki namespace, group names,\n and group evaluation interval.\n * Alerting: Add a Test button to test contact point.\n * Alerting: Allow creating/editing recording rules for Loki and\n Cortex.\n * Alerting: Metrics should have the label org instead of user.\n * Alerting: Sort notification channels by name to make them\n easier to locate.\n * Alerting: Support org level isolation of notification\n * AzureMonitor: Add data links to deep link to Azure Portal\n Azure Resource Graph.\n * AzureMonitor: Add support for annotations from Azure Monitor\n Metrics and Azure Resource Graph services.\n * AzureMonitor: Show error message when subscriptions request\n fails in ConfigEditor.\n * Chore: Update to Golang 1.16.7.\n * CloudWatch Logs: Add link to X-Ray data source for trace IDs\n in logs.\n * CloudWatch Logs: Disable query path using websockets (Live)\n feature.\n * CloudWatch/Logs: Don\u0027t group dataframes for non time series\n * Cloudwatch: Migrate queries that use multiple stats to one\n query per stat.\n * Dashboard: Keep live timeseries moving left (v2).\n * Datasources: Introduce response_limit for datasource\n responses.\n * Explore: Add filter by trace or span ID to trace to logs\n * Explore: Download traces as JSON in Explore Inspector.\n * Explore: Reuse Dashboard\u0027s QueryRows component.\n * Explore: Support custom display label for derived fields\n buttons for Loki datasource.\n * Grafana UI: Update monaco-related dependencies.\n * Graphite: Deprecate browser access mode.\n * InfluxDB: Improve handling of intervals in alerting.\n * InfluxDB: InfluxQL query editor: Handle unusual characters in\n tag values better.\n * Jaeger: Add ability to upload JSON file for trace data.\n * LibraryElements: Enable specifying UID for new and existing\n library elements.\n * LibraryPanels: Remove library panel icon from the panel\n header so you can no longer tell that a panel is a library\n panel from the dashboard view.\n * Logs panel: Scroll to the bottom on page refresh when sorting\n in ascending order.\n * Loki: Add fuzzy search to label browser.\n * Navigation: Implement active state for items in the Sidemenu.\n * Packaging: Update PID file location from /var/run to /run.\n * Plugins: Add Hide OAuth Forward config option.\n * Postgres/MySQL/MSSQL: Add setting to limit the maximum number\n of rows processed.\n * Prometheus: Add browser access mode deprecation warning.\n * Prometheus: Add interpolation for built-in-time variables to\n backend.\n * Tempo: Add ability to upload trace data in JSON format.\n * TimeSeries/XYChart: Allow grid lines visibility control in\n XYChart and TimeSeries panels.\n * Transformations: Convert field types to time string number or\n boolean.\n * Value mappings: Add regular-expression based value mapping.\n * Zipkin: Add ability to upload trace JSON.\n * Admin: Prevent user from deleting user\u0027s current/active\n organization.\n * LibraryPanels: Fix library panel getting saved in the\n dashboard\u0027s folder.\n * OAuth: Make generic teams URL and JMES path configurable.\n * QueryEditor: Fix broken copy-paste for mouse middle-click\n * Thresholds: Fix undefined color in \u0027Add threshold\u0027.\n * Timeseries: Add wide-to-long, and fix multi-frame output.\n * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip\n is set to All.\n * Grafana UI: Fix TS error property css is missing in type.\n- Update to version 8.1.8\n- Update to version 8.1.7\n * Alerting: Fix alerts with evaluation interval more than 30\n seconds resolving before notification.\n * Elasticsearch/Prometheus: Fix usage of proper SigV4 service\n namespace.\n- Update to version 8.1.6\n + Security: Fixes CVE-2021-39226.\n- Update to version 8.1.5\n * BarChart: Fixes panel error that happens on second refresh.\n- Update to version 8.1.4\n + Features and enhancements\n * Explore: Ensure logs volume bar colors match legend colors.\n * LDAP: Search all DNs for users.\n * Alerting: Fix notification channel migration.\n * Annotations: Fix blank panels for queries with unknown data\n sources.\n * BarChart: Fix stale values and x axis labels.\n * Graph: Make old graph panel thresholds work even if ngalert\n is enabled.\n * InfluxDB: Fix regex to identify / as separator.\n * LibraryPanels: Fix update issues related to library panels in\n rows.\n * Variables: Fix variables not updating inside a Panel when the\n preceding Row uses \u0027Repeat For\u0027.\n- Update to version 8.1.3\n + Bug fixes\n * Alerting: Fix alert flapping in the internal alertmanager.\n * Alerting: Fix request handler failed to convert dataframe\n \u0027results\u0027 to plugins.DataTimeSeriesSlice: input frame is not\n recognized as a time series.\n * Dashboard: Fix UIDs are not preserved when importing/creating\n dashboards thru importing .json file.\n * Dashboard: Forces panel re-render when exiting panel edit.\n * Dashboard: Prevent folder from changing when navigating to\n general settings.\n * Docker: Force use of libcrypto1.1 and libssl1.1 versions to\n fix CVE-2021-3711.\n * Elasticsearch: Fix metric names for alert queries.\n * Elasticsearch: Limit Histogram field parameter to numeric\n values.\n * Elasticsearch: Prevent pipeline aggregations to show up in\n terms order by options.\n * LibraryPanels: Prevent duplicate repeated panels from being\n created.\n * Loki: Fix ad-hoc filter in dashboard when used with parser.\n * Plugins: Track signed files + add warn log for plugin assets\n which are not signed.\n * Postgres/MySQL/MSSQL: Fix region annotations not displayed\n correctly.\n * Prometheus: Fix validate selector in metrics browser.\n * Security: Fix stylesheet injection vulnerability.\n * Security: Fix short URL vulnerability.\n- Update to version 8.1.2\n * AzureMonitor: Add support for PostgreSQL and MySQL Flexible\n Servers.\n * Datasource: Change HTTP status code for failed datasource\n health check to 400.\n * Explore: Add span duration to left panel in trace viewer.\n * Plugins: Use file extension allowlist when serving plugin\n assets instead of checking for UNIX executable.\n * Profiling: Add support for binding pprof server to custom\n network interfaces.\n * Search: Make search icon keyboard navigable.\n * Template variables: Keyboard navigation improvements.\n * Tooltip: Display ms within minute time range.\n * Alerting: Fix saving LINE contact point.\n * Annotations: Fix alerting annotation coloring.\n * Annotations: Alert annotations are now visible in the correct\n Panel.\n * Auth: Hide SigV4 config UI and disable middleware when its\n config flag is disabled.\n * Dashboard: Prevent incorrect panel layout by comparing window\n width against theme breakpoints.\n * Explore: Fix showing of full log context.\n * PanelEdit: Fix \u0027Actual\u0027 size by passing the correct panel\n size to Dashboard.\n * Plugins: Fix TLS datasource settings.\n * Variables: Fix issue with empty drop downs on navigation.\n * Variables: Fix URL util converting false into true.\n * Toolkit: Fix matchMedia not found error.\n- Update to version 8.1.1\n * CloudWatch Logs: Fix crash when no region is selected.\n- Update to version 8.1.0\n * Alerting: Deduplicate receivers during migration.\n * ColorPicker: Display colors as RGBA.\n * Select: Make portalling the menu opt-in, but opt-in\n everywhere.\n * TimeRangePicker: Improve accessibility.\n * Annotations: Correct annotations that are displayed upon page\n refresh.\n * Annotations: Fix Enabled button that disappeared from Grafana\n v8.0.6.\n * Annotations: Fix data source template variable that was not\n available for annotations.\n * AzureMonitor: Fix annotations query editor that does not\n load.\n * Geomap: Fix scale calculations.\n * GraphNG: Fix y-axis autosizing.\n * Live: Display stream rate and fix duplicate channels in list\n * Loki: Update labels in log browser when time range changes in\n dashboard.\n * NGAlert: Send resolve signal to alertmanager on alerting -\u003e\n Normal.\n * PasswordField: Prevent a password from being displayed when\n you click the Enter button.\n * Renderer: Remove debug.log file when Grafana is stopped.\n * Security: Update dependencies to fix CVE-2021-36222.\n- Update to version 8.1.0-beta3\n * Alerting: Support label matcher syntax in alert rule list\n filter.\n * IconButton: Put tooltip text as aria-label.\n * Live: Experimental HA with Redis.\n * UI: FileDropzone component.\n * CloudWatch: Add AWS LookoutMetrics.\n * Docker: Fix builds by delaying go mod verify until all\n required files are copied over.\n * Exemplars: Fix disable exemplars only on the query that\n failed.\n * SQL: Fix SQL dataframe resampling (fill mode + time\n intervals).\n- Update to version 8.1.0-beta2\n * Alerting: Expand the value string in alert annotations and\n * Auth: Add Azure HTTP authentication middleware.\n * Auth: Auth: Pass user role when using the authentication\n proxy.\n * Gazetteer: Update countries.json file to allow for linking to\n 3-letter country codes.\n * Config: Fix Docker builds by correcting formatting in\n sample.ini.\n * Explore: Fix encoding of internal URLs.\n- Update to version 8.1.0-beta1\n * Alerting: Add Alertmanager notifications tab.\n * Alerting: Add button to deactivate current Alertmanager\n * Alerting: Add toggle in Loki/Prometheus data source\n configuration to opt out of alerting UI.\n * Alerting: Allow any \u0027evaluate for\u0027 value \u003e=0 in the alert\n rule form.\n * Alerting: Load default configuration from status endpoint, if\n Cortex Alertmanager returns empty user configuration. \n * Alerting: view to display alert rule and its underlying data.\n * Annotation panel: Release the annotation panel.\n * Annotations: Add typeahead support for tags in built-in\n annotations.\n * AzureMonitor: Add curated dashboards for Azure services.\n * AzureMonitor: Add support for deep links to Microsoft Azure\n portal for Metrics.\n * AzureMonitor: Remove support for different credentials for\n Azure Monitor Logs.\n * AzureMonitor: Support querying any Resource for Logs queries.\n * Elasticsearch: Add frozen indices search support.\n * Elasticsearch: Name fields after template variables values\n instead of their name.\n * Elasticsearch: add rate aggregation.\n * Email: Allow configuration of content types for email\n notifications.\n * Explore: Add more meta information when line limit is hit.\n * Explore: UI improvements to trace view.\n * FieldOverrides: Added support to change display name in an\n override field and have it be matched by a later rule.\n * HTTP Client: Introduce dataproxy_max_idle_connections config\n variable.\n * InfluxDB: InfluxQL: adds tags to timeseries data.\n * InfluxDB: InfluxQL: make measurement search case insensitive.\n Legacy Alerting: Replace simplejson with a struct in webhook\n notification channel.\n * Legend: Updates display name for Last (not null) to just\n Last*.\n * Logs panel: Add option to show common labels.\n * Loki: Add $__range variable.\n * Loki: Add support for \u0027label_values(log stream selector,\n label)\u0027 in templating.\n * Loki: Add support for ad-hoc filtering in dashboard.\n * MySQL Datasource: Add timezone parameter.\n * NodeGraph: Show gradient fields in legend.\n * PanelOptions: Don\u0027t mutate panel options/field config object\n when updating.\n * PieChart: Make pie gradient more subtle to match other\n charts.\n * Prometheus: Update PromQL typeahead and highlighting.\n * Prometheus: interpolate variable for step field.\n * Provisioning: Improve validation by validating across all\n dashboard providers.\n * SQL Datasources: Allow multiple string/labels columns with\n time series.\n * Select: Portal select menu to document.body.\n * Team Sync: Add group mapping to support team sync in the\n Generic OAuth provider.\n * Tooltip: Make active series more noticeable.\n * Tracing: Add support to configure trace to logs start and end\n time.\n * Transformations: Skip merge when there is only a single data\n frame.\n * ValueMapping: Added support for mapping text to color,\n boolean values, NaN and Null. Improved UI for value mapping.\n * Visualizations: Dynamically set any config (min, max, unit,\n color, thresholds) from query results.\n * live: Add support to handle origin without a value for the\n port when matching with root_url.\n * Alerting: Handle marshaling Inf values.\n * AzureMonitor: Fix macro resolution for template variables.\n * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes\n resources.\n * AzureMonitor: Request and concat subsequent resource pages.\n * Bug: Fix parse duration for day.\n * Datasources: Improve error handling for error messages.\n * Explore: Correct the functionality of shift-enter shortcut\n across all uses.\n * Explore: Show all dataFrames in data tab in Inspector.\n * GraphNG: Fix Tooltip mode \u0027All\u0027 for XYChart.\n * Loki: Fix highlight of logs when using filter expressions\n with backticks.\n * Modal: Force modal content to overflow with scroll.\n * Plugins: Ignore symlinked folders when verifying plugin\n signature.\n * Toolkit: Improve error messages when tasks fail.\n- Update to version 8.0.7\n- Update to version 8.0.6\n * Alerting: Add annotation upon alert state change.\n * Alerting: Allow space in label and annotation names.\n * InfluxDB: Improve legend labels for InfluxDB query results.\n * Alerting: Fix improper alert by changing the handling of\n empty labels.\n * CloudWatch/Logs: Reestablish Cloud Watch alert behavior.\n * Dashboard: Avoid migration breaking on fieldConfig without\n defaults field in folded panel.\n * DashboardList: Fix issue not re-fetching dashboard list after\n variable change.\n * Database: Fix incorrect format of isolation level\n configuration parameter for MySQL.\n * InfluxDB: Correct tag filtering on InfluxDB data.\n * Links: Fix links that caused a full page reload.\n * Live: Fix HTTP error when InfluxDB metrics have an incomplete\n or asymmetrical field set.\n * Postgres/MySQL/MSSQL: Change time field to \u0027Time\u0027 for time\n series queries.\n * Postgres: Fix the handling of a null return value in query\n * Tempo: Show hex strings instead of uints for IDs.\n * TimeSeries: Improve tooltip positioning when tooltip\n overflows.\n * Transformations: Add \u0027prepare time series\u0027 transformer.\n- Update to version 8.0.5\n * Cloudwatch Logs: Send error down to client.\n * Folders: Return 409 Conflict status when folder already\n exists.\n * TimeSeries: Do not show series in tooltip if it\u0027s hidden in\n the viz.\n * AzureMonitor: Fix issue where resource group name is missing\n on the resource picker button.\n * Chore: Fix AWS auth assuming role with workspace IAM.\n * DashboardQueryRunner: Fixes unrestrained subscriptions being\n * DateFormats: Fix reading correct setting key for\n use_browser_locale.\n * Links: Fix links to other apps outside Grafana when under sub\n path.\n * Snapshots: Fix snapshot absolute time range issue.\n * Table: Fix data link color.\n * Time Series: Fix X-axis time format when tick increment is\n larger than a year.\n * Tooltip Plugin: Prevent tooltip render if field is undefined.\n- Update to version 8.0.4\n * Live: Rely on app url for origin check.\n * PieChart: Sort legend descending, update placeholder.\n * TimeSeries panel: Do not reinitialize plot when thresholds\n mode change.\n * Elasticsearch: Allow case sensitive custom options in\n date_histogram interval.\n * Elasticsearch: Restore previous field naming strategy when\n using variables.\n * Explore: Fix import of queries between SQL data sources.\n * InfluxDB: InfluxQL query editor: fix retention policy\n handling.\n * Loki: Send correct time range in template variable queries.\n * TimeSeries: Preserve RegExp series overrides when migrating\n from old graph panel.\n- Update to version 8.0.3\n * Alerting: Increase alertmanager_conf column if MySQL.\n * Time series/Bar chart panel: Handle infinite numbers as nulls\n when converting to plot array.\n * TimeSeries: Ensure series overrides that contain color are\n migrated, and migrate the previous fieldConfig when changing\n the panel type.\n * ValueMappings: Improve singlestat value mappings migration.\n * Annotations: Fix annotation line and marker colors.\n * AzureMonitor: Fix KQL template variable queries without\n default workspace.\n * CloudWatch/Logs: Fix missing response data for log queries.\n * LibraryPanels: Fix crash in library panels list when panel\n plugin is not found.\n * LogsPanel: Fix performance drop when moving logs panel in\n * Loki: Parse log levels when ANSI coloring is enabled.\n * MSSQL: Fix issue with hidden queries still being executed.\n * PanelEdit: Display the VisualizationPicker that was not\n displayed if a panel has an unknown panel plugin.\n * Plugins: Fix loading symbolically linked plugins.\n * Prometheus: Fix issue where legend name was replaced with\n name Value in stat and gauge panels.\n * State Timeline: Fix crash when hovering over panel.\n- Update to version 8.0.2\n * Datasource: Add support for max_conns_per_host in dataproxy\n settings.\n * Configuration: Fix changing org preferences in FireFox.\n * PieChart: Fix legend dimension limits.\n * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.\n * Variables: Hide default data source if missing from regex.\n- Update to version 8.0.1\n * Alerting/SSE: Fix \u0027count_non_null\u0027 reducer validation.\n * Cloudwatch: Fix duplicated time series.\n * Cloudwatch: Fix missing defaultRegion.\n * Dashboard: Fix Dashboard init failed error on dashboards with\n old singlestat panels in collapsed rows.\n * Datasource: Fix storing timeout option as numeric.\n * Postgres/MySQL/MSSQL: Fix annotation parsing for empty\n * Postgres/MySQL/MSSQL: Numeric/non-string values are now\n returned from query variables.\n * Postgres: Fix an error that was thrown when the annotation\n query did not return any results.\n * StatPanel: Fix an issue with the appearance of the graph when\n switching color mode.\n * Visualizations: Fix an issue in the\n Stat/BarGauge/Gauge/PieChart panels where all values mode\n were showing the same name if they had the same value.\n * Toolkit: Resolve external fonts when Grafana is served from a\n sub path.\n- Update to version 8.0.0\n * The following endpoints were deprecated for Grafana v5.0 and\n support for them has now been removed:\n GET /dashboards/db/:slug\n GET /dashboard-solo/db/:slug\n GET /api/dashboard/db/:slug\n DELETE /api/dashboards/db/:slug\n * AzureMonitor: Require default subscription for workspaces()\n template variable query.\n * AzureMonitor: Use resource type display names in the UI.\n * Dashboard: Remove support for loading and deleting dashboard\n by slug.\n * InfluxDB: Deprecate direct browser access in data source.\n * VizLegend: Add a read-only property.\n * AzureMonitor: Fix Azure Resource Graph queries in Azure\n China.\n * Checkbox: Fix vertical layout issue with checkboxes due to\n fixed height.\n * Dashboard: Fix Table view when editing causes the panel data\n to not update.\n * Dashboard: Fix issues where unsaved-changes warning is not\n displayed.\n * Login: Fixes Unauthorized message showing when on login page\n or snapshot page.\n * NodeGraph: Fix sorting markers in grid view.\n * Short URL: Include orgId in generated short URLs.\n * Variables: Support raw values of boolean type.\n- Update to version 8.0.0-beta3\n * The default HTTP method for Prometheus data source is now\n POST.\n * API: Support folder UID in dashboards API.\n * Alerting: Add support for configuring avatar URL for the\n Discord notifier.\n * Alerting: Clarify that Threema Gateway Alerts support only\n Basic IDs.\n * Azure: Expose Azure settings to external plugins.\n * AzureMonitor: Deprecate using separate credentials for Azure\n Monitor Logs.\n * AzureMonitor: Display variables in resource picker for Azure\n * AzureMonitor: Hide application insights for data sources not\n using it.\n * AzureMonitor: Support querying subscriptions and resource\n groups in Azure Monitor Logs.\n * AzureMonitor: remove requirement for default subscription.\n * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.\n * CloudWatch: Add missing AWS AppSync metrics.\n * ConfirmModal: Auto focus delete button.\n * Explore: Add caching for queries that are run from logs\n * Loki: Add formatting for annotations.\n * Loki: Bring back processed bytes as meta information.\n * NodeGraph: Display node graph collapsed by default with trace\n view.\n * Overrides: Include a manual override option to hide something\n from visualization.\n * PieChart: Support row data in pie charts.\n * Prometheus: Update default HTTP method to POST for existing\n data sources.\n * Time series panel: Position tooltip correctly when window is\n scrolled or resized.\n * Admin: Fix infinite loading edit on the profile page.\n * Color: Fix issues with random colors in string and date\n * Dashboard: Fix issue with title or folder change has no\n effect after exiting settings view.\n * DataLinks: Fix an issue __series.name is not working in data\n link.\n * Datasource: Fix dataproxy timeout should always be applied\n for outgoing data source HTTP requests.\n * Elasticsearch: Fix NewClient not passing httpClientProvider\n to client impl.\n * Explore: Fix Browser title not updated on Navigation to\n Explore.\n * GraphNG: Remove fieldName and hideInLegend properties from\n UPlotSeriesBuilder.\n * OAuth: Fix fallback to auto_assign_org_role setting for Azure\n AD OAuth when no role claims exists.\n * PanelChrome: Fix issue with empty panel after adding a non\n data panel and coming back from panel edit.\n * StatPanel: Fix data link tooltip not showing for single\n value.\n * Table: Fix sorting for number fields.\n * Table: Have text underline for datalink, and add support for\n image datalink.\n * Transformations: Prevent FilterByValue transform from\n crashing panel edit.\n- Update to version 8.0.0-beta2\n * AppPlugins: Expose react-router to apps.\n * AzureMonitor: Add Azure Resource Graph.\n * AzureMonitor: Managed Identity configuration UI.\n * AzureMonitor: Token provider with support for Managed\n Identities.\n * AzureMonitor: Update Logs workspace() template variable query\n to return resource URIs.\n * BarChart: Value label sizing.\n * CloudMonitoring: Add support for preprocessing.\n * CloudWatch: Add AWS/EFS StorageBytes metric.\n * CloudWatch: Allow use of missing AWS namespaces using custom\n * Datasource: Shared HTTP client provider for core backend data\n sources and any data source using the data source proxy.\n * InfluxDB: InfluxQL: allow empty tag values in the query\n editor.\n * Instrumentation: Instrument incoming HTTP request with\n histograms by default.\n * Library Panels: Add name endpoint \u0026 unique name validation to\n AddLibraryPanelModal.\n * Logs panel: Support details view.\n * PieChart: Always show the calculation options dropdown in the\n * PieChart: Remove beta flag.\n * Plugins: Enforce signing for all plugins.\n * Plugins: Remove support for deprecated backend plugin\n protocol version.\n * Tempo/Jaeger: Add better display name to legend.\n * Timeline: Add time range zoom.\n * Timeline: Adds opacity \u0026 line width option.\n * Timeline: Value text alignment option.\n * ValueMappings: Add duplicate action, and disable dismiss on\n backdrop click.\n * Zipkin: Add node graph view to trace response.\n * Annotations panel: Remove subpath from dashboard links.\n * Content Security Policy: Allow all image sources by default.\n * Content Security Policy: Relax default template wrt. loading\n of scripts, due to nonces not working.\n * Datasource: Fix tracing propagation for alert execution by\n introducing HTTP client outgoing tracing middleware.\n * InfluxDB: InfluxQL always apply time interval end.\n * Library Panels: Fixes \u0027error while loading library panels\u0027.\n * NewsPanel: Fixes rendering issue in Safari.\n * PanelChrome: Fix queries being issued again when scrolling in\n and out of view.\n * Plugins: Fix Azure token provider cache panic and auth param\n nil value.\n * Snapshots: Fix key and deleteKey being ignored when creating\n an external snapshot.\n * Table: Fix issue with cell border not showing with colored\n background cells.\n * Table: Makes tooltip scrollable for long JSON values.\n * TimeSeries: Fix for Connected null values threshold toggle\n during panel editing.\n * Variables: Fixes inconsistent selected states on dashboard\n * Variables: Refreshes all panels even if panel is full screen.\n * QueryField: Remove carriage return character from pasted text.\n- Update to version 8.0.0-beta1\n + License update:\n * AGPL License: Update license from Apache 2.0 to the GNU\n Affero General Public License (AGPL).\n * Removes the never refresh option for Query variables.\n * Removes the experimental Tags feature for Variables.\n + Deprecations:\n * The InfoBox \u0026 FeatureInfoBox are now deprecated please use\n the Alert component instead with severity info.\n * API: Add org users with pagination.\n * API: Return 404 when deleting nonexistent API key.\n * API: Return query results as JSON rather than base64 encoded\n Arrow.\n * Alerting: Allow sending notification tags to Opsgenie as\n extra properties.\n * Alerts: Replaces all uses of InfoBox \u0026 FeatureInfoBox with\n Alert.\n * Auth: Add support for JWT Authentication.\n * AzureMonitor: Add support for\n Microsoft.SignalRService/SignalR metrics.\n * AzureMonitor: Azure settings in Grafana server config.\n * AzureMonitor: Migrate Metrics query editor to React.\n * BarChart panel: enable series toggling via legend.\n * BarChart panel: Adds support for Tooltip in BarChartPanel.\n * PieChart panel: Change look of highlighted pie slices.\n * CloudMonitoring: Migrate config editor from angular to react.\n * CloudWatch: Add Amplify Console metrics and dimensions.\n * CloudWatch: Add missing Redshift metrics to CloudWatch data\n * CloudWatch: Add metrics for managed RabbitMQ service.\n * DashboardList: Enable templating on search tag input.\n * Datasource config: correctly remove single custom http\n header.\n * Elasticsearch: Add generic support for template variables.\n * Elasticsearch: Allow omitting field when metric supports\n inline script.\n * Elasticsearch: Allow setting a custom limit for log queries.\n * Elasticsearch: Guess field type from first non-empty value.\n * Elasticsearch: Use application/x-ndjson content type for\n multisearch requests.\n * Elasticsearch: Use semver strings to identify ES version.\n * Explore: Add logs navigation to request more logs.\n * Explore: Map Graphite queries to Loki.\n * Explore: Scroll split panes in Explore independently.\n * Explore: Wrap each panel in separate error boundary.\n * FieldDisplay: Smarter naming of stat values when visualising\n row values (all values) in stat panels.\n * Graphite: Expand metric names for variables.\n * Graphite: Handle unknown Graphite functions without breaking\n the visual editor.\n * Graphite: Show graphite functions descriptions.\n * Graphite: Support request cancellation properly (Uses new\n backendSrv.fetch Observable request API).\n * InfluxDB: Flux: Improve handling of complex\n response-structures.\n * InfluxDB: Support region annotations.\n * Inspector: Download logs for manual processing.\n * Jaeger: Add node graph view for trace.\n * Jaeger: Search traces.\n * Loki: Use data source settings for alerting queries.\n * NodeGraph: Exploration mode.\n * OAuth: Add support for empty scopes.\n * PanelChrome: New logic-less emotion based component with no\n dependency on PanelModel or DashboardModel.\n * PanelEdit: Adds a table view toggle to quickly view data in\n table form.\n * PanelEdit: Highlight matched words when searching options.\n * PanelEdit: UX improvements.\n * Plugins: PanelRenderer and simplified QueryRunner to be used\n from plugins.\n * Plugins: AuthType in route configuration and params\n interpolation.\n * Plugins: Enable plugin runtime install/uninstall\n capabilities.\n * Plugins: Support set body content in plugin routes.\n * Plugins: Introduce marketplace app.\n * Plugins: Moving the DataSourcePicker to grafana/runtime so it\n can be reused in plugins.\n * Prometheus: Add custom query params for alert and exemplars\n * Prometheus: Use fuzzy string matching to autocomplete metric\n names and label.\n * Routing: Replace Angular routing with react-router.\n * Slack: Use chat.postMessage API by default.\n * Tempo: Search for Traces by querying Loki directly from\n Tempo.\n * Tempo: Show graph view of the trace.\n * Themes: Switch theme without reload using global shortcut.\n * TimeSeries panel: Add support for shared cursor.\n * TimeSeries panel: Do not crash the panel if there is no time\n series data in the response.\n * Variables: Do not save repeated panels, rows and scopedVars.\n * Variables: Removes experimental Tags feature.\n * Variables: Removes the never refresh option.\n * Visualizations: Unify tooltip options across visualizations.\n * Visualizations: Refactor and unify option creation between\n new visualizations.\n * Visualizations: Remove singlestat panel.\n * APIKeys: Fixes issue with adding first api key.\n * Alerting: Add checks for non supported units - disable\n defaulting to seconds.\n * Alerting: Fix issue where Slack notifications won\u0027t link to\n user IDs.\n * Alerting: Omit empty message in PagerDuty notifier.\n * AzureMonitor: Fix migration error from older versions of App\n Insights queries.\n * CloudWatch: Fix AWS/Connect dimensions.\n * CloudWatch: Fix broken AWS/MediaTailor dimension name.\n * Dashboards: Allow string manipulation as advanced variable\n format option.\n * DataLinks: Includes harmless extended characters like\n Cyrillic characters.\n * Drawer: Fixes title overflowing its container.\n * Explore: Fix issue when some query errors were not shown.\n * Generic OAuth: Prevent adding duplicated users.\n * Graphite: Handle invalid annotations.\n * Graphite: Fix autocomplete when tags are not available.\n * InfluxDB: Fix Cannot read property \u0027length\u0027 of undefined in\n when parsing response.\n * Instrumentation: Enable tracing when Jaeger host and port are\n * Instrumentation: Prefix metrics with grafana.\n * MSSQL: By default let driver choose port.\n * OAuth: Add optional strict parsing of role_attribute_path.\n * Panel: Fixes description markdown with inline code being\n rendered on newlines and full width.\n * PanelChrome: Ignore data updates \u0026 errors for non data\n panels.\n * Permissions: Fix inherited folder permissions can prevent new\n permissions being added to a dashboard.\n * Plugins: Remove pre-existing plugin installs when installing\n with grafana-cli.\n * Plugins: Support installing to folders with whitespace and\n fix pluginUrl trailing and leading whitespace failures.\n * Postgres/MySQL/MSSQL: Don\u0027t return connection failure details\n to the client.\n * Postgres: Fix ms precision of interval in time group macro\n when TimescaleDB is enabled.\n * Provisioning: Use dashboard checksum field as change\n indicator.\n * SQL: Fix so that all captured errors are returned from sql\n engine.\n * Shortcuts: Fixes panel shortcuts so they always work.\n * Table: Fixes so border is visible for cells with links.\n * Variables: Clear query when data source type changes.\n * Variables: Filters out builtin variables from unknown list.\n * Button: Introduce buttonStyle prop.\n * DataQueryRequest: Remove deprecated props showingGraph and\n showingTabel and exploreMode.\n * grafana/ui: Update React Hook Form to v7.\n * IconButton: Introduce variant for red and blue icon buttons.\n * Plugins: Expose the getTimeZone function to be able to get\n the current selected timeZone.\n * TagsInput: Add className to TagsInput.\n * VizLegend: Move onSeriesColorChanged to PanelContext\n (breaking change).\n- Update to version 7.5.13\n * Alerting: Fix NoDataFound for alert rules using AND operator.\n\nmgr-cfg:\n\n- Version 4.2.8-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15 (bsc#1197579)\n- Version 4.2.7-1\n * Fix installation problem for SLE15SP4 due missing python-selinux\n\nmgr-osad:\n\n- Version 4.2.8-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nmgr-push:\n\n- Version 4.2.5-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nmgr-virtualization:\n\n- Version 4.2.4-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nprometheus-postgres_exporter:\n\n- Version 0.10.0\n * Added hardening to systemd service(s) with changes to `prometheus-postgres_exporter.service` (bsc#1181400)\n * Package rename from golang-github-wrouesnel-postgres_exporter (jsc#SLE-23051)\n\nrhnlib:\n\n- Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nspacecmd:\n\n- Version 4.2.16-1\n * implement system.bootstrap (bsc#1194909)\n * Fix interactive mode for \u0027system_applyerrata\u0027 and \u0027errata_apply\u0027 (bsc#1194363)\n\nspacewalk-client-tools:\n\n- Version 4.2.18-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n- Version 4.2.17-1\n * Update translation strings\n\nspacewalk-koan:\n\n- Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nspacewalk-oscap:\n\n- Version 4.2.4-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nsuseRegisterInfo:\n\n- Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1396,SUSE-SLE-Manager-Tools-15-2022-1396,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1396,openSUSE-SLE-15.3-2022-1396,openSUSE-SLE-15.4-2022-1396",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1396-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1396-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221396-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1396-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010822.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181400",
"url": "https://bugzilla.suse.com/1181400"
},
{
"category": "self",
"summary": "SUSE Bug 1194363",
"url": "https://bugzilla.suse.com/1194363"
},
{
"category": "self",
"summary": "SUSE Bug 1194873",
"url": "https://bugzilla.suse.com/1194873"
},
{
"category": "self",
"summary": "SUSE Bug 1194909",
"url": "https://bugzilla.suse.com/1194909"
},
{
"category": "self",
"summary": "SUSE Bug 1195726",
"url": "https://bugzilla.suse.com/1195726"
},
{
"category": "self",
"summary": "SUSE Bug 1195727",
"url": "https://bugzilla.suse.com/1195727"
},
{
"category": "self",
"summary": "SUSE Bug 1195728",
"url": "https://bugzilla.suse.com/1195728"
},
{
"category": "self",
"summary": "SUSE Bug 1197579",
"url": "https://bugzilla.suse.com/1197579"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36222 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3711 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39226 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41174 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41244 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43798 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43813 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43815 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21713/"
}
],
"title": "Security update for SUSE Manager Client Tools",
"tracking": {
"current_release_date": "2022-04-25T14:43:36Z",
"generator": {
"date": "2022-04-25T14:43:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1396-1",
"initial_release_date": "2022-04-25T14:43:36Z",
"revision_history": [
{
"date": "2022-04-25T14:43:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.3.5-150000.1.30.1.aarch64",
"product": {
"name": "grafana-8.3.5-150000.1.30.1.aarch64",
"product_id": "grafana-8.3.5-150000.1.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"product": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"product_id": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.2.3-150000.1.6.1.aarch64",
"product": {
"name": "uyuni-base-common-4.2.3-150000.1.6.1.aarch64",
"product_id": "uyuni-base-common-4.2.3-150000.1.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.2.3-150000.1.6.1.aarch64",
"product": {
"name": "uyuni-base-proxy-4.2.3-150000.1.6.1.aarch64",
"product_id": "uyuni-base-proxy-4.2.3-150000.1.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.2.3-150000.1.6.1.aarch64",
"product": {
"name": "uyuni-base-server-4.2.3-150000.1.6.1.aarch64",
"product_id": "uyuni-base-server-4.2.3-150000.1.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "wire-0.5.0-150000.1.3.1.aarch64",
"product": {
"name": "wire-0.5.0-150000.1.3.1.aarch64",
"product_id": "wire-0.5.0-150000.1.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.3.5-150000.1.30.1.i586",
"product": {
"name": "grafana-8.3.5-150000.1.30.1.i586",
"product_id": "grafana-8.3.5-150000.1.30.1.i586"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.i586",
"product": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.i586",
"product_id": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.i586"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.2.3-150000.1.6.1.i586",
"product": {
"name": "uyuni-base-common-4.2.3-150000.1.6.1.i586",
"product_id": "uyuni-base-common-4.2.3-150000.1.6.1.i586"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.2.3-150000.1.6.1.i586",
"product": {
"name": "uyuni-base-proxy-4.2.3-150000.1.6.1.i586",
"product_id": "uyuni-base-proxy-4.2.3-150000.1.6.1.i586"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.2.3-150000.1.6.1.i586",
"product": {
"name": "uyuni-base-server-4.2.3-150000.1.6.1.i586",
"product_id": "uyuni-base-server-4.2.3-150000.1.6.1.i586"
}
},
{
"category": "product_version",
"name": "wire-0.5.0-150000.1.3.1.i586",
"product": {
"name": "wire-0.5.0-150000.1.3.1.i586",
"product_id": "wire-0.5.0-150000.1.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "mgr-cfg-4.2.8-150000.1.24.1.noarch",
"product": {
"name": "mgr-cfg-4.2.8-150000.1.24.1.noarch",
"product_id": "mgr-cfg-4.2.8-150000.1.24.1.noarch"
}
},
{
"category": "product_version",
"name": "mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"product": {
"name": "mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"product_id": "mgr-cfg-actions-4.2.8-150000.1.24.1.noarch"
}
},
{
"category": "product_version",
"name": "mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"product": {
"name": "mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"product_id": "mgr-cfg-client-4.2.8-150000.1.24.1.noarch"
}
},
{
"category": "product_version",
"name": "mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"product": {
"name": "mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"product_id": "mgr-cfg-management-4.2.8-150000.1.24.1.noarch"
}
},
{
"category": "product_version",
"name": "mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch",
"product": {
"name": "mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch",
"product_id": "mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch"
}
},
{
"category": "product_version",
"name": "mgr-osad-4.2.8-150000.1.36.1.noarch",
"product": {
"name": "mgr-osad-4.2.8-150000.1.36.1.noarch",
"product_id": "mgr-osad-4.2.8-150000.1.36.1.noarch"
}
},
{
"category": "product_version",
"name": "mgr-push-4.2.5-150000.1.18.2.noarch",
"product": {
"name": "mgr-push-4.2.5-150000.1.18.2.noarch",
"product_id": "mgr-push-4.2.5-150000.1.18.2.noarch"
}
},
{
"category": "product_version",
"name": "mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"product": {
"name": "mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"product_id": "mgr-virtualization-host-4.2.4-150000.1.26.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"product": {
"name": "python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"product_id": "python3-mgr-cfg-4.2.8-150000.1.24.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"product": {
"name": "python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"product_id": "python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"product": {
"name": "python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"product_id": "python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"product": {
"name": "python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"product_id": "python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"product": {
"name": "python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"product_id": "python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch",
"product": {
"name": "python3-mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch",
"product_id": "python3-mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"product": {
"name": "python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"product_id": "python3-mgr-osad-4.2.8-150000.1.36.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"product": {
"name": "python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"product_id": "python3-mgr-push-4.2.5-150000.1.18.2.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"product": {
"name": "python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"product_id": "python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"product": {
"name": "python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"product_id": "python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"product": {
"name": "python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"product_id": "python3-rhnlib-4.2.6-150000.3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"product": {
"name": "python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"product_id": "python3-spacewalk-check-4.2.18-150000.3.59.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"product": {
"name": "python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"product_id": "python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"product": {
"name": "python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"product_id": "python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"product": {
"name": "python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"product_id": "python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"product": {
"name": "python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"product_id": "python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"product": {
"name": "python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"product_id": "python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-4.2.16-150000.3.77.1.noarch",
"product": {
"name": "spacecmd-4.2.16-150000.3.77.1.noarch",
"product_id": "spacecmd-4.2.16-150000.3.77.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-check-4.2.18-150000.3.59.1.noarch",
"product": {
"name": "spacewalk-check-4.2.18-150000.3.59.1.noarch",
"product_id": "spacewalk-check-4.2.18-150000.3.59.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"product": {
"name": "spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"product_id": "spacewalk-client-setup-4.2.18-150000.3.59.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"product": {
"name": "spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"product_id": "spacewalk-client-tools-4.2.18-150000.3.59.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"product": {
"name": "spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"product_id": "spacewalk-koan-4.2.6-150000.3.27.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"product": {
"name": "spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"product_id": "spacewalk-oscap-4.2.4-150000.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"product": {
"name": "suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"product_id": "suseRegisterInfo-4.2.6-150000.3.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.3.5-150000.1.30.1.ppc64le",
"product": {
"name": "grafana-8.3.5-150000.1.30.1.ppc64le",
"product_id": "grafana-8.3.5-150000.1.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"product": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"product_id": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.2.3-150000.1.6.1.ppc64le",
"product": {
"name": "uyuni-base-common-4.2.3-150000.1.6.1.ppc64le",
"product_id": "uyuni-base-common-4.2.3-150000.1.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.2.3-150000.1.6.1.ppc64le",
"product": {
"name": "uyuni-base-proxy-4.2.3-150000.1.6.1.ppc64le",
"product_id": "uyuni-base-proxy-4.2.3-150000.1.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.2.3-150000.1.6.1.ppc64le",
"product": {
"name": "uyuni-base-server-4.2.3-150000.1.6.1.ppc64le",
"product_id": "uyuni-base-server-4.2.3-150000.1.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "wire-0.5.0-150000.1.3.1.ppc64le",
"product": {
"name": "wire-0.5.0-150000.1.3.1.ppc64le",
"product_id": "wire-0.5.0-150000.1.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.3.5-150000.1.30.1.s390x",
"product": {
"name": "grafana-8.3.5-150000.1.30.1.s390x",
"product_id": "grafana-8.3.5-150000.1.30.1.s390x"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"product": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"product_id": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.2.3-150000.1.6.1.s390x",
"product": {
"name": "uyuni-base-common-4.2.3-150000.1.6.1.s390x",
"product_id": "uyuni-base-common-4.2.3-150000.1.6.1.s390x"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.2.3-150000.1.6.1.s390x",
"product": {
"name": "uyuni-base-proxy-4.2.3-150000.1.6.1.s390x",
"product_id": "uyuni-base-proxy-4.2.3-150000.1.6.1.s390x"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.2.3-150000.1.6.1.s390x",
"product": {
"name": "uyuni-base-server-4.2.3-150000.1.6.1.s390x",
"product_id": "uyuni-base-server-4.2.3-150000.1.6.1.s390x"
}
},
{
"category": "product_version",
"name": "wire-0.5.0-150000.1.3.1.s390x",
"product": {
"name": "wire-0.5.0-150000.1.3.1.s390x",
"product_id": "wire-0.5.0-150000.1.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.3.5-150000.1.30.1.x86_64",
"product": {
"name": "grafana-8.3.5-150000.1.30.1.x86_64",
"product_id": "grafana-8.3.5-150000.1.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"product": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"product_id": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.2.3-150000.1.6.1.x86_64",
"product": {
"name": "uyuni-base-common-4.2.3-150000.1.6.1.x86_64",
"product_id": "uyuni-base-common-4.2.3-150000.1.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.2.3-150000.1.6.1.x86_64",
"product": {
"name": "uyuni-base-proxy-4.2.3-150000.1.6.1.x86_64",
"product_id": "uyuni-base-proxy-4.2.3-150000.1.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.2.3-150000.1.6.1.x86_64",
"product": {
"name": "uyuni-base-server-4.2.3-150000.1.6.1.x86_64",
"product_id": "uyuni-base-server-4.2.3-150000.1.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "wire-0.5.0-150000.1.3.1.x86_64",
"product": {
"name": "wire-0.5.0-150000.1.3.1.x86_64",
"product_id": "wire-0.5.0-150000.1.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.2",
"product": {
"name": "SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150000.1.30.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64"
},
"product_reference": "grafana-8.3.5-150000.1.30.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150000.1.30.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le"
},
"product_reference": "grafana-8.3.5-150000.1.30.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150000.1.30.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x"
},
"product_reference": "grafana-8.3.5-150000.1.30.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-150000.1.30.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64"
},
"product_reference": "grafana-8.3.5-150000.1.30.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-cfg-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch"
},
"product_reference": "mgr-cfg-4.2.8-150000.1.24.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-cfg-actions-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch"
},
"product_reference": "mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-cfg-client-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch"
},
"product_reference": "mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-cfg-management-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch"
},
"product_reference": "mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-osad-4.2.8-150000.1.36.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch"
},
"product_reference": "mgr-osad-4.2.8-150000.1.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-push-4.2.5-150000.1.18.2.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch"
},
"product_reference": "mgr-push-4.2.5-150000.1.18.2.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-virtualization-host-4.2.4-150000.1.26.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch"
},
"product_reference": "mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-cfg-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch"
},
"product_reference": "python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch"
},
"product_reference": "python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch"
},
"product_reference": "python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch"
},
"product_reference": "python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch"
},
"product_reference": "python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-osad-4.2.8-150000.1.36.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch"
},
"product_reference": "python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-push-4.2.5-150000.1.18.2.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch"
},
"product_reference": "python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch"
},
"product_reference": "python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch"
},
"product_reference": "python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-rhnlib-4.2.6-150000.3.34.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch"
},
"product_reference": "python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-check-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch"
},
"product_reference": "python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch"
},
"product_reference": "python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch"
},
"product_reference": "python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch"
},
"product_reference": "python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch"
},
"product_reference": "python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch"
},
"product_reference": "python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.2.16-150000.3.77.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch"
},
"product_reference": "spacecmd-4.2.16-150000.3.77.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-check-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch"
},
"product_reference": "spacewalk-check-4.2.18-150000.3.59.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-setup-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch"
},
"product_reference": "spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch"
},
"product_reference": "spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-koan-4.2.6-150000.3.27.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch"
},
"product_reference": "spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-oscap-4.2.4-150000.3.18.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch"
},
"product_reference": "spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suseRegisterInfo-4.2.6-150000.3.21.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch"
},
"product_reference": "suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-rhnlib-4.2.6-150000.3.34.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch"
},
"product_reference": "python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.2.16-150000.3.77.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
},
"product_reference": "spacecmd-4.2.16-150000.3.77.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36222"
}
],
"notes": [
{
"category": "general",
"text": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36222",
"url": "https://www.suse.com/security/cve/CVE-2021-36222"
},
{
"category": "external",
"summary": "SUSE Bug 1188571 for CVE-2021-36222",
"url": "https://bugzilla.suse.com/1188571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "important"
}
],
"title": "CVE-2021-36222"
},
{
"cve": "CVE-2021-3711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3711"
}
],
"notes": [
{
"category": "general",
"text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3711",
"url": "https://www.suse.com/security/cve/CVE-2021-3711"
},
{
"category": "external",
"summary": "SUSE Bug 1189520 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1189520"
},
{
"category": "external",
"summary": "SUSE Bug 1190129 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1190129"
},
{
"category": "external",
"summary": "SUSE Bug 1192100 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1192100"
},
{
"category": "external",
"summary": "SUSE Bug 1205663 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1205663"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "critical"
}
],
"title": "CVE-2021-3711"
},
{
"cve": "CVE-2021-39226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39226"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39226",
"url": "https://www.suse.com/security/cve/CVE-2021-39226"
},
{
"category": "external",
"summary": "SUSE Bug 1191454 for CVE-2021-39226",
"url": "https://bugzilla.suse.com/1191454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "important"
}
],
"title": "CVE-2021-39226"
},
{
"cve": "CVE-2021-41174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41174"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim\u0027s browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(\u0027alert(1)\u0027)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41174",
"url": "https://www.suse.com/security/cve/CVE-2021-41174"
},
{
"category": "external",
"summary": "SUSE Bug 1192383 for CVE-2021-41174",
"url": "https://bugzilla.suse.com/1192383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "moderate"
}
],
"title": "CVE-2021-41174"
},
{
"cve": "CVE-2021-41244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41244"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users\u0027 roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users\u0027 roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41244",
"url": "https://www.suse.com/security/cve/CVE-2021-41244"
},
{
"category": "external",
"summary": "SUSE Bug 1192763 for CVE-2021-41244",
"url": "https://bugzilla.suse.com/1192763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "critical"
}
],
"title": "CVE-2021-41244"
},
{
"cve": "CVE-2021-43798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43798"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `\u003cgrafana_host_url\u003e/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43798",
"url": "https://www.suse.com/security/cve/CVE-2021-43798"
},
{
"category": "external",
"summary": "SUSE Bug 1193492 for CVE-2021-43798",
"url": "https://bugzilla.suse.com/1193492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "important"
}
],
"title": "CVE-2021-43798"
},
{
"cve": "CVE-2021-43813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43813"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43813",
"url": "https://www.suse.com/security/cve/CVE-2021-43813"
},
{
"category": "external",
"summary": "SUSE Bug 1193686 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193686"
},
{
"category": "external",
"summary": "SUSE Bug 1193688 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "moderate"
}
],
"title": "CVE-2021-43813"
},
{
"cve": "CVE-2021-43815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43815"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43815",
"url": "https://www.suse.com/security/cve/CVE-2021-43815"
},
{
"category": "external",
"summary": "SUSE Bug 1193686 for CVE-2021-43815",
"url": "https://bugzilla.suse.com/1193686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "moderate"
}
],
"title": "CVE-2021-43815"
},
{
"cve": "CVE-2022-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21673"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21673",
"url": "https://www.suse.com/security/cve/CVE-2022-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1194873 for CVE-2022-21673",
"url": "https://bugzilla.suse.com/1194873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "moderate"
}
],
"title": "CVE-2022-21673"
},
{
"cve": "CVE-2022-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21702"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21702",
"url": "https://www.suse.com/security/cve/CVE-2022-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1195726 for CVE-2022-21702",
"url": "https://bugzilla.suse.com/1195726"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "moderate"
}
],
"title": "CVE-2022-21702"
},
{
"cve": "CVE-2022-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21703"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21703",
"url": "https://www.suse.com/security/cve/CVE-2022-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1195727 for CVE-2022-21703",
"url": "https://bugzilla.suse.com/1195727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "moderate"
}
],
"title": "CVE-2022-21703"
},
{
"cve": "CVE-2022-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21713"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21713",
"url": "https://www.suse.com/security/cve/CVE-2022-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1195728 for CVE-2022-21713",
"url": "https://bugzilla.suse.com/1195728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch",
"SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch",
"SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch",
"SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x",
"openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64",
"openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch",
"openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-25T14:43:36Z",
"details": "moderate"
}
],
"title": "CVE-2022-21713"
}
]
}
SUSE-SU-2022:2134-1
Vulnerability from csaf_suse - Published: 2022-06-20 11:42 - Updated: 2022-06-20 11:42Summary
Security update for SUSE Manager Client Tools
Severity
Important
Notes
Title of the patch: Security update for SUSE Manager Client Tools
Description of the patch: This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Adapted to build on Enterprise Linux.
- Fix build for RedHat 7
- Require Go >= 1.14 also for CentOS
- Add support for CentOS
- Replace %{?systemd_requires} with %{?systemd_ordering}
golang-github-prometheus-alertmanager:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
- Update required Go version to 1.16
- Update to version 0.23.0:
* amtool: Detect version drift and warn users (#2672)
* Add ability to skip TLS verification for amtool (#2663)
* Fix empty isEqual in amtool. (#2668)
* Fix main tests (#2670)
* cli: add new template render command (#2538)
* OpsGenie: refer to alert instead of incident (#2609)
* Docs: target_match and source_match are DEPRECATED (#2665)
* Fix test not waiting for cluster member to be ready
- Added hardening to systemd service(s) (bsc#1181400)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1
(bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes
Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed
Remove obsolete capture permission denied error patch that is already included upstream
Fix zoneinfo parsing prometheus/procfs#386
Fix nvme collector log noise #2091
Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes
Rename filesystem collector flags to match other collectors #2012
Make node_exporter print usage to STDOUT #203
* Features
Add conntrack statistics metrics #1155
Add ethtool stats collector #1832
Add flag to ignore network speed if it is unknown #1989
Add tapestats collector for Linux #2044
Add nvme collector #2062
* Enhancements
Add ErrorLog plumbing to promhttp #1887
Add more Infiniband counters #2019
netclass: retrieve interface names and filter before parsing #2033
Add time zone offset metric #2060
Handle errors from disabled PSI subsystem #1983
Fix panic when using backwards compatible flags #2000
Fix wrong value for OpenBSD memory buffer cache #2015
Only initiate collectors once #2048
Handle small backwards jumps in CPU idle #2067
- Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535)
grafana:
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)
+ Security:
* Fixes XSS vulnerability in handling data sources
(bsc#1195726, CVE-2022-21702)
* Fixes cross-origin request forgery vulnerability
(bsc#1195727, CVE-2022-21703)
* Fixes Insecure Direct Object Reference vulnerability in Teams
API (bsc#1195728, CVE-2022-21713)
- Update to Go 1.17.
- Add build-time dependency on `wire`.
- Update license to GNU Affero General Public License v3.0.
- Update to version 8.3.4
* GetUserInfo: return an error if no user was found
(bsc#1194873, CVE-2022-21673)
+ Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user
cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource
migration.
+ Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics
dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group
bys.
* Configuration: You can now see your expired API keys if you
have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single
field.
* Export: Fix error being thrown when exporting dashboards
using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and
name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of $__rate_interval variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields
when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when
signing a private plugin.
* Variables: Fix so data source variables are added to adhoc
configuration.
+ Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins
to prevent plugins from crashing.
- Update to version 8.3.3:
* BarChart: Use new data error view component to show actions
in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from
8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the
manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in
InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser
and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram
metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with
multiple fields.
* TraceView: Fix virtualized scrolling when trace view is
opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed
variables.
* Variables: Fix so queryparam option works for scoped
- Update to version 8.3.2
+ Security: Fixes CVE-2021-43813 and CVE-2021-43815.
- Update to version 8.3.1
+ Security: Fixes CVE-2021-43798.
- Update to version 8.3.0
* Alerting: Prevent folders from being deleted when they
contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit
panel.
* Visualizations: Limit y label width to 40% of visualization
width.
* Alerting: Clear alerting rule evaluation errors after
intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges
smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only
sets color.
- Update to version 8.3.0-beta2
+ Breaking changes:
* Grafana 8 Alerting enabled by default for installations that
do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when
upgrading to Grafana 8 alerting.
* Alerting: Create DatasourceError alert if evaluation returns
error.
* Alerting: Make Unified Alerting enabled by default for those
who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api
for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data
sources and to the changelog.
* Plugins Catalog: Enable install controls based on the
pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and
JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo
and Zipkin.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader
introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and
other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access
mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring
spanIDs.
* Tracing: Show start time of trace with milliseconds
precision.
* Variables: Make renamed or missing variable section
expandable.
* Select: Select menus now properly scroll during keyboard
navigation.
- Update to version 8.3.0-beta1
* Alerting: Add UI for contact point testing with custom
annotations and labels.
* Alerting: Make alert state indicator in panel header work
with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT
auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with
Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max
concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram
aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in
the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels
between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating
PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in
Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to
Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via
legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time
fields.
* Variables: Only update panels that are impacted by variable
change.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data
source.
* Azure monitor: Make sure alert rule editor is not enabled
when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to
CodeEditor.
* Dashboard: Remove the current panel from the list of options
in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query
endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* grafana/ui: Enable slider marks display.
- Update to version 8.2.7
- Update to version 8.2.6
* Security: Upgrade Docker base image to Alpine 3.14.3.
* Security: Upgrade Go to 1.17.2.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of
unrelated series.
- Update to version 8.2.5
* Fix No Data behaviour in Legacy Alerting.
* Alerting: Fix a bug where the metric in the evaluation string
was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert
rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL
queries.
* Dashboards: 'Copy' is no longer added to new dashboard
titles.
* DataProxy: Fix overriding response body when response is a
WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field
for date_histogram aggregations.
* Explore: Fix running queries without a datasource property
set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
- Update to version 8.2.4
+ Security: Fixes CVE-2021-41244.
- Update to version 8.2.3
+ Security: Fixes CVE-2021-41174.
- Update to version 8.2.2
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource
filter query.
* Packaging: We removed the ProcSubset option in systemd. This
option prevented Grafana from starting in LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them
more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge,
bar gauge, and pie chart visualizations.
* Alerting: Fix panic when Slack's API sends unexpected
response.
* Alerting: The Create Alert button now appears on the
dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel
disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is
parsed to an object.
* Prometheus: We fixed the issue where the system did not reuse
TCP connections when querying from Grafana alerting.
* Prometheus: We fixed the problem that resulted in an error
when a user created a query with a $__interval min step.
* RowsToFields: We fixed the issue where the system was not
properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data
min = data max.
* Table panel: You can now create a filter that includes
special characters.
- Update to version 8.2.1
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not
found.
* Packaging: Remove systemcallfilters sections from systemd
unit files.
* Prometheus: Add Headers to HTTP client options.
- Update to version 8.2.0
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream
Prometheus AM implementation.
* Alerting: Allows more characters in label names so
notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using
/api/v1/rules endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in
Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with
* CodeEditor: Ensure that we trigger the latest onSave callback
provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Plugins: Create a mock icon component to prevent console
errors.
- Update to version 8.2.0-beta2
* AccessControl: Document new permissions restricting data
source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using
configuration options.
* Alerting: Cleanups alertmanager namespace from key-value
store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new
settings for enabling Grafana 8 alerts and disabling them for
specific organisations.
* CloudWatch: Introduced new math expression where it is
necessary to specify the period field.
* InfluxDB: Added support for $__interval and $__interval_ms in
Flux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end
timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact
with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* Alerting: Fixed an issue where the edit page crashes if you
tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8
alert rules.
* Alerting: Fixed the silence file content generated during
* Analytics: Fixed an issue related to interaction event
propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even
though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables
with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip
error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use
resultFormat.
* Loki: Fixed creating context query for logs with parsed
labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after
an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not
showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh
pages when pressing enter in a text box variable input.
* Variables: Panel no longer crash when using the adhoc
variable in data links.
- Update to version 8.2.0-beta1
* AccessControl: Introduce new permissions to restrict access
for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names,
and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and
Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them
easier to locate.
* Alerting: Support org level isolation of notification
* AzureMonitor: Add data links to deep link to Azure Portal
Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor
Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request
fails in ConfigEditor.
* Chore: Update to Golang 1.16.7.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs
in logs.
* CloudWatch Logs: Disable query path using websockets (Live)
feature.
* CloudWatch/Logs: Don't group dataframes for non time series
* Cloudwatch: Migrate queries that use multiple stats to one
query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource
responses.
* Explore: Add filter by trace or span ID to trace to logs
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields
buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in
tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing
library elements.
* LibraryPanels: Remove library panel icon from the panel
header so you can no longer tell that a panel is a library
panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting
in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number
of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to
backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in
XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or
boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Admin: Prevent user from deleting user's current/active
organization.
* LibraryPanels: Fix library panel getting saved in the
dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip
is set to All.
* Grafana UI: Fix TS error property css is missing in type.
- Update to version 8.1.8
- Update to version 8.1.7
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
- Update to version 8.1.6
+ Security: Fixes CVE-2021-39226.
- Update to version 8.1.5
* BarChart: Fixes panel error that happens on second refresh.
- Update to version 8.1.4
+ Features and enhancements
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
- Update to version 8.1.3
+ Bug fixes
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Docker: Force use of libcrypto1.1 and libssl1.1 versions to
fix CVE-2021-3711.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric
values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being
created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed
correctly.
* Prometheus: Fix validate selector in metrics browser.
* Security: Fix stylesheet injection vulnerability.
* Security: Fix short URL vulnerability.
- Update to version 8.1.2
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible
Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* Toolkit: Fix matchMedia not found error.
- Update to version 8.1.1
* CloudWatch Logs: Fix crash when no region is selected.
- Update to version 8.1.0
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in
everywhere.
* TimeRangePicker: Improve accessibility.
* Annotations: Correct annotations that are displayed upon page
refresh.
* Annotations: Fix Enabled button that disappeared from Grafana
v8.0.6.
* Annotations: Fix data source template variable that was not
available for annotations.
* AzureMonitor: Fix annotations query editor that does not
load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list
* Loki: Update labels in log browser when time range changes in
dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting ->
Normal.
* PasswordField: Prevent a password from being displayed when
you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Security: Update dependencies to fix CVE-2021-36222.
- Update to version 8.1.0-beta3
* Alerting: Support label matcher syntax in alert rule list
filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Docker: Fix builds by delaying go mod verify until all
required files are copied over.
* Exemplars: Fix disable exemplars only on the query that
failed.
* SQL: Fix SQL dataframe resampling (fill mode + time
intervals).
- Update to version 8.1.0-beta2
* Alerting: Expand the value string in alert annotations and
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication
proxy.
* Gazetteer: Update countries.json file to allow for linking to
3-letter country codes.
* Config: Fix Docker builds by correcting formatting in
sample.ini.
* Explore: Fix encoding of internal URLs.
- Update to version 8.1.0-beta1
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Toolkit: Improve error messages when tasks fail.
- Update to version 8.0.7
- Update to version 8.0.6
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
- Update to version 8.0.5
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
- Update to version 8.0.4
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
- Update to version 8.0.3
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
- Update to version 8.0.2
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
- Update to version 8.0.1
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
- Update to version 8.0.0
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
GET /dashboards/db/:slug
GET /dashboard-solo/db/:slug
GET /api/dashboard/db/:slug
DELETE /api/dashboards/db/:slug
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
- Update to version 8.0.0-beta3
* The default HTTP method for Prometheus data source is now
POST.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
- Update to version 8.0.0-beta2
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
* Variables: Refreshes all panels even if panel is full screen.
* QueryField: Remove carriage return character from pasted text.
- Update to version 8.0.0-beta1
+ License update:
* AGPL License: Update license from Apache 2.0 to the GNU
Affero General Public License (AGPL).
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
+ Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and
showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get
the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext
(breaking change).
- Update to version 7.5.13
* Alerting: Fix NoDataFound for alert rules using AND operator.
mgr-cfg:
- Version 4.3.6-1
* Corrected source URL in spec file
* Fix installation problem for SLE15SP4 due missing python-selinux
* Fix python selinux package name depending on build target (bsc#1193600)
* Do not build python 2 package for SLE15SP4 and higher
* Remove unused legacy code
mgr-custom-info:
- Version 4.3.3-1
* Remove unused legacy code
mgr-daemon:
- Version 4.3.4-1
* Corrected source URLs in spec file
* Update translation strings
mgr-osad:
- Version 4.3.6-1
* Corrected source URL in spec file.
* Do not build python 2 package for SLE15SP4 and higher
* Removed spacewalk-selinux dependencies.
* Updated source url.
mgr-push:
- Version 4.3.4-1
* Corrected source URLs in spec file
mgr-virtualization:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
prometheus-blackbox_exporter:
- Enhanced to build on Enterprise Linux 8
prometheus-postgres_exporter:
- Updated for RHEL8.
python-hwdata:
- Require python macros for building
rhnlib:
- Version 4.3.4-1
* Reorganize python files
spacecmd:
- Version 4.3.11-1
* on full system update call schedulePackageUpdate API (bsc#1197507)
* parse boolean paramaters correctly (bsc#1197689)
* Add parameter to set containerized proxy SSH port
* Add proxy config generation subcommand
* Option 'org_createfirst' added to perform initial organization and user creation
* Added gettext build requirement for RHEL.
* Removed RHEL 5 references.
* Include group formulas configuration in spacecmd group_backup and
spacecmd group_restore. This changes backup format to json,
previously used plain text is still supported for reading (bsc#1190462)
* Update translation strings
* Improved event history listing and added new system_eventdetails
command to retrieve the details of an event
* Make schedule_deletearchived to get all actions without display limit
* Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
spacewalk-client-tools:
- Version 4.3.9-1
* Corrected source URLs in spec file.
* do not build python 2 package for SLE15
* Remove unused legacy code
* Update translation strings
spacewalk-koan:
- Version 4.3.5-1
* Corrected source URLs in spec file.
spacewalk-oscap:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
spacewalk-remote-utils:
- Version 4.3.3-1
* Adapt the package for changes in rhnlib
supportutils-plugin-susemanager-client:
- Version 4.3.2-1
* Add proxy containers config and logs
suseRegisterInfo:
- Version 4.3.3-1
* Bump version to 4.3.0
supportutils-plugin-salt:
- Add support for Salt Bundle
uyuni-common-libs:
- Version 4.3.4-1
* implement more decompression algorithms for reposync (bsc#1196704)
* Reorganize python files
* Add decompression of zck files to fileutils
Patchnames: HPE-Helion-OpenStack-8-2022-2134,SUSE-2022-2134,SUSE-OpenStack-Cloud-8-2022-2134,SUSE-OpenStack-Cloud-9-2022-2134,SUSE-OpenStack-Cloud-Crowbar-8-2022-2134,SUSE-OpenStack-Cloud-Crowbar-9-2022-2134,SUSE-SLE-Manager-Tools-12-2022-2134,SUSE-SLE-SAP-12-SP3-2022-2134,SUSE-SLE-SAP-12-SP4-2022-2134,SUSE-SLE-SERVER-12-SP3-2022-2134,SUSE-SLE-SERVER-12-SP3-BCL-2022-2134,SUSE-SLE-SERVER-12-SP4-LTSS-2022-2134,SUSE-SLE-SERVER-12-SP5-2022-2134
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.3 (High)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.9 (Medium)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.1 (Critical)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
90 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
62 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Client Tools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ngolang-github-QubitProducts-exporter_exporter:\n\n- Adapted to build on Enterprise Linux.\n- Fix build for RedHat 7\n- Require Go \u003e= 1.14 also for CentOS\n- Add support for CentOS\n- Replace %{?systemd_requires} with %{?systemd_ordering}\n\ngolang-github-prometheus-alertmanager:\n\n- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.\n * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)\n- Update required Go version to 1.16\n- Update to version 0.23.0:\n * amtool: Detect version drift and warn users (#2672)\n * Add ability to skip TLS verification for amtool (#2663)\n * Fix empty isEqual in amtool. (#2668)\n * Fix main tests (#2670)\n * cli: add new template render command (#2538)\n * OpsGenie: refer to alert instead of incident (#2609)\n * Docs: target_match and source_match are DEPRECATED (#2665)\n * Fix test not waiting for cluster member to be ready\n- Added hardening to systemd service(s) (bsc#1181400)\n\ngolang-github-prometheus-node_exporter:\n\n- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.\n * Update vendor tarball with prometheus/client_golang 1.11.1\n (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)\n- Update to 1.3.0\n * [CHANGE] Add path label to rapl collector #2146\n * [CHANGE] Exclude filesystems under /run/credentials #2157\n * [CHANGE] Add TCPTimeouts to netstat default filter #2189\n * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771\n * [FEATURE] Add darwin powersupply collector #1777\n * [FEATURE] Add support for monitoring GPUs on Linux #1998\n * [FEATURE] Add Darwin thermal collector #2032\n * [FEATURE] Add os release collector #2094\n * [FEATURE] Add netdev.address-info collector #2105\n * [FEATURE] Add clocksource metrics to time collector #2197\n * [ENHANCEMENT] Support glob textfile collector directories #1985\n * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080\n * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165\n * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123\n * [ENHANCEMENT] Add DMI collector #2131\n * [ENHANCEMENT] Add threads metrics to processes collector #2164\n * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169\n * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189\n * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208\n * [BUGFIX] ethtool: Sanitize metric names #2093\n * [BUGFIX] Fix ethtool collector for multiple interfaces #2126\n * [BUGFIX] Fix possible panic on macOS #2133\n * [BUGFIX] Collect flag_info and bug_info only for one core #2156\n * [BUGFIX] Prevent duplicate ethtool metric names #2187\n- Update to 1.2.2\n * Bug fixes\n Fix processes collector long int parsing #2112\n- Update to 1.2.1\n * Removed\n Remove obsolete capture permission denied error patch that is already included upstream\n Fix zoneinfo parsing prometheus/procfs#386\n Fix nvme collector log noise #2091\n Fix rapl collector log noise #2092\n- Update to 1.2.0\n * Changes\n Rename filesystem collector flags to match other collectors #2012\n Make node_exporter print usage to STDOUT #203\n * Features\n Add conntrack statistics metrics #1155\n Add ethtool stats collector #1832\n Add flag to ignore network speed if it is unknown #1989\n Add tapestats collector for Linux #2044\n Add nvme collector #2062\n * Enhancements\n Add ErrorLog plumbing to promhttp #1887\n Add more Infiniband counters #2019\n netclass: retrieve interface names and filter before parsing #2033\n Add time zone offset metric #2060\n Handle errors from disabled PSI subsystem #1983\n Fix panic when using backwards compatible flags #2000\n Fix wrong value for OpenBSD memory buffer cache #2015\n Only initiate collectors once #2048\n Handle small backwards jumps in CPU idle #2067\n- Apply patch to capture permission denied error for \u0027energy_uj\u0027 file (bsc#1190535)\n\ngrafana:\n\n- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)\n + Security:\n * Fixes XSS vulnerability in handling data sources\n (bsc#1195726, CVE-2022-21702)\n * Fixes cross-origin request forgery vulnerability\n (bsc#1195727, CVE-2022-21703)\n * Fixes Insecure Direct Object Reference vulnerability in Teams\n API (bsc#1195728, CVE-2022-21713)\n- Update to Go 1.17.\n- Add build-time dependency on `wire`.\n- Update license to GNU Affero General Public License v3.0.\n- Update to version 8.3.4\n * GetUserInfo: return an error if no user was found\n (bsc#1194873, CVE-2022-21673)\n + Features and enhancements:\n * Alerting: Allow configuration of non-ready alertmanagers.\n * Alerting: Allow customization of Google chat message.\n * AppPlugins: Support app plugins with only default nav.\n * InfluxDB: query editor: skip fields in metadata queries.\n * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user\n cancels query in grafana.\n * Prometheus: Forward oauth tokens after prometheus datasource\n migration.\n + Bug fixes:\n * Azure Monitor: Bug fix for variable interpolations in metrics\n dropdowns.\n * Azure Monitor: Improved error messages for variable queries.\n * CloudMonitoring: Fixes broken variable queries that use group\n bys.\n * Configuration: You can now see your expired API keys if you\n have no active ones.\n * Elasticsearch: Fix handling multiple datalinks for a single\n field.\n * Export: Fix error being thrown when exporting dashboards\n using query variables that reference the default datasource.\n * ImportDashboard: Fixes issue with importing dashboard and\n name ending up in uid.\n * Login: Page no longer overflows on mobile.\n * Plugins: Set backend metadata property for core plugins.\n * Prometheus: Fill missing steps with null values.\n * Prometheus: Fix interpolation of $__rate_interval variable.\n * Prometheus: Interpolate variables with curly brackets syntax.\n * Prometheus: Respect the http-method data source setting.\n * Table: Fixes issue with field config applied to wrong fields\n when hiding columns.\n * Toolkit: Fix bug with rootUrls not being properly parsed when\n signing a private plugin.\n * Variables: Fix so data source variables are added to adhoc\n configuration.\n + Plugin development fixes \u0026 changes:\n * Toolkit: Revert build config so tslib is bundled with plugins\n to prevent plugins from crashing.\n- Update to version 8.3.3:\n * BarChart: Use new data error view component to show actions\n in panel edit.\n * CloudMonitor: Iterate over pageToken for resources.\n * Macaron: Prevent WriteHeader invalid HTTP status code panic.\n * AnnoListPanel: Fix interpolation of variables in tags.\n * CloudWatch: Allow queries to have no dimensions specified.\n * CloudWatch: Fix broken queries for users migrating from\n 8.2.4/8.2.5 to 8.3.0.\n * CloudWatch: Make sure MatchExact flag gets the right value.\n * Dashboards: Fix so that empty folders can be deleted from the\n manage dashboards/folders page.\n * InfluxDB: Improve handling of metadata query errors in\n InfluxQL.\n * Loki: Fix adding of ad hoc filters for queries with parser\n and line_format expressions.\n * Prometheus: Fix running of exemplar queries for non-histogram\n metrics.\n * Prometheus: Interpolate template variables in interval.\n * StateTimeline: Fix toolitp not showing when for frames with\n multiple fields.\n * TraceView: Fix virtualized scrolling when trace view is\n opened in right pane in Explore.\n * Variables: Fix repeating panels for on time range changed\n variables.\n * Variables: Fix so queryparam option works for scoped\n- Update to version 8.3.2\n + Security: Fixes CVE-2021-43813 and CVE-2021-43815.\n- Update to version 8.3.1\n + Security: Fixes CVE-2021-43798.\n- Update to version 8.3.0\n * Alerting: Prevent folders from being deleted when they\n contain alerts.\n * Alerting: Show full preview value in tooltip.\n * BarGauge: Limit title width when name is really long.\n * CloudMonitoring: Avoid to escape regexps in filters.\n * CloudWatch: Add support for AWS Metric Insights.\n * TooltipPlugin: Remove other panels\u0027 shared tooltip in edit\n panel.\n * Visualizations: Limit y label width to 40% of visualization\n width.\n * Alerting: Clear alerting rule evaluation errors after\n intermittent failures.\n * Alerting: Fix refresh on legacy Alert List panel.\n * Dashboard: Fix queries for panels with non-integer widths.\n * Explore: Fix url update inconsistency.\n * Prometheus: Fix range variables interpolation for time ranges\n smaller than 1 second.\n * ValueMappings: Fixes issue with regex value mapping that only\n sets color.\n- Update to version 8.3.0-beta2\n + Breaking changes:\n * Grafana 8 Alerting enabled by default for installations that\n do not use legacy alerting.\n * Keep Last State for \u0027If execution error or timeout\u0027 when\n upgrading to Grafana 8 alerting.\n * Alerting: Create DatasourceError alert if evaluation returns\n error.\n * Alerting: Make Unified Alerting enabled by default for those\n who do not use legacy alerting.\n * Alerting: Support mute timings configuration through the api\n for the embedded alert manager.\n * CloudWatch: Add missing AWS/Events metrics.\n * Docs: Add easier to find deprecation notices to certain data\n sources and to the changelog.\n * Plugins Catalog: Enable install controls based on the\n pluginAdminEnabled flag.\n * Table: Add space between values for the DefaultCell and\n JSONViewCell.\n * Tracing: Make query editors available in dashboard for Tempo\n and Zipkin.\n * AccessControl: Renamed orgs roles, removed fixed:orgs:reader\n introduced in beta1.\n * Azure Monitor: Add trap focus for modals in grafana/ui and\n other small a11y fixes for Azure Monitor.\n * CodeEditor: Prevent suggestions from being clipped.\n * Dashboard: Fix cache timeout persistence.\n * Datasource: Fix stable sort order of query responses.\n * Explore: Fix error in query history when removing last item.\n * Logs: Fix requesting of older logs when flipped order.\n * Prometheus: Fix running of health check query based on access\n mode.\n * TextPanel: Fix suggestions for existing panels.\n * Tracing: Fix incorrect indentations due to reoccurring\n spanIDs.\n * Tracing: Show start time of trace with milliseconds\n precision.\n * Variables: Make renamed or missing variable section\n expandable.\n * Select: Select menus now properly scroll during keyboard\n navigation.\n- Update to version 8.3.0-beta1\n * Alerting: Add UI for contact point testing with custom\n annotations and labels.\n * Alerting: Make alert state indicator in panel header work\n with Grafana 8 alerts.\n * Alerting: Option for Discord notifier to use webhook name.\n * Annotations: Deprecate AnnotationsSrv.\n * Auth: Omit all base64 paddings in JWT tokens for the JWT\n auth.\n * Azure Monitor: Clean up fields when editing Metrics.\n * AzureMonitor: Add new starter dashboards.\n * AzureMonitor: Add starter dashboard for app monitoring with\n Application Insights.\n * Barchart/Time series: Allow x axis label.\n * CLI: Improve error handling for installing plugins.\n * CloudMonitoring: Migrate to use backend plugin SDK contracts.\n * CloudWatch Logs: Add retry strategy for hitting max\n concurrent queries.\n * CloudWatch: Add AWS RoboMaker metrics and dimension.\n * CloudWatch: Add AWS Transfer metrics and dimension.\n * Dashboard: replace datasource name with a reference object.\n * Dashboards: Show logs on time series when hovering.\n * Elasticsearch: Add support for Elasticsearch 8.0 (Beta).\n * Elasticsearch: Add time zone setting to Date Histogram\n aggregation.\n * Elasticsearch: Enable full range log volume histogram.\n * Elasticsearch: Full range logs volume.\n * Explore: Allow changing the graph type.\n * Explore: Show ANSI colors when highlighting matched words in\n the logs panel.\n * Graph(old) panel: Listen to events from Time series panel.\n * Import: Load gcom dashboards from URL.\n * LibraryPanels: Improves export and import of library panels\n between orgs.\n * OAuth: Support PKCE.\n * Panel edit: Overrides now highlight correctly when searching.\n * PanelEdit: Display drag indicators on draggable sections.\n * Plugins: Refactor Plugin Management.\n * Prometheus: Add custom query parameters when creating\n PromLink url.\n * Prometheus: Remove limits on metrics, labels, and values in\n Metrics Browser.\n * StateTimeline: Share cursor with rest of the panels.\n * Tempo: Add error details when json upload fails.\n * Tempo: Add filtering for service graph query.\n * Tempo: Add links to nodes in Service Graph pointing to\n Prometheus metrics.\n * Time series/Bar chart panel: Add ability to sort series via\n legend.\n * TimeSeries: Allow multiple axes for the same unit.\n * TraceView: Allow span links defined on dataFrame.\n * Transformations: Support a rows mode in labels to fields.\n * ValueMappings: Don\u0027t apply field config defaults to time\n fields.\n * Variables: Only update panels that are impacted by variable\n change.\n * API: Fix dashboard quota limit for imports.\n * Alerting: Fix rule editor issues with Azure Monitor data\n source.\n * Azure monitor: Make sure alert rule editor is not enabled\n when template variables are being used.\n * CloudMonitoring: Fix annotation queries.\n * CodeEditor: Trigger the latest getSuggestions() passed to\n CodeEditor.\n * Dashboard: Remove the current panel from the list of options\n in the Dashboard datasource.\n * Encryption: Fix decrypting secrets in alerting migration.\n * InfluxDB: Fix corner case where index is too large in ALIAS\n * NavBar: Order App plugins alphabetically.\n * NodeGraph: Fix zooming sensitivity on touchpads.\n * Plugins: Add OAuth pass-through logic to api/ds/query\n endpoint.\n * Snapshots: Fix panel inspector for snapshot data.\n * Tempo: Fix basic auth password reset on adding tag.\n * ValueMapping: Fixes issue with regex mappings.\n * grafana/ui: Enable slider marks display.\n- Update to version 8.2.7\n- Update to version 8.2.6\n * Security: Upgrade Docker base image to Alpine 3.14.3.\n * Security: Upgrade Go to 1.17.2.\n * TimeSeries: Fix fillBelowTo wrongly affecting fills of\n unrelated series.\n- Update to version 8.2.5\n * Fix No Data behaviour in Legacy Alerting.\n * Alerting: Fix a bug where the metric in the evaluation string\n was not correctly populated.\n * Alerting: Fix no data behaviour in Legacy Alerting for alert\n rules using the AND operator.\n * CloudMonitoring: Ignore min and max aggregation in MQL\n queries.\n * Dashboards: \u0027Copy\u0027 is no longer added to new dashboard\n titles.\n * DataProxy: Fix overriding response body when response is a\n WebSocket upgrade.\n * Elasticsearch: Use field configured in query editor as field\n for date_histogram aggregations.\n * Explore: Fix running queries without a datasource property\n set.\n * InfluxDB: Fix numeric aliases in queries.\n * Plugins: Ensure consistent plugin settings list response.\n * Tempo: Fix validation of float durations.\n * Tracing: Correct tags for each span are shown.\n- Update to version 8.2.4\n + Security: Fixes CVE-2021-41244.\n- Update to version 8.2.3\n + Security: Fixes CVE-2021-41174.\n- Update to version 8.2.2\n * Annotations: We have improved tag search performance.\n * Application: You can now configure an error-template title.\n * AzureMonitor: We removed a restriction from the resource\n filter query.\n * Packaging: We removed the ProcSubset option in systemd. This\n option prevented Grafana from starting in LXC environments.\n * Prometheus: We removed the autocomplete limit for metrics.\n * Table: We improved the styling of the type icons to make them\n more distinct from column / field name.\n * ValueMappings: You can now use value mapping in stat, gauge,\n bar gauge, and pie chart visualizations.\n * Alerting: Fix panic when Slack\u0027s API sends unexpected\n response.\n * Alerting: The Create Alert button now appears on the\n dashboard panel when you are working with a default\n datasource.\n * Explore: We fixed the problem where the Explore log panel\n disappears when an Elasticsearch logs query returns no\n results.\n * Graph: You can now see annotation descriptions on hover.\n * Logs: The system now uses the JSON parser only if the line is\n parsed to an object.\n * Prometheus: We fixed the issue where the system did not reuse\n TCP connections when querying from Grafana alerting.\n * Prometheus: We fixed the problem that resulted in an error\n when a user created a query with a $__interval min step.\n * RowsToFields: We fixed the issue where the system was not\n properly interpreting number values.\n * Scale: We fixed how the system handles NaN percent when data\n min = data max.\n * Table panel: You can now create a filter that includes\n special characters.\n- Update to version 8.2.1\n * Dashboard: Fix rendering of repeating panels.\n * Datasources: Fix deletion of data source if plugin is not\n found.\n * Packaging: Remove systemcallfilters sections from systemd\n unit files.\n * Prometheus: Add Headers to HTTP client options.\n- Update to version 8.2.0\n * AWS: Updated AWS authentication documentation.\n * Alerting: Added support Alertmanager data source for upstream\n Prometheus AM implementation.\n * Alerting: Allows more characters in label names so\n notifications are sent.\n * Alerting: Get alert rules for a dashboard or a panel using\n /api/v1/rules endpoints.\n * Annotations: Improved rendering performance of event markers.\n * CloudWatch Logs: Skip caching for log queries.\n * Explore: Added an opt-in configuration for Node Graph in\n Jaeger, Zipkin, and Tempo.\n * Packaging: Add stricter systemd unit options.\n * Prometheus: Metrics browser can now handle label values with\n * CodeEditor: Ensure that we trigger the latest onSave callback\n provided to the component.\n * DashboardList/AlertList: Fix for missing All folder value.\n * Plugins: Create a mock icon component to prevent console\n errors.\n- Update to version 8.2.0-beta2\n * AccessControl: Document new permissions restricting data\n source access.\n * TimePicker: Add fiscal years and search to time picker.\n * Alerting: Added support for Unified Alerting with Grafana HA.\n * Alerting: Added support for tune rule evaluation using\n configuration options.\n * Alerting: Cleanups alertmanager namespace from key-value\n store when disabling Grafana 8 alerts.\n * Alerting: Remove ngalert feature toggle and introduce two new\n settings for enabling Grafana 8 alerts and disabling them for\n specific organisations.\n * CloudWatch: Introduced new math expression where it is\n necessary to specify the period field.\n * InfluxDB: Added support for $__interval and $__interval_ms in\n Flux queries for alerting.\n * InfluxDB: Flux queries can use more precise start and end\n timestamps with nanosecond-precision.\n * Plugins Catalog: Make the catalog the default way to interact\n with plugins.\n * Prometheus: Removed autocomplete limit for metrics.\n * Alerting: Fixed an issue where the edit page crashes if you\n tried to preview an alert without a condition set.\n * Alerting: Fixed rules migration to keep existing Grafana 8\n alert rules.\n * Alerting: Fixed the silence file content generated during\n * Analytics: Fixed an issue related to interaction event\n propagation in Azure Application Insights.\n * BarGauge: Fixed an issue where the cell color was lit even\n though there was no data.\n * BarGauge: Improved handling of streaming data.\n * CloudMonitoring: Fixed INT64 label unmarshal error.\n * ConfirmModal: Fixes confirm button focus on modal open.\n * Dashboard: Add option to generate short URL for variables\n with values containing spaces.\n * Explore: No longer hides errors containing refId property.\n * Fixed an issue that produced State timeline panel tooltip\n error when data was not in sync.\n * InfluxDB: InfluxQL query editor is set to always use\n resultFormat.\n * Loki: Fixed creating context query for logs with parsed\n labels.\n * PageToolbar: Fixed alignment of titles.\n * Plugins Catalog: Update to the list of available panels after\n an install, update or uninstall.\n * TimeSeries: Fixed an issue where the shared cursor was not\n showing when hovering over in old Graph panel.\n * Variables: Fixed issues related to change of focus or refresh\n pages when pressing enter in a text box variable input.\n * Variables: Panel no longer crash when using the adhoc\n variable in data links.\n- Update to version 8.2.0-beta1\n * AccessControl: Introduce new permissions to restrict access\n for reloading provisioning configuration.\n * Alerting: Add UI to edit Cortex/Loki namespace, group names,\n and group evaluation interval.\n * Alerting: Add a Test button to test contact point.\n * Alerting: Allow creating/editing recording rules for Loki and\n Cortex.\n * Alerting: Metrics should have the label org instead of user.\n * Alerting: Sort notification channels by name to make them\n easier to locate.\n * Alerting: Support org level isolation of notification\n * AzureMonitor: Add data links to deep link to Azure Portal\n Azure Resource Graph.\n * AzureMonitor: Add support for annotations from Azure Monitor\n Metrics and Azure Resource Graph services.\n * AzureMonitor: Show error message when subscriptions request\n fails in ConfigEditor.\n * Chore: Update to Golang 1.16.7.\n * CloudWatch Logs: Add link to X-Ray data source for trace IDs\n in logs.\n * CloudWatch Logs: Disable query path using websockets (Live)\n feature.\n * CloudWatch/Logs: Don\u0027t group dataframes for non time series\n * Cloudwatch: Migrate queries that use multiple stats to one\n query per stat.\n * Dashboard: Keep live timeseries moving left (v2).\n * Datasources: Introduce response_limit for datasource\n responses.\n * Explore: Add filter by trace or span ID to trace to logs\n * Explore: Download traces as JSON in Explore Inspector.\n * Explore: Reuse Dashboard\u0027s QueryRows component.\n * Explore: Support custom display label for derived fields\n buttons for Loki datasource.\n * Grafana UI: Update monaco-related dependencies.\n * Graphite: Deprecate browser access mode.\n * InfluxDB: Improve handling of intervals in alerting.\n * InfluxDB: InfluxQL query editor: Handle unusual characters in\n tag values better.\n * Jaeger: Add ability to upload JSON file for trace data.\n * LibraryElements: Enable specifying UID for new and existing\n library elements.\n * LibraryPanels: Remove library panel icon from the panel\n header so you can no longer tell that a panel is a library\n panel from the dashboard view.\n * Logs panel: Scroll to the bottom on page refresh when sorting\n in ascending order.\n * Loki: Add fuzzy search to label browser.\n * Navigation: Implement active state for items in the Sidemenu.\n * Packaging: Update PID file location from /var/run to /run.\n * Plugins: Add Hide OAuth Forward config option.\n * Postgres/MySQL/MSSQL: Add setting to limit the maximum number\n of rows processed.\n * Prometheus: Add browser access mode deprecation warning.\n * Prometheus: Add interpolation for built-in-time variables to\n backend.\n * Tempo: Add ability to upload trace data in JSON format.\n * TimeSeries/XYChart: Allow grid lines visibility control in\n XYChart and TimeSeries panels.\n * Transformations: Convert field types to time string number or\n boolean.\n * Value mappings: Add regular-expression based value mapping.\n * Zipkin: Add ability to upload trace JSON.\n * Admin: Prevent user from deleting user\u0027s current/active\n organization.\n * LibraryPanels: Fix library panel getting saved in the\n dashboard\u0027s folder.\n * OAuth: Make generic teams URL and JMES path configurable.\n * QueryEditor: Fix broken copy-paste for mouse middle-click\n * Thresholds: Fix undefined color in \u0027Add threshold\u0027.\n * Timeseries: Add wide-to-long, and fix multi-frame output.\n * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip\n is set to All.\n * Grafana UI: Fix TS error property css is missing in type.\n- Update to version 8.1.8\n- Update to version 8.1.7\n * Alerting: Fix alerts with evaluation interval more than 30\n seconds resolving before notification.\n * Elasticsearch/Prometheus: Fix usage of proper SigV4 service\n namespace.\n- Update to version 8.1.6\n + Security: Fixes CVE-2021-39226.\n- Update to version 8.1.5\n * BarChart: Fixes panel error that happens on second refresh.\n- Update to version 8.1.4\n + Features and enhancements\n * Explore: Ensure logs volume bar colors match legend colors.\n * LDAP: Search all DNs for users.\n * Alerting: Fix notification channel migration.\n * Annotations: Fix blank panels for queries with unknown data\n sources.\n * BarChart: Fix stale values and x axis labels.\n * Graph: Make old graph panel thresholds work even if ngalert\n is enabled.\n * InfluxDB: Fix regex to identify / as separator.\n * LibraryPanels: Fix update issues related to library panels in\n rows.\n * Variables: Fix variables not updating inside a Panel when the\n preceding Row uses \u0027Repeat For\u0027.\n- Update to version 8.1.3\n + Bug fixes\n * Alerting: Fix alert flapping in the internal alertmanager.\n * Alerting: Fix request handler failed to convert dataframe\n \u0027results\u0027 to plugins.DataTimeSeriesSlice: input frame is not\n recognized as a time series.\n * Dashboard: Fix UIDs are not preserved when importing/creating\n dashboards thru importing .json file.\n * Dashboard: Forces panel re-render when exiting panel edit.\n * Dashboard: Prevent folder from changing when navigating to\n general settings.\n * Docker: Force use of libcrypto1.1 and libssl1.1 versions to\n fix CVE-2021-3711.\n * Elasticsearch: Fix metric names for alert queries.\n * Elasticsearch: Limit Histogram field parameter to numeric\n values.\n * Elasticsearch: Prevent pipeline aggregations to show up in\n terms order by options.\n * LibraryPanels: Prevent duplicate repeated panels from being\n created.\n * Loki: Fix ad-hoc filter in dashboard when used with parser.\n * Plugins: Track signed files + add warn log for plugin assets\n which are not signed.\n * Postgres/MySQL/MSSQL: Fix region annotations not displayed\n correctly.\n * Prometheus: Fix validate selector in metrics browser.\n * Security: Fix stylesheet injection vulnerability.\n * Security: Fix short URL vulnerability.\n- Update to version 8.1.2\n * AzureMonitor: Add support for PostgreSQL and MySQL Flexible\n Servers.\n * Datasource: Change HTTP status code for failed datasource\n health check to 400.\n * Explore: Add span duration to left panel in trace viewer.\n * Plugins: Use file extension allowlist when serving plugin\n assets instead of checking for UNIX executable.\n * Profiling: Add support for binding pprof server to custom\n network interfaces.\n * Search: Make search icon keyboard navigable.\n * Template variables: Keyboard navigation improvements.\n * Tooltip: Display ms within minute time range.\n * Alerting: Fix saving LINE contact point.\n * Annotations: Fix alerting annotation coloring.\n * Annotations: Alert annotations are now visible in the correct\n Panel.\n * Auth: Hide SigV4 config UI and disable middleware when its\n config flag is disabled.\n * Dashboard: Prevent incorrect panel layout by comparing window\n width against theme breakpoints.\n * Explore: Fix showing of full log context.\n * PanelEdit: Fix \u0027Actual\u0027 size by passing the correct panel\n size to Dashboard.\n * Plugins: Fix TLS datasource settings.\n * Variables: Fix issue with empty drop downs on navigation.\n * Variables: Fix URL util converting false into true.\n * Toolkit: Fix matchMedia not found error.\n- Update to version 8.1.1\n * CloudWatch Logs: Fix crash when no region is selected.\n- Update to version 8.1.0\n * Alerting: Deduplicate receivers during migration.\n * ColorPicker: Display colors as RGBA.\n * Select: Make portalling the menu opt-in, but opt-in\n everywhere.\n * TimeRangePicker: Improve accessibility.\n * Annotations: Correct annotations that are displayed upon page\n refresh.\n * Annotations: Fix Enabled button that disappeared from Grafana\n v8.0.6.\n * Annotations: Fix data source template variable that was not\n available for annotations.\n * AzureMonitor: Fix annotations query editor that does not\n load.\n * Geomap: Fix scale calculations.\n * GraphNG: Fix y-axis autosizing.\n * Live: Display stream rate and fix duplicate channels in list\n * Loki: Update labels in log browser when time range changes in\n dashboard.\n * NGAlert: Send resolve signal to alertmanager on alerting -\u003e\n Normal.\n * PasswordField: Prevent a password from being displayed when\n you click the Enter button.\n * Renderer: Remove debug.log file when Grafana is stopped.\n * Security: Update dependencies to fix CVE-2021-36222.\n- Update to version 8.1.0-beta3\n * Alerting: Support label matcher syntax in alert rule list\n filter.\n * IconButton: Put tooltip text as aria-label.\n * Live: Experimental HA with Redis.\n * UI: FileDropzone component.\n * CloudWatch: Add AWS LookoutMetrics.\n * Docker: Fix builds by delaying go mod verify until all\n required files are copied over.\n * Exemplars: Fix disable exemplars only on the query that\n failed.\n * SQL: Fix SQL dataframe resampling (fill mode + time\n intervals).\n- Update to version 8.1.0-beta2\n * Alerting: Expand the value string in alert annotations and\n * Auth: Add Azure HTTP authentication middleware.\n * Auth: Auth: Pass user role when using the authentication\n proxy.\n * Gazetteer: Update countries.json file to allow for linking to\n 3-letter country codes.\n * Config: Fix Docker builds by correcting formatting in\n sample.ini.\n * Explore: Fix encoding of internal URLs.\n- Update to version 8.1.0-beta1\n * Alerting: Add Alertmanager notifications tab.\n * Alerting: Add button to deactivate current Alertmanager\n * Alerting: Add toggle in Loki/Prometheus data source\n configuration to opt out of alerting UI.\n * Alerting: Allow any \u0027evaluate for\u0027 value \u003e=0 in the alert\n rule form.\n * Alerting: Load default configuration from status endpoint, if\n Cortex Alertmanager returns empty user configuration. \n * Alerting: view to display alert rule and its underlying data.\n * Annotation panel: Release the annotation panel.\n * Annotations: Add typeahead support for tags in built-in\n annotations.\n * AzureMonitor: Add curated dashboards for Azure services.\n * AzureMonitor: Add support for deep links to Microsoft Azure\n portal for Metrics.\n * AzureMonitor: Remove support for different credentials for\n Azure Monitor Logs.\n * AzureMonitor: Support querying any Resource for Logs queries.\n * Elasticsearch: Add frozen indices search support.\n * Elasticsearch: Name fields after template variables values\n instead of their name.\n * Elasticsearch: add rate aggregation.\n * Email: Allow configuration of content types for email\n notifications.\n * Explore: Add more meta information when line limit is hit.\n * Explore: UI improvements to trace view.\n * FieldOverrides: Added support to change display name in an\n override field and have it be matched by a later rule.\n * HTTP Client: Introduce dataproxy_max_idle_connections config\n variable.\n * InfluxDB: InfluxQL: adds tags to timeseries data.\n * InfluxDB: InfluxQL: make measurement search case insensitive.\n Legacy Alerting: Replace simplejson with a struct in webhook\n notification channel.\n * Legend: Updates display name for Last (not null) to just\n Last*.\n * Logs panel: Add option to show common labels.\n * Loki: Add $__range variable.\n * Loki: Add support for \u0027label_values(log stream selector,\n label)\u0027 in templating.\n * Loki: Add support for ad-hoc filtering in dashboard.\n * MySQL Datasource: Add timezone parameter.\n * NodeGraph: Show gradient fields in legend.\n * PanelOptions: Don\u0027t mutate panel options/field config object\n when updating.\n * PieChart: Make pie gradient more subtle to match other\n charts.\n * Prometheus: Update PromQL typeahead and highlighting.\n * Prometheus: interpolate variable for step field.\n * Provisioning: Improve validation by validating across all\n dashboard providers.\n * SQL Datasources: Allow multiple string/labels columns with\n time series.\n * Select: Portal select menu to document.body.\n * Team Sync: Add group mapping to support team sync in the\n Generic OAuth provider.\n * Tooltip: Make active series more noticeable.\n * Tracing: Add support to configure trace to logs start and end\n time.\n * Transformations: Skip merge when there is only a single data\n frame.\n * ValueMapping: Added support for mapping text to color,\n boolean values, NaN and Null. Improved UI for value mapping.\n * Visualizations: Dynamically set any config (min, max, unit,\n color, thresholds) from query results.\n * live: Add support to handle origin without a value for the\n port when matching with root_url.\n * Alerting: Handle marshaling Inf values.\n * AzureMonitor: Fix macro resolution for template variables.\n * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes\n resources.\n * AzureMonitor: Request and concat subsequent resource pages.\n * Bug: Fix parse duration for day.\n * Datasources: Improve error handling for error messages.\n * Explore: Correct the functionality of shift-enter shortcut\n across all uses.\n * Explore: Show all dataFrames in data tab in Inspector.\n * GraphNG: Fix Tooltip mode \u0027All\u0027 for XYChart.\n * Loki: Fix highlight of logs when using filter expressions\n with backticks.\n * Modal: Force modal content to overflow with scroll.\n * Plugins: Ignore symlinked folders when verifying plugin\n signature.\n * Toolkit: Improve error messages when tasks fail.\n- Update to version 8.0.7\n- Update to version 8.0.6\n * Alerting: Add annotation upon alert state change.\n * Alerting: Allow space in label and annotation names.\n * InfluxDB: Improve legend labels for InfluxDB query results.\n * Alerting: Fix improper alert by changing the handling of\n empty labels.\n * CloudWatch/Logs: Reestablish Cloud Watch alert behavior.\n * Dashboard: Avoid migration breaking on fieldConfig without\n defaults field in folded panel.\n * DashboardList: Fix issue not re-fetching dashboard list after\n variable change.\n * Database: Fix incorrect format of isolation level\n configuration parameter for MySQL.\n * InfluxDB: Correct tag filtering on InfluxDB data.\n * Links: Fix links that caused a full page reload.\n * Live: Fix HTTP error when InfluxDB metrics have an incomplete\n or asymmetrical field set.\n * Postgres/MySQL/MSSQL: Change time field to \u0027Time\u0027 for time\n series queries.\n * Postgres: Fix the handling of a null return value in query\n * Tempo: Show hex strings instead of uints for IDs.\n * TimeSeries: Improve tooltip positioning when tooltip\n overflows.\n * Transformations: Add \u0027prepare time series\u0027 transformer.\n- Update to version 8.0.5\n * Cloudwatch Logs: Send error down to client.\n * Folders: Return 409 Conflict status when folder already\n exists.\n * TimeSeries: Do not show series in tooltip if it\u0027s hidden in\n the viz.\n * AzureMonitor: Fix issue where resource group name is missing\n on the resource picker button.\n * Chore: Fix AWS auth assuming role with workspace IAM.\n * DashboardQueryRunner: Fixes unrestrained subscriptions being\n * DateFormats: Fix reading correct setting key for\n use_browser_locale.\n * Links: Fix links to other apps outside Grafana when under sub\n path.\n * Snapshots: Fix snapshot absolute time range issue.\n * Table: Fix data link color.\n * Time Series: Fix X-axis time format when tick increment is\n larger than a year.\n * Tooltip Plugin: Prevent tooltip render if field is undefined.\n- Update to version 8.0.4\n * Live: Rely on app url for origin check.\n * PieChart: Sort legend descending, update placeholder.\n * TimeSeries panel: Do not reinitialize plot when thresholds\n mode change.\n * Elasticsearch: Allow case sensitive custom options in\n date_histogram interval.\n * Elasticsearch: Restore previous field naming strategy when\n using variables.\n * Explore: Fix import of queries between SQL data sources.\n * InfluxDB: InfluxQL query editor: fix retention policy\n handling.\n * Loki: Send correct time range in template variable queries.\n * TimeSeries: Preserve RegExp series overrides when migrating\n from old graph panel.\n- Update to version 8.0.3\n * Alerting: Increase alertmanager_conf column if MySQL.\n * Time series/Bar chart panel: Handle infinite numbers as nulls\n when converting to plot array.\n * TimeSeries: Ensure series overrides that contain color are\n migrated, and migrate the previous fieldConfig when changing\n the panel type.\n * ValueMappings: Improve singlestat value mappings migration.\n * Annotations: Fix annotation line and marker colors.\n * AzureMonitor: Fix KQL template variable queries without\n default workspace.\n * CloudWatch/Logs: Fix missing response data for log queries.\n * LibraryPanels: Fix crash in library panels list when panel\n plugin is not found.\n * LogsPanel: Fix performance drop when moving logs panel in\n * Loki: Parse log levels when ANSI coloring is enabled.\n * MSSQL: Fix issue with hidden queries still being executed.\n * PanelEdit: Display the VisualizationPicker that was not\n displayed if a panel has an unknown panel plugin.\n * Plugins: Fix loading symbolically linked plugins.\n * Prometheus: Fix issue where legend name was replaced with\n name Value in stat and gauge panels.\n * State Timeline: Fix crash when hovering over panel.\n- Update to version 8.0.2\n * Datasource: Add support for max_conns_per_host in dataproxy\n settings.\n * Configuration: Fix changing org preferences in FireFox.\n * PieChart: Fix legend dimension limits.\n * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.\n * Variables: Hide default data source if missing from regex.\n- Update to version 8.0.1\n * Alerting/SSE: Fix \u0027count_non_null\u0027 reducer validation.\n * Cloudwatch: Fix duplicated time series.\n * Cloudwatch: Fix missing defaultRegion.\n * Dashboard: Fix Dashboard init failed error on dashboards with\n old singlestat panels in collapsed rows.\n * Datasource: Fix storing timeout option as numeric.\n * Postgres/MySQL/MSSQL: Fix annotation parsing for empty\n * Postgres/MySQL/MSSQL: Numeric/non-string values are now\n returned from query variables.\n * Postgres: Fix an error that was thrown when the annotation\n query did not return any results.\n * StatPanel: Fix an issue with the appearance of the graph when\n switching color mode.\n * Visualizations: Fix an issue in the\n Stat/BarGauge/Gauge/PieChart panels where all values mode\n were showing the same name if they had the same value.\n * Toolkit: Resolve external fonts when Grafana is served from a\n sub path.\n- Update to version 8.0.0\n * The following endpoints were deprecated for Grafana v5.0 and\n support for them has now been removed:\n GET /dashboards/db/:slug\n GET /dashboard-solo/db/:slug\n GET /api/dashboard/db/:slug\n DELETE /api/dashboards/db/:slug\n * AzureMonitor: Require default subscription for workspaces()\n template variable query.\n * AzureMonitor: Use resource type display names in the UI.\n * Dashboard: Remove support for loading and deleting dashboard\n by slug.\n * InfluxDB: Deprecate direct browser access in data source.\n * VizLegend: Add a read-only property.\n * AzureMonitor: Fix Azure Resource Graph queries in Azure\n China.\n * Checkbox: Fix vertical layout issue with checkboxes due to\n fixed height.\n * Dashboard: Fix Table view when editing causes the panel data\n to not update.\n * Dashboard: Fix issues where unsaved-changes warning is not\n displayed.\n * Login: Fixes Unauthorized message showing when on login page\n or snapshot page.\n * NodeGraph: Fix sorting markers in grid view.\n * Short URL: Include orgId in generated short URLs.\n * Variables: Support raw values of boolean type.\n- Update to version 8.0.0-beta3\n * The default HTTP method for Prometheus data source is now\n POST.\n * API: Support folder UID in dashboards API.\n * Alerting: Add support for configuring avatar URL for the\n Discord notifier.\n * Alerting: Clarify that Threema Gateway Alerts support only\n Basic IDs.\n * Azure: Expose Azure settings to external plugins.\n * AzureMonitor: Deprecate using separate credentials for Azure\n Monitor Logs.\n * AzureMonitor: Display variables in resource picker for Azure\n * AzureMonitor: Hide application insights for data sources not\n using it.\n * AzureMonitor: Support querying subscriptions and resource\n groups in Azure Monitor Logs.\n * AzureMonitor: remove requirement for default subscription.\n * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.\n * CloudWatch: Add missing AWS AppSync metrics.\n * ConfirmModal: Auto focus delete button.\n * Explore: Add caching for queries that are run from logs\n * Loki: Add formatting for annotations.\n * Loki: Bring back processed bytes as meta information.\n * NodeGraph: Display node graph collapsed by default with trace\n view.\n * Overrides: Include a manual override option to hide something\n from visualization.\n * PieChart: Support row data in pie charts.\n * Prometheus: Update default HTTP method to POST for existing\n data sources.\n * Time series panel: Position tooltip correctly when window is\n scrolled or resized.\n * Admin: Fix infinite loading edit on the profile page.\n * Color: Fix issues with random colors in string and date\n * Dashboard: Fix issue with title or folder change has no\n effect after exiting settings view.\n * DataLinks: Fix an issue __series.name is not working in data\n link.\n * Datasource: Fix dataproxy timeout should always be applied\n for outgoing data source HTTP requests.\n * Elasticsearch: Fix NewClient not passing httpClientProvider\n to client impl.\n * Explore: Fix Browser title not updated on Navigation to\n Explore.\n * GraphNG: Remove fieldName and hideInLegend properties from\n UPlotSeriesBuilder.\n * OAuth: Fix fallback to auto_assign_org_role setting for Azure\n AD OAuth when no role claims exists.\n * PanelChrome: Fix issue with empty panel after adding a non\n data panel and coming back from panel edit.\n * StatPanel: Fix data link tooltip not showing for single\n value.\n * Table: Fix sorting for number fields.\n * Table: Have text underline for datalink, and add support for\n image datalink.\n * Transformations: Prevent FilterByValue transform from\n crashing panel edit.\n- Update to version 8.0.0-beta2\n * AppPlugins: Expose react-router to apps.\n * AzureMonitor: Add Azure Resource Graph.\n * AzureMonitor: Managed Identity configuration UI.\n * AzureMonitor: Token provider with support for Managed\n Identities.\n * AzureMonitor: Update Logs workspace() template variable query\n to return resource URIs.\n * BarChart: Value label sizing.\n * CloudMonitoring: Add support for preprocessing.\n * CloudWatch: Add AWS/EFS StorageBytes metric.\n * CloudWatch: Allow use of missing AWS namespaces using custom\n * Datasource: Shared HTTP client provider for core backend data\n sources and any data source using the data source proxy.\n * InfluxDB: InfluxQL: allow empty tag values in the query\n editor.\n * Instrumentation: Instrument incoming HTTP request with\n histograms by default.\n * Library Panels: Add name endpoint \u0026 unique name validation to\n AddLibraryPanelModal.\n * Logs panel: Support details view.\n * PieChart: Always show the calculation options dropdown in the\n * PieChart: Remove beta flag.\n * Plugins: Enforce signing for all plugins.\n * Plugins: Remove support for deprecated backend plugin\n protocol version.\n * Tempo/Jaeger: Add better display name to legend.\n * Timeline: Add time range zoom.\n * Timeline: Adds opacity \u0026 line width option.\n * Timeline: Value text alignment option.\n * ValueMappings: Add duplicate action, and disable dismiss on\n backdrop click.\n * Zipkin: Add node graph view to trace response.\n * Annotations panel: Remove subpath from dashboard links.\n * Content Security Policy: Allow all image sources by default.\n * Content Security Policy: Relax default template wrt. loading\n of scripts, due to nonces not working.\n * Datasource: Fix tracing propagation for alert execution by\n introducing HTTP client outgoing tracing middleware.\n * InfluxDB: InfluxQL always apply time interval end.\n * Library Panels: Fixes \u0027error while loading library panels\u0027.\n * NewsPanel: Fixes rendering issue in Safari.\n * PanelChrome: Fix queries being issued again when scrolling in\n and out of view.\n * Plugins: Fix Azure token provider cache panic and auth param\n nil value.\n * Snapshots: Fix key and deleteKey being ignored when creating\n an external snapshot.\n * Table: Fix issue with cell border not showing with colored\n background cells.\n * Table: Makes tooltip scrollable for long JSON values.\n * TimeSeries: Fix for Connected null values threshold toggle\n during panel editing.\n * Variables: Fixes inconsistent selected states on dashboard\n * Variables: Refreshes all panels even if panel is full screen.\n * QueryField: Remove carriage return character from pasted text.\n- Update to version 8.0.0-beta1\n + License update:\n * AGPL License: Update license from Apache 2.0 to the GNU\n Affero General Public License (AGPL).\n * Removes the never refresh option for Query variables.\n * Removes the experimental Tags feature for Variables.\n + Deprecations:\n * The InfoBox \u0026 FeatureInfoBox are now deprecated please use\n the Alert component instead with severity info.\n * API: Add org users with pagination.\n * API: Return 404 when deleting nonexistent API key.\n * API: Return query results as JSON rather than base64 encoded\n Arrow.\n * Alerting: Allow sending notification tags to Opsgenie as\n extra properties.\n * Alerts: Replaces all uses of InfoBox \u0026 FeatureInfoBox with\n Alert.\n * Auth: Add support for JWT Authentication.\n * AzureMonitor: Add support for\n Microsoft.SignalRService/SignalR metrics.\n * AzureMonitor: Azure settings in Grafana server config.\n * AzureMonitor: Migrate Metrics query editor to React.\n * BarChart panel: enable series toggling via legend.\n * BarChart panel: Adds support for Tooltip in BarChartPanel.\n * PieChart panel: Change look of highlighted pie slices.\n * CloudMonitoring: Migrate config editor from angular to react.\n * CloudWatch: Add Amplify Console metrics and dimensions.\n * CloudWatch: Add missing Redshift metrics to CloudWatch data\n * CloudWatch: Add metrics for managed RabbitMQ service.\n * DashboardList: Enable templating on search tag input.\n * Datasource config: correctly remove single custom http\n header.\n * Elasticsearch: Add generic support for template variables.\n * Elasticsearch: Allow omitting field when metric supports\n inline script.\n * Elasticsearch: Allow setting a custom limit for log queries.\n * Elasticsearch: Guess field type from first non-empty value.\n * Elasticsearch: Use application/x-ndjson content type for\n multisearch requests.\n * Elasticsearch: Use semver strings to identify ES version.\n * Explore: Add logs navigation to request more logs.\n * Explore: Map Graphite queries to Loki.\n * Explore: Scroll split panes in Explore independently.\n * Explore: Wrap each panel in separate error boundary.\n * FieldDisplay: Smarter naming of stat values when visualising\n row values (all values) in stat panels.\n * Graphite: Expand metric names for variables.\n * Graphite: Handle unknown Graphite functions without breaking\n the visual editor.\n * Graphite: Show graphite functions descriptions.\n * Graphite: Support request cancellation properly (Uses new\n backendSrv.fetch Observable request API).\n * InfluxDB: Flux: Improve handling of complex\n response-structures.\n * InfluxDB: Support region annotations.\n * Inspector: Download logs for manual processing.\n * Jaeger: Add node graph view for trace.\n * Jaeger: Search traces.\n * Loki: Use data source settings for alerting queries.\n * NodeGraph: Exploration mode.\n * OAuth: Add support for empty scopes.\n * PanelChrome: New logic-less emotion based component with no\n dependency on PanelModel or DashboardModel.\n * PanelEdit: Adds a table view toggle to quickly view data in\n table form.\n * PanelEdit: Highlight matched words when searching options.\n * PanelEdit: UX improvements.\n * Plugins: PanelRenderer and simplified QueryRunner to be used\n from plugins.\n * Plugins: AuthType in route configuration and params\n interpolation.\n * Plugins: Enable plugin runtime install/uninstall\n capabilities.\n * Plugins: Support set body content in plugin routes.\n * Plugins: Introduce marketplace app.\n * Plugins: Moving the DataSourcePicker to grafana/runtime so it\n can be reused in plugins.\n * Prometheus: Add custom query params for alert and exemplars\n * Prometheus: Use fuzzy string matching to autocomplete metric\n names and label.\n * Routing: Replace Angular routing with react-router.\n * Slack: Use chat.postMessage API by default.\n * Tempo: Search for Traces by querying Loki directly from\n Tempo.\n * Tempo: Show graph view of the trace.\n * Themes: Switch theme without reload using global shortcut.\n * TimeSeries panel: Add support for shared cursor.\n * TimeSeries panel: Do not crash the panel if there is no time\n series data in the response.\n * Variables: Do not save repeated panels, rows and scopedVars.\n * Variables: Removes experimental Tags feature.\n * Variables: Removes the never refresh option.\n * Visualizations: Unify tooltip options across visualizations.\n * Visualizations: Refactor and unify option creation between\n new visualizations.\n * Visualizations: Remove singlestat panel.\n * APIKeys: Fixes issue with adding first api key.\n * Alerting: Add checks for non supported units - disable\n defaulting to seconds.\n * Alerting: Fix issue where Slack notifications won\u0027t link to\n user IDs.\n * Alerting: Omit empty message in PagerDuty notifier.\n * AzureMonitor: Fix migration error from older versions of App\n Insights queries.\n * CloudWatch: Fix AWS/Connect dimensions.\n * CloudWatch: Fix broken AWS/MediaTailor dimension name.\n * Dashboards: Allow string manipulation as advanced variable\n format option.\n * DataLinks: Includes harmless extended characters like\n Cyrillic characters.\n * Drawer: Fixes title overflowing its container.\n * Explore: Fix issue when some query errors were not shown.\n * Generic OAuth: Prevent adding duplicated users.\n * Graphite: Handle invalid annotations.\n * Graphite: Fix autocomplete when tags are not available.\n * InfluxDB: Fix Cannot read property \u0027length\u0027 of undefined in\n when parsing response.\n * Instrumentation: Enable tracing when Jaeger host and port are\n * Instrumentation: Prefix metrics with grafana.\n * MSSQL: By default let driver choose port.\n * OAuth: Add optional strict parsing of role_attribute_path.\n * Panel: Fixes description markdown with inline code being\n rendered on newlines and full width.\n * PanelChrome: Ignore data updates \u0026 errors for non data\n panels.\n * Permissions: Fix inherited folder permissions can prevent new\n permissions being added to a dashboard.\n * Plugins: Remove pre-existing plugin installs when installing\n with grafana-cli.\n * Plugins: Support installing to folders with whitespace and\n fix pluginUrl trailing and leading whitespace failures.\n * Postgres/MySQL/MSSQL: Don\u0027t return connection failure details\n to the client.\n * Postgres: Fix ms precision of interval in time group macro\n when TimescaleDB is enabled.\n * Provisioning: Use dashboard checksum field as change\n indicator.\n * SQL: Fix so that all captured errors are returned from sql\n engine.\n * Shortcuts: Fixes panel shortcuts so they always work.\n * Table: Fixes so border is visible for cells with links.\n * Variables: Clear query when data source type changes.\n * Variables: Filters out builtin variables from unknown list.\n * Button: Introduce buttonStyle prop.\n * DataQueryRequest: Remove deprecated props showingGraph and\n showingTabel and exploreMode.\n * grafana/ui: Update React Hook Form to v7.\n * IconButton: Introduce variant for red and blue icon buttons.\n * Plugins: Expose the getTimeZone function to be able to get\n the current selected timeZone.\n * TagsInput: Add className to TagsInput.\n * VizLegend: Move onSeriesColorChanged to PanelContext\n (breaking change).\n- Update to version 7.5.13\n * Alerting: Fix NoDataFound for alert rules using AND operator.\n\nmgr-cfg:\n\n- Version 4.3.6-1\n * Corrected source URL in spec file\n * Fix installation problem for SLE15SP4 due missing python-selinux\n * Fix python selinux package name depending on build target (bsc#1193600)\n * Do not build python 2 package for SLE15SP4 and higher\n * Remove unused legacy code\n\nmgr-custom-info:\n\n- Version 4.3.3-1\n * Remove unused legacy code\n\nmgr-daemon:\n\n- Version 4.3.4-1\n * Corrected source URLs in spec file\n * Update translation strings\n\nmgr-osad:\n\n- Version 4.3.6-1\n * Corrected source URL in spec file.\n * Do not build python 2 package for SLE15SP4 and higher\n * Removed spacewalk-selinux dependencies.\n * Updated source url.\n\nmgr-push:\n\n- Version 4.3.4-1\n * Corrected source URLs in spec file\n\nmgr-virtualization:\n\n- Version 4.3.5-1\n * Corrected source URLs in spec file.\n * Do not build python 2 package for SLE15SP4 and higher\n\nprometheus-blackbox_exporter:\n\n- Enhanced to build on Enterprise Linux 8\n\nprometheus-postgres_exporter:\n\n- Updated for RHEL8.\n\npython-hwdata:\n\n- Require python macros for building\n\nrhnlib:\n\n- Version 4.3.4-1\n * Reorganize python files\n\nspacecmd:\n\n- Version 4.3.11-1\n * on full system update call schedulePackageUpdate API (bsc#1197507)\n * parse boolean paramaters correctly (bsc#1197689)\n * Add parameter to set containerized proxy SSH port\n * Add proxy config generation subcommand\n * Option \u0027org_createfirst\u0027 added to perform initial organization and user creation\n * Added gettext build requirement for RHEL.\n * Removed RHEL 5 references.\n * Include group formulas configuration in spacecmd group_backup and\n spacecmd group_restore. This changes backup format to json,\n previously used plain text is still supported for reading (bsc#1190462)\n * Update translation strings\n * Improved event history listing and added new system_eventdetails \n command to retrieve the details of an event\n * Make schedule_deletearchived to get all actions without display limit\n * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)\n\nspacewalk-client-tools:\n\n- Version 4.3.9-1\n * Corrected source URLs in spec file.\n * do not build python 2 package for SLE15\n * Remove unused legacy code\n * Update translation strings\n\nspacewalk-koan:\n\n- Version 4.3.5-1\n * Corrected source URLs in spec file.\n\nspacewalk-oscap:\n\n- Version 4.3.5-1\n * Corrected source URLs in spec file.\n * Do not build python 2 package for SLE15SP4 and higher\n\nspacewalk-remote-utils:\n\n- Version 4.3.3-1\n * Adapt the package for changes in rhnlib\n\nsupportutils-plugin-susemanager-client:\n\n- Version 4.3.2-1\n * Add proxy containers config and logs\n\nsuseRegisterInfo:\n\n- Version 4.3.3-1\n * Bump version to 4.3.0\n\nsupportutils-plugin-salt:\n\n- Add support for Salt Bundle\n\nuyuni-common-libs:\n\n- Version 4.3.4-1\n * implement more decompression algorithms for reposync (bsc#1196704)\n * Reorganize python files\n * Add decompression of zck files to fileutils\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2022-2134,SUSE-2022-2134,SUSE-OpenStack-Cloud-8-2022-2134,SUSE-OpenStack-Cloud-9-2022-2134,SUSE-OpenStack-Cloud-Crowbar-8-2022-2134,SUSE-OpenStack-Cloud-Crowbar-9-2022-2134,SUSE-SLE-Manager-Tools-12-2022-2134,SUSE-SLE-SAP-12-SP3-2022-2134,SUSE-SLE-SAP-12-SP4-2022-2134,SUSE-SLE-SERVER-12-SP3-2022-2134,SUSE-SLE-SERVER-12-SP3-BCL-2022-2134,SUSE-SLE-SERVER-12-SP4-LTSS-2022-2134,SUSE-SLE-SERVER-12-SP5-2022-2134",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2134-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2134-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222134-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2134-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011316.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181223",
"url": "https://bugzilla.suse.com/1181223"
},
{
"category": "self",
"summary": "SUSE Bug 1181400",
"url": "https://bugzilla.suse.com/1181400"
},
{
"category": "self",
"summary": "SUSE Bug 1190462",
"url": "https://bugzilla.suse.com/1190462"
},
{
"category": "self",
"summary": "SUSE Bug 1190535",
"url": "https://bugzilla.suse.com/1190535"
},
{
"category": "self",
"summary": "SUSE Bug 1193600",
"url": "https://bugzilla.suse.com/1193600"
},
{
"category": "self",
"summary": "SUSE Bug 1194873",
"url": "https://bugzilla.suse.com/1194873"
},
{
"category": "self",
"summary": "SUSE Bug 1195726",
"url": "https://bugzilla.suse.com/1195726"
},
{
"category": "self",
"summary": "SUSE Bug 1195727",
"url": "https://bugzilla.suse.com/1195727"
},
{
"category": "self",
"summary": "SUSE Bug 1195728",
"url": "https://bugzilla.suse.com/1195728"
},
{
"category": "self",
"summary": "SUSE Bug 1196338",
"url": "https://bugzilla.suse.com/1196338"
},
{
"category": "self",
"summary": "SUSE Bug 1196704",
"url": "https://bugzilla.suse.com/1196704"
},
{
"category": "self",
"summary": "SUSE Bug 1197507",
"url": "https://bugzilla.suse.com/1197507"
},
{
"category": "self",
"summary": "SUSE Bug 1197689",
"url": "https://bugzilla.suse.com/1197689"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36222 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3711 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39226 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41174 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41244 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43798 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43813 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43815 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21698 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21713/"
}
],
"title": "Security update for SUSE Manager Client Tools",
"tracking": {
"current_release_date": "2022-06-20T11:42:14Z",
"generator": {
"date": "2022-06-20T11:42:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2134-1",
"initial_release_date": "2022-06-20T11:42:14Z",
"revision_history": [
{
"date": "2022-06-20T11:42:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"product": {
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"product_id": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"product_id": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64"
}
},
{
"category": "product_version",
"name": "grafana-8.3.5-1.30.3.aarch64",
"product": {
"name": "grafana-8.3.5-1.30.3.aarch64",
"product_id": "grafana-8.3.5-1.30.3.aarch64"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"product": {
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"product_id": "prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"product": {
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"product_id": "prometheus-postgres_exporter-0.10.0-1.8.2.aarch64"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"product": {
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"product_id": "python2-uyuni-common-libs-4.3.4-1.21.3.aarch64"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.3.2-1.6.1.aarch64",
"product": {
"name": "uyuni-base-common-4.3.2-1.6.1.aarch64",
"product_id": "uyuni-base-common-4.3.2-1.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.3.2-1.6.1.aarch64",
"product": {
"name": "uyuni-base-proxy-4.3.2-1.6.1.aarch64",
"product_id": "uyuni-base-proxy-4.3.2-1.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.3.2-1.6.1.aarch64",
"product": {
"name": "uyuni-base-server-4.3.2-1.6.1.aarch64",
"product_id": "uyuni-base-server-4.3.2-1.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "wire-0.5.0-1.3.3.aarch64",
"product": {
"name": "wire-0.5.0-1.3.3.aarch64",
"product_id": "wire-0.5.0-1.3.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.i586",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.i586",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.i586",
"product": {
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.i586",
"product_id": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.i586",
"product": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.i586",
"product_id": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.i586"
}
},
{
"category": "product_version",
"name": "grafana-8.3.5-1.30.3.i586",
"product": {
"name": "grafana-8.3.5-1.30.3.i586",
"product_id": "grafana-8.3.5-1.30.3.i586"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.i586",
"product": {
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.i586",
"product_id": "prometheus-blackbox_exporter-0.19.0-1.8.2.i586"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.i586",
"product": {
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.i586",
"product_id": "prometheus-postgres_exporter-0.10.0-1.8.2.i586"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.i586",
"product": {
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.i586",
"product_id": "python2-uyuni-common-libs-4.3.4-1.21.3.i586"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.3.2-1.6.1.i586",
"product": {
"name": "uyuni-base-common-4.3.2-1.6.1.i586",
"product_id": "uyuni-base-common-4.3.2-1.6.1.i586"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.3.2-1.6.1.i586",
"product": {
"name": "uyuni-base-proxy-4.3.2-1.6.1.i586",
"product_id": "uyuni-base-proxy-4.3.2-1.6.1.i586"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.3.2-1.6.1.i586",
"product": {
"name": "uyuni-base-server-4.3.2-1.6.1.i586",
"product_id": "uyuni-base-server-4.3.2-1.6.1.i586"
}
},
{
"category": "product_version",
"name": "wire-0.5.0-1.3.3.i586",
"product": {
"name": "wire-0.5.0-1.3.3.i586",
"product_id": "wire-0.5.0-1.3.3.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "mgr-cfg-4.3.6-1.27.4.noarch",
"product": {
"name": "mgr-cfg-4.3.6-1.27.4.noarch",
"product_id": "mgr-cfg-4.3.6-1.27.4.noarch"
}
},
{
"category": "product_version",
"name": "mgr-cfg-actions-4.3.6-1.27.4.noarch",
"product": {
"name": "mgr-cfg-actions-4.3.6-1.27.4.noarch",
"product_id": "mgr-cfg-actions-4.3.6-1.27.4.noarch"
}
},
{
"category": "product_version",
"name": "mgr-cfg-client-4.3.6-1.27.4.noarch",
"product": {
"name": "mgr-cfg-client-4.3.6-1.27.4.noarch",
"product_id": "mgr-cfg-client-4.3.6-1.27.4.noarch"
}
},
{
"category": "product_version",
"name": "mgr-cfg-management-4.3.6-1.27.4.noarch",
"product": {
"name": "mgr-cfg-management-4.3.6-1.27.4.noarch",
"product_id": "mgr-cfg-management-4.3.6-1.27.4.noarch"
}
},
{
"category": "product_version",
"name": "mgr-custom-info-4.3.3-1.18.1.noarch",
"product": {
"name": "mgr-custom-info-4.3.3-1.18.1.noarch",
"product_id": "mgr-custom-info-4.3.3-1.18.1.noarch"
}
},
{
"category": "product_version",
"name": "mgr-daemon-4.3.4-1.32.3.noarch",
"product": {
"name": "mgr-daemon-4.3.4-1.32.3.noarch",
"product_id": "mgr-daemon-4.3.4-1.32.3.noarch"
}
},
{
"category": "product_version",
"name": "mgr-osa-dispatcher-4.3.6-1.39.4.noarch",
"product": {
"name": "mgr-osa-dispatcher-4.3.6-1.39.4.noarch",
"product_id": "mgr-osa-dispatcher-4.3.6-1.39.4.noarch"
}
},
{
"category": "product_version",
"name": "mgr-osad-4.3.6-1.39.4.noarch",
"product": {
"name": "mgr-osad-4.3.6-1.39.4.noarch",
"product_id": "mgr-osad-4.3.6-1.39.4.noarch"
}
},
{
"category": "product_version",
"name": "mgr-push-4.3.4-1.21.4.noarch",
"product": {
"name": "mgr-push-4.3.4-1.21.4.noarch",
"product_id": "mgr-push-4.3.4-1.21.4.noarch"
}
},
{
"category": "product_version",
"name": "mgr-virtualization-host-4.3.5-1.29.3.noarch",
"product": {
"name": "mgr-virtualization-host-4.3.5-1.29.3.noarch",
"product_id": "mgr-virtualization-host-4.3.5-1.29.3.noarch"
}
},
{
"category": "product_version",
"name": "python2-hwdata-2.3.5-12.9.1.noarch",
"product": {
"name": "python2-hwdata-2.3.5-12.9.1.noarch",
"product_id": "python2-hwdata-2.3.5-12.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-mgr-cfg-4.3.6-1.27.4.noarch",
"product": {
"name": "python2-mgr-cfg-4.3.6-1.27.4.noarch",
"product_id": "python2-mgr-cfg-4.3.6-1.27.4.noarch"
}
},
{
"category": "product_version",
"name": "python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"product": {
"name": "python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"product_id": "python2-mgr-cfg-actions-4.3.6-1.27.4.noarch"
}
},
{
"category": "product_version",
"name": "python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"product": {
"name": "python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"product_id": "python2-mgr-cfg-client-4.3.6-1.27.4.noarch"
}
},
{
"category": "product_version",
"name": "python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"product": {
"name": "python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"product_id": "python2-mgr-cfg-management-4.3.6-1.27.4.noarch"
}
},
{
"category": "product_version",
"name": "python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"product": {
"name": "python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"product_id": "python2-mgr-osa-common-4.3.6-1.39.4.noarch"
}
},
{
"category": "product_version",
"name": "python2-mgr-osa-dispatcher-4.3.6-1.39.4.noarch",
"product": {
"name": "python2-mgr-osa-dispatcher-4.3.6-1.39.4.noarch",
"product_id": "python2-mgr-osa-dispatcher-4.3.6-1.39.4.noarch"
}
},
{
"category": "product_version",
"name": "python2-mgr-osad-4.3.6-1.39.4.noarch",
"product": {
"name": "python2-mgr-osad-4.3.6-1.39.4.noarch",
"product_id": "python2-mgr-osad-4.3.6-1.39.4.noarch"
}
},
{
"category": "product_version",
"name": "python2-mgr-push-4.3.4-1.21.4.noarch",
"product": {
"name": "python2-mgr-push-4.3.4-1.21.4.noarch",
"product_id": "python2-mgr-push-4.3.4-1.21.4.noarch"
}
},
{
"category": "product_version",
"name": "python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"product": {
"name": "python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"product_id": "python2-mgr-virtualization-common-4.3.5-1.29.3.noarch"
}
},
{
"category": "product_version",
"name": "python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"product": {
"name": "python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"product_id": "python2-mgr-virtualization-host-4.3.5-1.29.3.noarch"
}
},
{
"category": "product_version",
"name": "python2-rhnlib-4.3.4-21.43.3.noarch",
"product": {
"name": "python2-rhnlib-4.3.4-21.43.3.noarch",
"product_id": "python2-rhnlib-4.3.4-21.43.3.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-check-4.3.9-52.71.3.noarch",
"product": {
"name": "python2-spacewalk-check-4.3.9-52.71.3.noarch",
"product_id": "python2-spacewalk-check-4.3.9-52.71.3.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"product": {
"name": "python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"product_id": "python2-spacewalk-client-setup-4.3.9-52.71.3.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"product": {
"name": "python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"product_id": "python2-spacewalk-client-tools-4.3.9-52.71.3.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"product": {
"name": "python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"product_id": "python2-spacewalk-koan-4.3.5-24.33.3.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"product": {
"name": "python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"product_id": "python2-spacewalk-oscap-4.3.5-19.27.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"product": {
"name": "python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"product_id": "python2-suseRegisterInfo-4.3.3-25.27.3.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-4.3.11-38.103.3.noarch",
"product": {
"name": "spacecmd-4.3.11-38.103.3.noarch",
"product_id": "spacecmd-4.3.11-38.103.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-check-4.3.9-52.71.3.noarch",
"product": {
"name": "spacewalk-check-4.3.9-52.71.3.noarch",
"product_id": "spacewalk-check-4.3.9-52.71.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-setup-4.3.9-52.71.3.noarch",
"product": {
"name": "spacewalk-client-setup-4.3.9-52.71.3.noarch",
"product_id": "spacewalk-client-setup-4.3.9-52.71.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-tools-4.3.9-52.71.3.noarch",
"product": {
"name": "spacewalk-client-tools-4.3.9-52.71.3.noarch",
"product_id": "spacewalk-client-tools-4.3.9-52.71.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-koan-4.3.5-24.33.3.noarch",
"product": {
"name": "spacewalk-koan-4.3.5-24.33.3.noarch",
"product_id": "spacewalk-koan-4.3.5-24.33.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-oscap-4.3.5-19.27.1.noarch",
"product": {
"name": "spacewalk-oscap-4.3.5-19.27.1.noarch",
"product_id": "spacewalk-oscap-4.3.5-19.27.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"product": {
"name": "spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"product_id": "spacewalk-remote-utils-4.3.3-24.24.3.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"product": {
"name": "supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"product_id": "supportutils-plugin-salt-1.2.0-6.16.1.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"product": {
"name": "supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"product_id": "supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch"
}
},
{
"category": "product_version",
"name": "suseRegisterInfo-4.3.3-25.27.3.noarch",
"product": {
"name": "suseRegisterInfo-4.3.3-25.27.3.noarch",
"product_id": "suseRegisterInfo-4.3.3-25.27.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"product": {
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"product_id": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"product": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"product_id": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le"
}
},
{
"category": "product_version",
"name": "grafana-8.3.5-1.30.3.ppc64le",
"product": {
"name": "grafana-8.3.5-1.30.3.ppc64le",
"product_id": "grafana-8.3.5-1.30.3.ppc64le"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"product": {
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"product_id": "prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"product": {
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"product_id": "prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"product": {
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"product_id": "python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.3.2-1.6.1.ppc64le",
"product": {
"name": "uyuni-base-common-4.3.2-1.6.1.ppc64le",
"product_id": "uyuni-base-common-4.3.2-1.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.3.2-1.6.1.ppc64le",
"product": {
"name": "uyuni-base-proxy-4.3.2-1.6.1.ppc64le",
"product_id": "uyuni-base-proxy-4.3.2-1.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.3.2-1.6.1.ppc64le",
"product": {
"name": "uyuni-base-server-4.3.2-1.6.1.ppc64le",
"product_id": "uyuni-base-server-4.3.2-1.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "wire-0.5.0-1.3.3.ppc64le",
"product": {
"name": "wire-0.5.0-1.3.3.ppc64le",
"product_id": "wire-0.5.0-1.3.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.s390",
"product": {
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.s390",
"product_id": "python2-uyuni-common-libs-4.3.4-1.21.3.s390"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.3.2-1.6.1.s390",
"product": {
"name": "uyuni-base-common-4.3.2-1.6.1.s390",
"product_id": "uyuni-base-common-4.3.2-1.6.1.s390"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.3.2-1.6.1.s390",
"product": {
"name": "uyuni-base-proxy-4.3.2-1.6.1.s390",
"product_id": "uyuni-base-proxy-4.3.2-1.6.1.s390"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.3.2-1.6.1.s390",
"product": {
"name": "uyuni-base-server-4.3.2-1.6.1.s390",
"product_id": "uyuni-base-server-4.3.2-1.6.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"product": {
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"product_id": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"product": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"product_id": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x"
}
},
{
"category": "product_version",
"name": "grafana-8.3.5-1.30.3.s390x",
"product": {
"name": "grafana-8.3.5-1.30.3.s390x",
"product_id": "grafana-8.3.5-1.30.3.s390x"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"product": {
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"product_id": "prometheus-blackbox_exporter-0.19.0-1.8.2.s390x"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"product": {
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"product_id": "prometheus-postgres_exporter-0.10.0-1.8.2.s390x"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"product": {
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"product_id": "python2-uyuni-common-libs-4.3.4-1.21.3.s390x"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.3.2-1.6.1.s390x",
"product": {
"name": "uyuni-base-common-4.3.2-1.6.1.s390x",
"product_id": "uyuni-base-common-4.3.2-1.6.1.s390x"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.3.2-1.6.1.s390x",
"product": {
"name": "uyuni-base-proxy-4.3.2-1.6.1.s390x",
"product_id": "uyuni-base-proxy-4.3.2-1.6.1.s390x"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.3.2-1.6.1.s390x",
"product": {
"name": "uyuni-base-server-4.3.2-1.6.1.s390x",
"product_id": "uyuni-base-server-4.3.2-1.6.1.s390x"
}
},
{
"category": "product_version",
"name": "wire-0.5.0-1.3.3.s390x",
"product": {
"name": "wire-0.5.0-1.3.3.s390x",
"product_id": "wire-0.5.0-1.3.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"product_id": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"product": {
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"product_id": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64"
}
},
{
"category": "product_version",
"name": "grafana-8.3.5-1.30.3.x86_64",
"product": {
"name": "grafana-8.3.5-1.30.3.x86_64",
"product_id": "grafana-8.3.5-1.30.3.x86_64"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"product": {
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"product_id": "prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"product": {
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"product_id": "prometheus-postgres_exporter-0.10.0-1.8.2.x86_64"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"product": {
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"product_id": "python2-uyuni-common-libs-4.3.4-1.21.3.x86_64"
}
},
{
"category": "product_version",
"name": "uyuni-base-common-4.3.2-1.6.1.x86_64",
"product": {
"name": "uyuni-base-common-4.3.2-1.6.1.x86_64",
"product_id": "uyuni-base-common-4.3.2-1.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "uyuni-base-proxy-4.3.2-1.6.1.x86_64",
"product": {
"name": "uyuni-base-proxy-4.3.2-1.6.1.x86_64",
"product_id": "uyuni-base-proxy-4.3.2-1.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "uyuni-base-server-4.3.2-1.6.1.x86_64",
"product": {
"name": "uyuni-base-server-4.3.2-1.6.1.x86_64",
"product_id": "uyuni-base-server-4.3.2-1.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "wire-0.5.0-1.3.3.x86_64",
"product": {
"name": "wire-0.5.0-1.3.3.x86_64",
"product_id": "wire-0.5.0-1.3.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools 12",
"product": {
"name": "SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12"
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le"
},
"product_reference": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x"
},
"product_reference": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-1.30.3.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64"
},
"product_reference": "grafana-8.3.5-1.30.3.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-1.30.3.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le"
},
"product_reference": "grafana-8.3.5-1.30.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-1.30.3.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x"
},
"product_reference": "grafana-8.3.5-1.30.3.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.3.5-1.30.3.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64"
},
"product_reference": "grafana-8.3.5-1.30.3.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-cfg-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch"
},
"product_reference": "mgr-cfg-4.3.6-1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-cfg-actions-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch"
},
"product_reference": "mgr-cfg-actions-4.3.6-1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-cfg-client-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch"
},
"product_reference": "mgr-cfg-client-4.3.6-1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-cfg-management-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch"
},
"product_reference": "mgr-cfg-management-4.3.6-1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-custom-info-4.3.3-1.18.1.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch"
},
"product_reference": "mgr-custom-info-4.3.3-1.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-daemon-4.3.4-1.32.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch"
},
"product_reference": "mgr-daemon-4.3.4-1.32.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-osad-4.3.6-1.39.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch"
},
"product_reference": "mgr-osad-4.3.6-1.39.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-push-4.3.4-1.21.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch"
},
"product_reference": "mgr-push-4.3.4-1.21.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-virtualization-host-4.3.5-1.29.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch"
},
"product_reference": "mgr-virtualization-host-4.3.5-1.29.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le"
},
"product_reference": "prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64"
},
"product_reference": "prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-hwdata-2.3.5-12.9.1.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch"
},
"product_reference": "python2-hwdata-2.3.5-12.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mgr-cfg-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch"
},
"product_reference": "python2-mgr-cfg-4.3.6-1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mgr-cfg-actions-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch"
},
"product_reference": "python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mgr-cfg-client-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch"
},
"product_reference": "python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mgr-cfg-management-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch"
},
"product_reference": "python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mgr-osa-common-4.3.6-1.39.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch"
},
"product_reference": "python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mgr-osad-4.3.6-1.39.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch"
},
"product_reference": "python2-mgr-osad-4.3.6-1.39.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mgr-push-4.3.4-1.21.4.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch"
},
"product_reference": "python2-mgr-push-4.3.4-1.21.4.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mgr-virtualization-common-4.3.5-1.29.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch"
},
"product_reference": "python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mgr-virtualization-host-4.3.5-1.29.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch"
},
"product_reference": "python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-rhnlib-4.3.4-21.43.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch"
},
"product_reference": "python2-rhnlib-4.3.4-21.43.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-spacewalk-check-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch"
},
"product_reference": "python2-spacewalk-check-4.3.9-52.71.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-spacewalk-client-setup-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch"
},
"product_reference": "python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-spacewalk-client-tools-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch"
},
"product_reference": "python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-spacewalk-koan-4.3.5-24.33.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch"
},
"product_reference": "python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-spacewalk-oscap-4.3.5-19.27.1.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch"
},
"product_reference": "python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-suseRegisterInfo-4.3.3-25.27.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch"
},
"product_reference": "python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64"
},
"product_reference": "python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le"
},
"product_reference": "python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x"
},
"product_reference": "python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64"
},
"product_reference": "python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.3.11-38.103.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch"
},
"product_reference": "spacecmd-4.3.11-38.103.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-check-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch"
},
"product_reference": "spacewalk-check-4.3.9-52.71.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-setup-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch"
},
"product_reference": "spacewalk-client-setup-4.3.9-52.71.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch"
},
"product_reference": "spacewalk-client-tools-4.3.9-52.71.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-koan-4.3.5-24.33.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch"
},
"product_reference": "spacewalk-koan-4.3.5-24.33.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-oscap-4.3.5-19.27.1.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch"
},
"product_reference": "spacewalk-oscap-4.3.5-19.27.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-remote-utils-4.3.3-24.24.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch"
},
"product_reference": "spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-plugin-salt-1.2.0-6.16.1.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch"
},
"product_reference": "supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch"
},
"product_reference": "supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suseRegisterInfo-4.3.3-25.27.3.noarch as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch"
},
"product_reference": "suseRegisterInfo-4.3.3-25.27.3.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36222"
}
],
"notes": [
{
"category": "general",
"text": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36222",
"url": "https://www.suse.com/security/cve/CVE-2021-36222"
},
{
"category": "external",
"summary": "SUSE Bug 1188571 for CVE-2021-36222",
"url": "https://bugzilla.suse.com/1188571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "important"
}
],
"title": "CVE-2021-36222"
},
{
"cve": "CVE-2021-3711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3711"
}
],
"notes": [
{
"category": "general",
"text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3711",
"url": "https://www.suse.com/security/cve/CVE-2021-3711"
},
{
"category": "external",
"summary": "SUSE Bug 1189520 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1189520"
},
{
"category": "external",
"summary": "SUSE Bug 1190129 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1190129"
},
{
"category": "external",
"summary": "SUSE Bug 1192100 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1192100"
},
{
"category": "external",
"summary": "SUSE Bug 1205663 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1205663"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "critical"
}
],
"title": "CVE-2021-3711"
},
{
"cve": "CVE-2021-39226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39226"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39226",
"url": "https://www.suse.com/security/cve/CVE-2021-39226"
},
{
"category": "external",
"summary": "SUSE Bug 1191454 for CVE-2021-39226",
"url": "https://bugzilla.suse.com/1191454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "important"
}
],
"title": "CVE-2021-39226"
},
{
"cve": "CVE-2021-41174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41174"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim\u0027s browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(\u0027alert(1)\u0027)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41174",
"url": "https://www.suse.com/security/cve/CVE-2021-41174"
},
{
"category": "external",
"summary": "SUSE Bug 1192383 for CVE-2021-41174",
"url": "https://bugzilla.suse.com/1192383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2021-41174"
},
{
"cve": "CVE-2021-41244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41244"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users\u0027 roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users\u0027 roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41244",
"url": "https://www.suse.com/security/cve/CVE-2021-41244"
},
{
"category": "external",
"summary": "SUSE Bug 1192763 for CVE-2021-41244",
"url": "https://bugzilla.suse.com/1192763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "critical"
}
],
"title": "CVE-2021-41244"
},
{
"cve": "CVE-2021-43798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43798"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `\u003cgrafana_host_url\u003e/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43798",
"url": "https://www.suse.com/security/cve/CVE-2021-43798"
},
{
"category": "external",
"summary": "SUSE Bug 1193492 for CVE-2021-43798",
"url": "https://bugzilla.suse.com/1193492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "important"
}
],
"title": "CVE-2021-43798"
},
{
"cve": "CVE-2021-43813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43813"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43813",
"url": "https://www.suse.com/security/cve/CVE-2021-43813"
},
{
"category": "external",
"summary": "SUSE Bug 1193686 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193686"
},
{
"category": "external",
"summary": "SUSE Bug 1193688 for CVE-2021-43813",
"url": "https://bugzilla.suse.com/1193688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2021-43813"
},
{
"cve": "CVE-2021-43815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43815"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43815",
"url": "https://www.suse.com/security/cve/CVE-2021-43815"
},
{
"category": "external",
"summary": "SUSE Bug 1193686 for CVE-2021-43815",
"url": "https://bugzilla.suse.com/1193686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2021-43815"
},
{
"cve": "CVE-2022-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21673"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21673",
"url": "https://www.suse.com/security/cve/CVE-2022-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1194873 for CVE-2022-21673",
"url": "https://bugzilla.suse.com/1194873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-21673"
},
{
"cve": "CVE-2022-21698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21698"
}
],
"notes": [
{
"category": "general",
"text": "client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21698",
"url": "https://www.suse.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "SUSE Bug 1196338 for CVE-2022-21698",
"url": "https://bugzilla.suse.com/1196338"
},
{
"category": "external",
"summary": "SUSE Bug 1248689 for CVE-2022-21698",
"url": "https://bugzilla.suse.com/1248689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "important"
}
],
"title": "CVE-2022-21698"
},
{
"cve": "CVE-2022-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21702"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21702",
"url": "https://www.suse.com/security/cve/CVE-2022-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1195726 for CVE-2022-21702",
"url": "https://bugzilla.suse.com/1195726"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-21702"
},
{
"cve": "CVE-2022-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21703"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21703",
"url": "https://www.suse.com/security/cve/CVE-2022-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1195727 for CVE-2022-21703",
"url": "https://bugzilla.suse.com/1195727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-21703"
},
{
"cve": "CVE-2022-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21713"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21713",
"url": "https://www.suse.com/security/cve/CVE-2022-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1195728 for CVE-2022-21713",
"url": "https://bugzilla.suse.com/1195728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x",
"SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x",
"SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x",
"SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64",
"SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch",
"SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch",
"SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x",
"SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64",
"SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch",
"SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x",
"SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64",
"SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch",
"SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch",
"SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch",
"SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch",
"SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch",
"SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64",
"SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-20T11:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2022-21713"
}
]
}
SUSE-SU-2022:3676-1
Vulnerability from csaf_suse - Published: 2022-10-20 11:40 - Updated: 2022-10-20 11:40Summary
Security update for grafana
Severity
Important
Notes
Title of the patch: Security update for grafana
Description of the patch: This update for grafana fixes the following issues:
Updated to version 8.5.13 (jsc#PED-2145, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565):
- CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation (bsc#1203596).
- CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is used (bsc#1203597).
- CVE-2022-31107: Fixed OAuth account takeover (bsc#1201539).
- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535).
- CVE-2022-21702: Fixed XSS vulnerability in handling data sources (bsc#1195726).
- CVE-2022-21703: Fixed cross-origin request forgery vulnerability (bsc#1195727).
- CVE-2022-21713: Fixed Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728).
- CVE-2022-21673: Fixed missing error return in GetUserInfo if no user was found (bsc#1194873).
- CVE-2021-43815: Fixed directory traversal for .csv files (bsc#1193686).
- CVE-2021-41244: Fixed incorrect access control vulnerability(bsc#1192763).
- CVE-2021-41174: Fixed XSS vulnerability on unauthenticated pages through interpolation binding expressions for AngularJS in URL (bsc#1192383).
- CVE-2021-3711: Fixed SM2 Decryption Buffer Overflow (bsc#1189520).
- CVE-2021-36222: Fixed a null pointer dereference in the KDC (bsc#1188571).
- CVE-2021-43798: Fixed arbitrary file read in the graph native plugin (bsc#1193492).
Patchnames: SUSE-2022-3676,SUSE-Storage-6-2022-3676
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.9 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.1 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.6 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
64 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for grafana",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for grafana fixes the following issues:\n\nUpdated to version 8.5.13 (jsc#PED-2145, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565): \n \n- CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation (bsc#1203596). \n- CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is used (bsc#1203597). \n- CVE-2022-31107: Fixed OAuth account takeover (bsc#1201539). \n- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535). \n- CVE-2022-21702: Fixed XSS vulnerability in handling data sources (bsc#1195726). \n- CVE-2022-21703: Fixed cross-origin request forgery vulnerability (bsc#1195727). \n- CVE-2022-21713: Fixed Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728). \n- CVE-2022-21673: Fixed missing error return in GetUserInfo if no user was found (bsc#1194873). \n- CVE-2021-43815: Fixed directory traversal for .csv files (bsc#1193686). \n- CVE-2021-41244: Fixed incorrect access control vulnerability(bsc#1192763). \n- CVE-2021-41174: Fixed XSS vulnerability on unauthenticated pages through interpolation binding expressions for AngularJS in URL (bsc#1192383). \n- CVE-2021-3711: Fixed SM2 Decryption Buffer Overflow (bsc#1189520). \n- CVE-2021-36222: Fixed a null pointer dereference in the KDC (bsc#1188571). \n- CVE-2021-43798: Fixed arbitrary file read in the graph native plugin (bsc#1193492). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3676,SUSE-Storage-6-2022-3676",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3676-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3676-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223676-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3676-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012594.html"
},
{
"category": "self",
"summary": "SUSE Bug 1188571",
"url": "https://bugzilla.suse.com/1188571"
},
{
"category": "self",
"summary": "SUSE Bug 1189520",
"url": "https://bugzilla.suse.com/1189520"
},
{
"category": "self",
"summary": "SUSE Bug 1192383",
"url": "https://bugzilla.suse.com/1192383"
},
{
"category": "self",
"summary": "SUSE Bug 1192763",
"url": "https://bugzilla.suse.com/1192763"
},
{
"category": "self",
"summary": "SUSE Bug 1193492",
"url": "https://bugzilla.suse.com/1193492"
},
{
"category": "self",
"summary": "SUSE Bug 1193686",
"url": "https://bugzilla.suse.com/1193686"
},
{
"category": "self",
"summary": "SUSE Bug 1194873",
"url": "https://bugzilla.suse.com/1194873"
},
{
"category": "self",
"summary": "SUSE Bug 1195726",
"url": "https://bugzilla.suse.com/1195726"
},
{
"category": "self",
"summary": "SUSE Bug 1195727",
"url": "https://bugzilla.suse.com/1195727"
},
{
"category": "self",
"summary": "SUSE Bug 1195728",
"url": "https://bugzilla.suse.com/1195728"
},
{
"category": "self",
"summary": "SUSE Bug 1201535",
"url": "https://bugzilla.suse.com/1201535"
},
{
"category": "self",
"summary": "SUSE Bug 1201539",
"url": "https://bugzilla.suse.com/1201539"
},
{
"category": "self",
"summary": "SUSE Bug 1203596",
"url": "https://bugzilla.suse.com/1203596"
},
{
"category": "self",
"summary": "SUSE Bug 1203597",
"url": "https://bugzilla.suse.com/1203597"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36222 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3711 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41174 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41244 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41244/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43798 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43815 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31097 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31107 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-35957 page",
"url": "https://www.suse.com/security/cve/CVE-2022-35957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-36062 page",
"url": "https://www.suse.com/security/cve/CVE-2022-36062/"
}
],
"title": "Security update for grafana",
"tracking": {
"current_release_date": "2022-10-20T11:40:04Z",
"generator": {
"date": "2022-10-20T11:40:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3676-1",
"initial_release_date": "2022-10-20T11:40:04Z",
"revision_history": [
{
"date": "2022-10-20T11:40:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.5.13-150100.3.12.1.aarch64",
"product": {
"name": "grafana-8.5.13-150100.3.12.1.aarch64",
"product_id": "grafana-8.5.13-150100.3.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-8.5.13-150100.3.12.1.x86_64",
"product": {
"name": "grafana-8.5.13-150100.3.12.1.x86_64",
"product_id": "grafana-8.5.13-150100.3.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.5.13-150100.3.12.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64"
},
"product_reference": "grafana-8.5.13-150100.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-8.5.13-150100.3.12.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
},
"product_reference": "grafana-8.5.13-150100.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36222"
}
],
"notes": [
{
"category": "general",
"text": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36222",
"url": "https://www.suse.com/security/cve/CVE-2021-36222"
},
{
"category": "external",
"summary": "SUSE Bug 1188571 for CVE-2021-36222",
"url": "https://bugzilla.suse.com/1188571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "important"
}
],
"title": "CVE-2021-36222"
},
{
"cve": "CVE-2021-3711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3711"
}
],
"notes": [
{
"category": "general",
"text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3711",
"url": "https://www.suse.com/security/cve/CVE-2021-3711"
},
{
"category": "external",
"summary": "SUSE Bug 1189520 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1189520"
},
{
"category": "external",
"summary": "SUSE Bug 1190129 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1190129"
},
{
"category": "external",
"summary": "SUSE Bug 1192100 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1192100"
},
{
"category": "external",
"summary": "SUSE Bug 1205663 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1205663"
},
{
"category": "external",
"summary": "SUSE Bug 1225628 for CVE-2021-3711",
"url": "https://bugzilla.suse.com/1225628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "critical"
}
],
"title": "CVE-2021-3711"
},
{
"cve": "CVE-2021-41174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41174"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim\u0027s browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(\u0027alert(1)\u0027)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41174",
"url": "https://www.suse.com/security/cve/CVE-2021-41174"
},
{
"category": "external",
"summary": "SUSE Bug 1192383 for CVE-2021-41174",
"url": "https://bugzilla.suse.com/1192383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-41174"
},
{
"cve": "CVE-2021-41244",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41244"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users\u0027 roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users\u0027 roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41244",
"url": "https://www.suse.com/security/cve/CVE-2021-41244"
},
{
"category": "external",
"summary": "SUSE Bug 1192763 for CVE-2021-41244",
"url": "https://bugzilla.suse.com/1192763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "critical"
}
],
"title": "CVE-2021-41244"
},
{
"cve": "CVE-2021-43798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43798"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `\u003cgrafana_host_url\u003e/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43798",
"url": "https://www.suse.com/security/cve/CVE-2021-43798"
},
{
"category": "external",
"summary": "SUSE Bug 1193492 for CVE-2021-43798",
"url": "https://bugzilla.suse.com/1193492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "important"
}
],
"title": "CVE-2021-43798"
},
{
"cve": "CVE-2021-43815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43815"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43815",
"url": "https://www.suse.com/security/cve/CVE-2021-43815"
},
{
"category": "external",
"summary": "SUSE Bug 1193686 for CVE-2021-43815",
"url": "https://bugzilla.suse.com/1193686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-43815"
},
{
"cve": "CVE-2022-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21673"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21673",
"url": "https://www.suse.com/security/cve/CVE-2022-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1194873 for CVE-2022-21673",
"url": "https://bugzilla.suse.com/1194873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-21673"
},
{
"cve": "CVE-2022-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21702"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21702",
"url": "https://www.suse.com/security/cve/CVE-2022-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1195726 for CVE-2022-21702",
"url": "https://bugzilla.suse.com/1195726"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-21702"
},
{
"cve": "CVE-2022-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21703"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21703",
"url": "https://www.suse.com/security/cve/CVE-2022-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1195727 for CVE-2022-21703",
"url": "https://bugzilla.suse.com/1195727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-21703"
},
{
"cve": "CVE-2022-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21713"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21713",
"url": "https://www.suse.com/security/cve/CVE-2022-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1195728 for CVE-2022-21713",
"url": "https://bugzilla.suse.com/1195728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-21713"
},
{
"cve": "CVE-2022-31097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31097"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31097",
"url": "https://www.suse.com/security/cve/CVE-2022-31097"
},
{
"category": "external",
"summary": "SUSE Bug 1201535 for CVE-2022-31097",
"url": "https://bugzilla.suse.com/1201535"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "important"
}
],
"title": "CVE-2022-31097"
},
{
"cve": "CVE-2022-31107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31107"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user\u0027s external user id is not already associated with an account in Grafana, the malicious user\u0027s email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user\u0027s Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31107",
"url": "https://www.suse.com/security/cve/CVE-2022-31107"
},
{
"category": "external",
"summary": "SUSE Bug 1201539 for CVE-2022-31107",
"url": "https://bugzilla.suse.com/1201539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "important"
}
],
"title": "CVE-2022-31107"
},
{
"cve": "CVE-2022-35957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-35957"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-35957",
"url": "https://www.suse.com/security/cve/CVE-2022-35957"
},
{
"category": "external",
"summary": "SUSE Bug 1203597 for CVE-2022-35957",
"url": "https://bugzilla.suse.com/1203597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-35957"
},
{
"cve": "CVE-2022-36062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-36062"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-36062",
"url": "https://www.suse.com/security/cve/CVE-2022-36062"
},
{
"category": "external",
"summary": "SUSE Bug 1203596 for CVE-2022-36062",
"url": "https://bugzilla.suse.com/1203596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64",
"SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-20T11:40:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-36062"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…