Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2021-27962
Vulnerability from cvelistv5
Published
2021-03-22 13:55
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://community.grafana.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/03/19/5", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-22T14:35:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { tags: [ "x_refsource_MISC", ], url: "https://community.grafana.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openwall.com/lists/oss-security/2021/03/19/5", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", }, { tags: [ "x_refsource_MISC", ], url: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", }, { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", }, ], source: { discovery: "INTERNAL", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27962", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://community.grafana.com/t/release-notes-v6-7-x/27119", refsource: "MISC", url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { name: "https://community.grafana.com", refsource: "MISC", url: "https://community.grafana.com", }, { name: "http://www.openwall.com/lists/oss-security/2021/03/19/5", refsource: "CONFIRM", url: "http://www.openwall.com/lists/oss-security/2021/03/19/5", }, { name: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", refsource: "CONFIRM", url: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", }, { name: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", refsource: "MISC", url: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", }, { name: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", refsource: "MISC", url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", }, ], }, source: { discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27962", datePublished: "2021-03-22T13:55:39", dateReserved: "2021-03-05T00:00:00", dateUpdated: "2024-08-03T21:33:17.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"7.2.0\", \"versionEndExcluding\": \"7.3.10\", \"matchCriteriaId\": \"9E9735BD-3047-4AB2-96A8-B7C982CF3B60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"7.4.0\", \"versionEndExcluding\": \"7.4.5\", \"matchCriteriaId\": \"7CFD90C0-68A4-40F8-82FF-4B161A38C378\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.\"}, {\"lang\": \"es\", \"value\": \"Grafana Enterprise versiones 7.2.x y 7.3.x anteriores a 7.3.10 y versiones 7.4.x anteriores a 7.4.5, permite a un editor de tablero omitir una comprobaci\\u00f3n de permisos relacionada con una fuente de datos a la que no deber\\u00eda poder ser capaz de acceder\"}]", id: "CVE-2021-27962", lastModified: "2024-11-21T05:58:55.183", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:N\", \"baseScore\": 4.9, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2021-03-22T14:15:14.023", references: "[{\"url\": \"http://www.openwall.com/lists/oss-security/2021/03/19/5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://community.grafana.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://community.grafana.com/t/release-notes-v6-7-x/27119\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/03/19/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://community.grafana.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://community.grafana.com/t/release-notes-v6-7-x/27119\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2021-27962\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-03-22T14:15:14.023\",\"lastModified\":\"2024-11-21T05:58:55.183\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.\"},{\"lang\":\"es\",\"value\":\"Grafana Enterprise versiones 7.2.x y 7.3.x anteriores a 7.3.10 y versiones 7.4.x anteriores a 7.4.5, permite a un editor de tablero omitir una comprobación de permisos relacionada con una fuente de datos a la que no debería poder ser capaz de acceder\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:N\",\"baseScore\":4.9,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.3.10\",\"matchCriteriaId\":\"9E9735BD-3047-4AB2-96A8-B7C982CF3B60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.5\",\"matchCriteriaId\":\"7CFD90C0-68A4-40F8-82FF-4B161A38C378\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/03/19/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://community.grafana.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://community.grafana.com/t/release-notes-v6-7-x/27119\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/03/19/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://community.grafana.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://community.grafana.com/t/release-notes-v6-7-x/27119\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}", }, }
suse-su-2021:2675-1
Vulnerability from csaf_suse
Published
2021-08-12 10:05
Modified
2021-08-12 10:05
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
ansible:
- The support level for ansible is l2, not l3
dracut-saltboot:
- Force installation of libexpat.so.1 (bsc#1188846)
- Use kernel parameters from PXE formula also for local boot
golang-github-prometheus-prometheus:
- Provide and reload firewalld configuration only for:
+ openSUSE Leap 15.0, 15.1, 15.2
+ SUSE Linux Enterprise 15, 15 SP1, 15 SP2
- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)
+ Bugfix:
* SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242)
* UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659
* TSDB: Do not panic when writing very large records to the WAL. #8790
* TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723
* Scaleway Discovery: Fix nil pointer dereference. #8737
* Consul Discovery: Restart no longer required after config update with no targets. #8766
+ Features:
* Promtool: Retroactive rule evaluation functionality.
* Configuration: Environment variable expansion for external labels.
Behind '--enable-feature=expand-external-labels' flag.
* Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for
small Prometheus instances.
* UI: Add a dark theme.
* AWS Lightsail Discovery: Add AWS Lightsail Discovery.
* Docker Discovery: Add Docker Service Discovery.
* OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.
* Remote Write: Send exemplars via remote write. Experimental and disabled by default.
+ Enhancements:
* Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.
* Scaleway Discovery: Read Scaleway secret from a file.
* Scrape: Add configurable limits for label size and count.
* UI: Add 16w and 26w time range steps.
* Templating: Enable parsing strings in humanize functions.
- Update package with changes from `server:monitoring` (bsc#1175478)
Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's
`firewalld` package does not contain 'prometheus' configuration yet.
mgr-cfg:
- No visible impact for the user
mgr-custom-info:
- No visible impact for the user
mgr-osad:
- No visible impact for the user
mgr-push:
- No visible impact for the user
mgr-virtualization:
- No visible impact for the user
rhnlib:
- No visible impact for the user
spacecmd:
- Make spacecmd aware of retracted patches/packages
- Enhance help for installation types when creating distributions (bsc#1186581)
- Parse empty argument when nothing in between the separator
spacewalk-client-tools:
- Update translation strings
spacewalk-koan:
- Fix for spacewalk-koan tests after switching to the new
Docker images
spacewalk-oscap:
- No visible impact for the user
suseRegisterInfo:
- No visible impact for the user
uyuni-common-libs:
- Handle broken RPM packages to prevent exceptions
causing fails on repository synchronization (bsc#1186650)
- Maintainer field in debian packages are only recommended (bsc#1186508)
Patchnames
SUSE-2021-2675,SUSE-SLE-Manager-Tools-15-2021-2675
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\nansible:\n\n- The support level for ansible is l2, not l3\n\ndracut-saltboot:\n\n- Force installation of libexpat.so.1 (bsc#1188846)\n- Use kernel parameters from PXE formula also for local boot\n\ngolang-github-prometheus-prometheus:\n\n- Provide and reload firewalld configuration only for:\n + openSUSE Leap 15.0, 15.1, 15.2\n + SUSE Linux Enterprise 15, 15 SP1, 15 SP2\n- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)\n + Bugfix:\n * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242)\n * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659\n * TSDB: Do not panic when writing very large records to the WAL. #8790\n * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723\n * Scaleway Discovery: Fix nil pointer dereference. #8737\n * Consul Discovery: Restart no longer required after config update with no targets. #8766\n + Features:\n * Promtool: Retroactive rule evaluation functionality.\n * Configuration: Environment variable expansion for external labels. \n Behind '--enable-feature=expand-external-labels' flag.\n * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for \n small Prometheus instances.\n * UI: Add a dark theme.\n * AWS Lightsail Discovery: Add AWS Lightsail Discovery.\n * Docker Discovery: Add Docker Service Discovery.\n * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.\n * Remote Write: Send exemplars via remote write. Experimental and disabled by default.\n + Enhancements:\n * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.\n * Scaleway Discovery: Read Scaleway secret from a file.\n * Scrape: Add configurable limits for label size and count.\n * UI: Add 16w and 26w time range steps.\n * Templating: Enable parsing strings in humanize functions.\n- Update package with changes from `server:monitoring` (bsc#1175478)\n Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's\n `firewalld` package does not contain 'prometheus' configuration yet.\n\nmgr-cfg:\n\n- No visible impact for the user\n\nmgr-custom-info:\n\n- No visible impact for the user\n\nmgr-osad:\n\n- No visible impact for the user\n\nmgr-push:\n\n- No visible impact for the user\n\nmgr-virtualization:\n\n- No visible impact for the user\n\nrhnlib:\n\n- No visible impact for the user\n\nspacecmd:\n\n- Make spacecmd aware of retracted patches/packages\n- Enhance help for installation types when creating distributions (bsc#1186581)\n- Parse empty argument when nothing in between the separator\n\nspacewalk-client-tools:\n\n- Update translation strings\n\nspacewalk-koan:\n\n- Fix for spacewalk-koan tests after switching to the new\n Docker images\n\nspacewalk-oscap:\n\n- No visible impact for the user\n\nsuseRegisterInfo:\n\n- No visible impact for the user\n\nuyuni-common-libs:\n\n- Handle broken RPM packages to prevent exceptions\n causing fails on repository synchronization (bsc#1186650)\n- Maintainer field in debian packages are only recommended (bsc#1186508)\n\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-2675,SUSE-SLE-Manager-Tools-15-2021-2675", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2675-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:2675-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20212675-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:2675-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009285.html", }, { category: "self", summary: "SUSE Bug 1175478", url: "https://bugzilla.suse.com/1175478", }, { category: "self", summary: "SUSE Bug 1186242", url: "https://bugzilla.suse.com/1186242", }, { category: "self", summary: "SUSE Bug 1186508", url: "https://bugzilla.suse.com/1186508", }, { category: "self", summary: "SUSE Bug 1186581", url: "https://bugzilla.suse.com/1186581", }, { category: "self", summary: "SUSE Bug 1186650", url: "https://bugzilla.suse.com/1186650", }, { category: "self", summary: "SUSE Bug 1188846", url: "https://bugzilla.suse.com/1188846", }, { category: "self", summary: "SUSE CVE CVE-2021-27962 page", url: "https://www.suse.com/security/cve/CVE-2021-27962/", }, { category: "self", summary: "SUSE CVE CVE-2021-28146 page", url: "https://www.suse.com/security/cve/CVE-2021-28146/", }, { category: "self", summary: "SUSE CVE CVE-2021-28147 page", url: "https://www.suse.com/security/cve/CVE-2021-28147/", }, { category: "self", summary: "SUSE CVE CVE-2021-28148 page", url: "https://www.suse.com/security/cve/CVE-2021-28148/", }, { category: "self", summary: "SUSE CVE CVE-2021-29622 page", url: "https://www.suse.com/security/cve/CVE-2021-29622/", }, ], title: "Security update for SUSE Manager Client Tools", tracking: { current_release_date: "2021-08-12T10:05:16Z", generator: { date: "2021-08-12T10:05:16Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:2675-1", initial_release_date: "2021-08-12T10:05:16Z", revision_history: [ { date: "2021-08-12T10:05:16Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", product: { name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", product_id: "golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", product_id: "python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", product: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", product_id: "python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.i586", product: { name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.i586", product_id: "golang-github-prometheus-prometheus-2.27.1-3.31.1.i586", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.1.i586", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.i586", product_id: "python2-uyuni-common-libs-4.2.5-1.15.1.i586", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.5-1.15.1.i586", product: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.i586", product_id: "python3-uyuni-common-libs-4.2.5-1.15.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "ansible-2.9.21-1.5.1.noarch", product: { name: "ansible-2.9.21-1.5.1.noarch", product_id: "ansible-2.9.21-1.5.1.noarch", }, }, { category: "product_version", name: "ansible-doc-2.9.21-1.5.1.noarch", product: { name: "ansible-doc-2.9.21-1.5.1.noarch", product_id: "ansible-doc-2.9.21-1.5.1.noarch", }, }, { category: "product_version", name: "ansible-test-2.9.21-1.5.1.noarch", product: { name: "ansible-test-2.9.21-1.5.1.noarch", product_id: "ansible-test-2.9.21-1.5.1.noarch", }, }, { category: "product_version", name: "dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", product: { name: "dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", product_id: "dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-4.2.3-1.18.1.noarch", product: { name: "mgr-cfg-4.2.3-1.18.1.noarch", product_id: "mgr-cfg-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-actions-4.2.3-1.18.1.noarch", product: { name: "mgr-cfg-actions-4.2.3-1.18.1.noarch", product_id: "mgr-cfg-actions-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-client-4.2.3-1.18.1.noarch", product: { name: "mgr-cfg-client-4.2.3-1.18.1.noarch", product_id: "mgr-cfg-client-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-management-4.2.3-1.18.1.noarch", product: { name: "mgr-cfg-management-4.2.3-1.18.1.noarch", product_id: "mgr-cfg-management-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "mgr-custom-info-4.2.2-1.12.1.noarch", product: { name: "mgr-custom-info-4.2.2-1.12.1.noarch", product_id: "mgr-custom-info-4.2.2-1.12.1.noarch", }, }, { category: "product_version", name: "mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product: { name: "mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product_id: "mgr-osa-dispatcher-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "mgr-osad-4.2.6-1.30.1.noarch", product: { name: "mgr-osad-4.2.6-1.30.1.noarch", product_id: "mgr-osad-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "mgr-push-4.2.3-1.12.1.noarch", product: { name: "mgr-push-4.2.3-1.12.1.noarch", product_id: "mgr-push-4.2.3-1.12.1.noarch", }, }, { category: "product_version", name: "mgr-virtualization-host-4.2.2-1.20.1.noarch", product: { name: "mgr-virtualization-host-4.2.2-1.20.1.noarch", product_id: "mgr-virtualization-host-4.2.2-1.20.1.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-4.2.3-1.18.1.noarch", product: { name: "python2-mgr-cfg-4.2.3-1.18.1.noarch", product_id: "python2-mgr-cfg-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", product: { name: "python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", product_id: "python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-client-4.2.3-1.18.1.noarch", product: { name: "python2-mgr-cfg-client-4.2.3-1.18.1.noarch", product_id: "python2-mgr-cfg-client-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-management-4.2.3-1.18.1.noarch", product: { name: "python2-mgr-cfg-management-4.2.3-1.18.1.noarch", product_id: "python2-mgr-cfg-management-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python2-mgr-osa-common-4.2.6-1.30.1.noarch", product: { name: "python2-mgr-osa-common-4.2.6-1.30.1.noarch", product_id: "python2-mgr-osa-common-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product: { name: "python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product_id: "python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python2-mgr-osad-4.2.6-1.30.1.noarch", product: { name: "python2-mgr-osad-4.2.6-1.30.1.noarch", product_id: "python2-mgr-osad-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python2-mgr-push-4.2.3-1.12.1.noarch", product: { name: "python2-mgr-push-4.2.3-1.12.1.noarch", product_id: "python2-mgr-push-4.2.3-1.12.1.noarch", }, }, { category: "product_version", name: "python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", product: { name: "python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", product_id: "python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", }, }, { category: "product_version", name: "python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", product: { name: "python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", product_id: "python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", }, }, { category: "product_version", name: "python2-rhnlib-4.2.4-3.28.1.noarch", product: { name: "python2-rhnlib-4.2.4-3.28.1.noarch", product_id: "python2-rhnlib-4.2.4-3.28.1.noarch", }, }, { category: "product_version", name: "python2-spacewalk-check-4.2.12-3.44.1.noarch", product: { name: "python2-spacewalk-check-4.2.12-3.44.1.noarch", product_id: "python2-spacewalk-check-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", product: { name: "python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", product_id: "python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", product: { name: "python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", product_id: "python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python2-spacewalk-koan-4.2.4-3.21.1.noarch", product: { name: "python2-spacewalk-koan-4.2.4-3.21.1.noarch", product_id: "python2-spacewalk-koan-4.2.4-3.21.1.noarch", }, }, { category: "product_version", name: "python2-spacewalk-oscap-4.2.2-3.12.1.noarch", product: { name: "python2-spacewalk-oscap-4.2.2-3.12.1.noarch", product_id: "python2-spacewalk-oscap-4.2.2-3.12.1.noarch", }, }, { category: "product_version", name: "python2-suseRegisterInfo-4.2.4-3.15.1.noarch", product: { name: "python2-suseRegisterInfo-4.2.4-3.15.1.noarch", product_id: "python2-suseRegisterInfo-4.2.4-3.15.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-4.2.3-1.18.1.noarch", product: { name: "python3-mgr-cfg-4.2.3-1.18.1.noarch", product_id: "python3-mgr-cfg-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", product: { name: "python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", product_id: "python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-client-4.2.3-1.18.1.noarch", product: { name: "python3-mgr-cfg-client-4.2.3-1.18.1.noarch", product_id: "python3-mgr-cfg-client-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-management-4.2.3-1.18.1.noarch", product: { name: "python3-mgr-cfg-management-4.2.3-1.18.1.noarch", product_id: "python3-mgr-cfg-management-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python3-mgr-osa-common-4.2.6-1.30.1.noarch", product: { name: "python3-mgr-osa-common-4.2.6-1.30.1.noarch", product_id: "python3-mgr-osa-common-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product: { name: "python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product_id: "python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python3-mgr-osad-4.2.6-1.30.1.noarch", product: { name: "python3-mgr-osad-4.2.6-1.30.1.noarch", product_id: "python3-mgr-osad-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python3-mgr-push-4.2.3-1.12.1.noarch", product: { name: "python3-mgr-push-4.2.3-1.12.1.noarch", product_id: "python3-mgr-push-4.2.3-1.12.1.noarch", }, }, { category: "product_version", name: "python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", product: { name: "python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", product_id: "python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", }, }, { category: "product_version", name: "python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", product: { name: "python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", product_id: "python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", }, }, { category: "product_version", name: "python3-rhnlib-4.2.4-3.28.1.noarch", product: { name: "python3-rhnlib-4.2.4-3.28.1.noarch", product_id: "python3-rhnlib-4.2.4-3.28.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-check-4.2.12-3.44.1.noarch", product: { name: "python3-spacewalk-check-4.2.12-3.44.1.noarch", product_id: "python3-spacewalk-check-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", product: { name: "python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", product_id: "python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", product: { name: "python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", product_id: "python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-koan-4.2.4-3.21.1.noarch", product: { name: "python3-spacewalk-koan-4.2.4-3.21.1.noarch", product_id: "python3-spacewalk-koan-4.2.4-3.21.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-oscap-4.2.2-3.12.1.noarch", product: { name: "python3-spacewalk-oscap-4.2.2-3.12.1.noarch", product_id: "python3-spacewalk-oscap-4.2.2-3.12.1.noarch", }, }, { category: "product_version", name: "python3-suseRegisterInfo-4.2.4-3.15.1.noarch", product: { name: "python3-suseRegisterInfo-4.2.4-3.15.1.noarch", product_id: "python3-suseRegisterInfo-4.2.4-3.15.1.noarch", }, }, { category: "product_version", name: "spacecmd-4.2.11-3.62.1.noarch", product: { name: "spacecmd-4.2.11-3.62.1.noarch", product_id: "spacecmd-4.2.11-3.62.1.noarch", }, }, { category: "product_version", name: "spacewalk-check-4.2.12-3.44.1.noarch", product: { name: "spacewalk-check-4.2.12-3.44.1.noarch", product_id: "spacewalk-check-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "spacewalk-client-setup-4.2.12-3.44.1.noarch", product: { name: "spacewalk-client-setup-4.2.12-3.44.1.noarch", product_id: "spacewalk-client-setup-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "spacewalk-client-tools-4.2.12-3.44.1.noarch", product: { name: "spacewalk-client-tools-4.2.12-3.44.1.noarch", product_id: "spacewalk-client-tools-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "spacewalk-koan-4.2.4-3.21.1.noarch", product: { name: "spacewalk-koan-4.2.4-3.21.1.noarch", product_id: "spacewalk-koan-4.2.4-3.21.1.noarch", }, }, { category: "product_version", name: "spacewalk-oscap-4.2.2-3.12.1.noarch", product: { name: "spacewalk-oscap-4.2.2-3.12.1.noarch", product_id: "spacewalk-oscap-4.2.2-3.12.1.noarch", }, }, { category: "product_version", name: "suseRegisterInfo-4.2.4-3.15.1.noarch", product: { name: "suseRegisterInfo-4.2.4-3.15.1.noarch", product_id: "suseRegisterInfo-4.2.4-3.15.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", product: { name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", product_id: "golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", product_id: "python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", product: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", product_id: "python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", product: { name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", product_id: "golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.1.s390x", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.s390x", product_id: "python2-uyuni-common-libs-4.2.5-1.15.1.s390x", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.5-1.15.1.s390x", product: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.s390x", product_id: "python3-uyuni-common-libs-4.2.5-1.15.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", product: { name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", product_id: "golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", product_id: "python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", product: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", product_id: "python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Client Tools 15", product: { name: "SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15", }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-2.9.21-1.5.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", }, product_reference: "ansible-2.9.21-1.5.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "ansible-doc-2.9.21-1.5.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", }, product_reference: "ansible-doc-2.9.21-1.5.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", }, product_reference: "dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", }, product_reference: "golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", }, product_reference: "golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", }, product_reference: "golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", }, product_reference: "golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-4.2.3-1.18.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", }, product_reference: "mgr-cfg-4.2.3-1.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-actions-4.2.3-1.18.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", }, product_reference: "mgr-cfg-actions-4.2.3-1.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-client-4.2.3-1.18.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", }, product_reference: "mgr-cfg-client-4.2.3-1.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-management-4.2.3-1.18.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", }, product_reference: "mgr-cfg-management-4.2.3-1.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-custom-info-4.2.2-1.12.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", }, product_reference: "mgr-custom-info-4.2.2-1.12.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-osad-4.2.6-1.30.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", }, product_reference: "mgr-osad-4.2.6-1.30.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-push-4.2.3-1.12.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", }, product_reference: "mgr-push-4.2.3-1.12.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-virtualization-host-4.2.2-1.20.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", }, product_reference: "mgr-virtualization-host-4.2.2-1.20.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-4.2.3-1.18.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", }, product_reference: "python3-mgr-cfg-4.2.3-1.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-actions-4.2.3-1.18.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", }, product_reference: "python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-client-4.2.3-1.18.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", }, product_reference: "python3-mgr-cfg-client-4.2.3-1.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-management-4.2.3-1.18.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", }, product_reference: "python3-mgr-cfg-management-4.2.3-1.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osa-common-4.2.6-1.30.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", }, product_reference: "python3-mgr-osa-common-4.2.6-1.30.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osad-4.2.6-1.30.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", }, product_reference: "python3-mgr-osad-4.2.6-1.30.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-push-4.2.3-1.12.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", }, product_reference: "python3-mgr-push-4.2.3-1.12.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-virtualization-common-4.2.2-1.20.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", }, product_reference: "python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-virtualization-host-4.2.2-1.20.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", }, product_reference: "python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-rhnlib-4.2.4-3.28.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", }, product_reference: "python3-rhnlib-4.2.4-3.28.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-check-4.2.12-3.44.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", }, product_reference: "python3-spacewalk-check-4.2.12-3.44.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-setup-4.2.12-3.44.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", }, product_reference: "python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.2.12-3.44.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", }, product_reference: "python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-koan-4.2.4-3.21.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", }, product_reference: "python3-spacewalk-koan-4.2.4-3.21.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-oscap-4.2.2-3.12.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", }, product_reference: "python3-spacewalk-oscap-4.2.2-3.12.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-suseRegisterInfo-4.2.4-3.15.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", }, product_reference: "python3-suseRegisterInfo-4.2.4-3.15.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.aarch64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", }, product_reference: "python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", }, product_reference: "python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.s390x as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", }, product_reference: "python3-uyuni-common-libs-4.2.5-1.15.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.x86_64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", }, product_reference: "python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.2.11-3.62.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", }, product_reference: "spacecmd-4.2.11-3.62.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-check-4.2.12-3.44.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", }, product_reference: "spacewalk-check-4.2.12-3.44.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-setup-4.2.12-3.44.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", }, product_reference: "spacewalk-client-setup-4.2.12-3.44.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.2.12-3.44.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", }, product_reference: "spacewalk-client-tools-4.2.12-3.44.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-koan-4.2.4-3.21.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", }, product_reference: "spacewalk-koan-4.2.4-3.21.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-oscap-4.2.2-3.12.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", }, product_reference: "spacewalk-oscap-4.2.2-3.12.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "suseRegisterInfo-4.2.4-3.15.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", }, product_reference: "suseRegisterInfo-4.2.4-3.15.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, ], }, vulnerabilities: [ { cve: "CVE-2021-27962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27962", }, ], notes: [ { category: "general", text: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-27962", url: "https://www.suse.com/security/cve/CVE-2021-27962", }, { category: "external", summary: "SUSE Bug 1184371 for CVE-2021-27962", url: "https://bugzilla.suse.com/1184371", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:05:16Z", details: "moderate", }, ], title: "CVE-2021-27962", }, { cve: "CVE-2021-28146", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28146", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-28146", url: "https://www.suse.com/security/cve/CVE-2021-28146", }, { category: "external", summary: "SUSE Bug 1183811 for CVE-2021-28146", url: "https://bugzilla.suse.com/1183811", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:05:16Z", details: "moderate", }, ], title: "CVE-2021-28146", }, { cve: "CVE-2021-28147", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28147", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-28147", url: "https://www.suse.com/security/cve/CVE-2021-28147", }, { category: "external", summary: "SUSE Bug 1183809 for CVE-2021-28147", url: "https://bugzilla.suse.com/1183809", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:05:16Z", details: "moderate", }, ], title: "CVE-2021-28147", }, { cve: "CVE-2021-28148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28148", }, ], notes: [ { category: "general", text: "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-28148", url: "https://www.suse.com/security/cve/CVE-2021-28148", }, { category: "external", summary: "SUSE Bug 1183813 for CVE-2021-28148", url: "https://bugzilla.suse.com/1183813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:05:16Z", details: "important", }, ], title: "CVE-2021-28148", }, { cve: "CVE-2021-29622", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-29622", }, ], notes: [ { category: "general", text: "Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-29622", url: "https://www.suse.com/security/cve/CVE-2021-29622", }, { category: "external", summary: "SUSE Bug 1186242 for CVE-2021-29622", url: "https://bugzilla.suse.com/1186242", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:ansible-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:ansible-doc-2.9.21-1.5.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.27.1-3.31.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:mgr-custom-info-4.2.2-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.6-1.30.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.3-1.12.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.4-3.28.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "SUSE Manager Client Tools 15:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "SUSE Manager Client Tools 15:spacecmd-4.2.11-3.62.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.12-3.44.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.4-3.21.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.2-3.12.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:05:16Z", details: "moderate", }, ], title: "CVE-2021-29622", }, ], }
suse-su-2021:2660-1
Vulnerability from csaf_suse
Published
2021-08-12 10:01
Modified
2021-08-12 10:01
Summary
Security update for grafana
Notes
Title of the patch
Security update for grafana
Description of the patch
This update for grafana fixes the following issues:
- CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803)
- Update to version 7.5.7:
* Updated relref to 'Configuring exemplars' section (#34240) (#34243)
* Added exemplar topic (#34147) (#34226)
* Quota: Do not count folders towards dashboard quota (#32519) (#34025)
* Instructions to separate emails with semicolons (#32499) (#34138)
* Docs: Remove documentation of v8 generic OAuth feature (#34018)
* Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975)
* [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935)
* ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936)
* Stop hoisting @icons/material (#33922)
* Chore: fix react-color version in yarn.lock (#33914)
* 'Release: Updated versions in package to 7.5.6' (#33909)
* Loki: fix label browser crashing when + typed (#33900) (#33901)
* Document `hide_version` flag (#33670) (#33881)
* Add isolation level db configuration parameter (#33830) (#33878)
* Sanitize PromLink button (#33874) (#33876)
* Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872)
* Docs feedback: /administration/provisioning.md (#33804) (#33842)
* Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851)
* Docs: Update _index.md (#33797) (#33799)
* Docs: Update installation.md (#33656) (#33703)
* GraphNG: uPlot 1.6.9 (#33598) (#33612)
* dont consider invalid email address a failed email (#33671) (#33681)
* InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625)
* add template for dashboard url parameters (#33549) (#33588)
* Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586)
* Update team.md (#33454) (#33536)
* Removed duplicate file 'dashboard_folder_permissions.md (#33497)
* Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495)
* ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492)
* Documentation: Update developer-guide.md (#33478) (#33490)
* add closed parenthesis to fix a hyperlink (#33471) (#33481)
- Update to version 7.5.5:
* 'Release: Updated versions in package to 7.5.5' (#33469)
* GraphNG: Fix exemplars window position (#33427) (#33462)
* Remove field limitation from slack notification (#33113) (#33455)
* Prometheus: Support POST in template variables (#33321) (#33441)
* Instrumentation: Add success rate metrics for email notifications (#33359) (#33409)
* Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406)
* Docs: Removed type from find annotations example. (#33399) (#33403)
* [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255)
* Updated label for add panel. (#33285) (#33286)
* Bug: Add git to Dockerfile.ubuntu (#33247) (#33248)
* Docs: Sync latest master docs with 7.5.x (#33156)
* Docs: Update getting-started-influxdb.md (#33234) (#33241)
* Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239)
* Minor Changes in Auditing.md (#31435) (#33238)
* Docs: Add license check endpoint doc (#32987) (#33236)
* Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219)
* Docs: InfluxDB doc improvements (#32815) (#33185)
* [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031)
* update cla (#33181)
* Fix inefficient regular expression (#33155) (#33159)
* Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136)
* Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128)
* Update team.md (#33060) (#33084)
* GE issue 1268 (#33049) (#33081)
* Fixed some formatting issues for PRs from yesterday. (#33078) (#33079)
* Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061)
* Docs: Replace next with latest in aliases (#33054) (#33059)
* Added missing link item. (#33052) (#33055)
* Backport 33034 (#33038)
* Docs: Backport 32916 to v7.5x (#33008)
* ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998)
* Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996)
* Docs: Sync release branch with latest docs (#32986)
- Update to version 7.5.4:
* 'Release: Updated versions in package to 7.5.4' (#32971)
* fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967)
* Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968)
* fix sqlite3 tx retry condition operator precedence (#32897) (#32952)
* AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947)
* Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945)
* GraphNG: uPlot 1.6.8 (#32859) (#32863)
* Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844)
* Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804)
* [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758)
* TablePanel: Makes sorting case-insensitive (#32435) (#32752)
- Update to version 7.5.3:
* 'Release: Updated versions in package to 7.5.3' (#32745)
* FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741)
* Loki: Remove empty annotations tags (#32359) (#32490)
* SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739)
* Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726)
* Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714)
* Variables: Confirms selection before opening new picker (#32586) (#32710)
* CloudWarch: Fix service quotas link (#32686) (#32689)
* Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598)
* chore: bump execa to v2.1.0 (#32543) (#32592)
* Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558)
* Fix broken gtime tests (#32582) (#32587)
* resolve conflicts (#32567)
* gtime: Make ParseInterval deterministic (#32539) (#32560)
* Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535)
* TextboxVariable: Limits the length of the preview value (#32472) (#32530)
* AdHocVariable: Adds default data source (#32470) (#32476)
* Variables: Fixes Unsupported data format error for null values (#32480) (#32487)
* Prometheus: align exemplars check to latest api change (#32513) (#32515)
* 'Release: Updated versions in package to 7.5.2' (#32502)
* SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488)
* Set spanNulls to default (#32471) (#32486)
* Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442)
* API: Return 409 on datasource version conflict (#32425) (#32433)
* API: Return 400 on invalid Annotation requests (#32429) (#32431)
* Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424)
* Table: Fixes so links work for image cells (#32370) (#32410)
* Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394)
* DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395)
* API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397)
* 'Release: Updated versions in package to 7.5.1' (#32362)
* MSSQL: Upgrade go-mssqldb (#32347) (#32361)
* GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348)
* 'Release: Updated versions in package to 7.5.0' (#32308)
* Loki: Fix text search in Label browser (#32293) (#32306)
* Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299)
* PieChartV2: Add migration from old piechart (#32259) (#32291)
* LibraryPanels: Adds Type and Description to DB (#32258) (#32288)
* LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284)
* Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281)
* LibraryPanels: Changes to non readonly reducer (#32193) (#32200)
* Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262)
* SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102)
* DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247)
* Logs: If log message missing, use empty string (#32080) (#32243)
* CloudWatch: Use latest version of aws sdk (#32217) (#32223)
* Release: Updated versions in package to 7.5.0-beta.2 (#32158)
* HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154)
* GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151)
* Fix loading timezone info on windows (#32029) (#32149)
* SQLStore: Close session in withDbSession (#31775) (#32108)
* Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148)
* GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125)
* MixedDataSource: Name is updated when data source variable changes (#32090) (#32144)
* Backport 32005 to v7.5.x #32128 (#32130)
* Loki: Label browser UI updates (#31737) (#32119)
* ValueMappings: Fixes value 0 not being mapped (#31924) (#31929)
* GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103)
* LibraryPanels: Improves the Get All experience (#32028) (#32093)
* Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032)
* Exemplars: always query exemplars (#31673) (#32024)
* [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055)
* Chore: Collect elasticsearch version usage stats (#31787) (#32063)
* Chore: Tidy up Go deps (#32053)
* GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066)
* Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060)
* [v7.5.x] Auth: Allow soft token revocation (#32037)
* Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036)
* Make master green (#32011) (#32015)
* Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982)
* Variables: Fixes filtering in picker with null items (#31979) (#31995)
* TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003)
* Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987)
* Loki: Fix type errors in language_provider (#31902) (#31945)
* PanelInspect: Interpolates variables in CSV file name (#31936) (#31977)
* Cloudwatch: use shared library for aws auth (#29550) (#31946)
* Tooltip: partial perf improvement (#31774) (#31837) (#31957)
* Backport 31913 to v7.5.x (#31955)
* Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938)
* Variables: Do not reset description on variable type change (#31933) (#31939)
* [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894)
* Elasticseach: Support histogram fields (#29079) (#31914)
* Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896)
* Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891)
* Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801)
* [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882)
* Run go mod tidy to update go.mod and go.sum (#31859)
* Grafana/ui: display all selected levels for Cascader (#31729) (#31862)
* CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861)
* Cloudwatch: ListMetrics API page limit (#31788) (#31851)
* Remove invalid attribute (#31848) (#31850)
* CloudWatch: Restrict auth provider and assume role usage according to… (#31845)
* CloudWatch: Add support for EC2 IAM role (#31804) (#31841)
* Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819)
* Variables: Improves inspection performance and unknown filtering (#31811) (#31813)
* Change piechart plugin state to beta (#31797) (#31798)
* ReduceTransform: Include series with numeric string names (#31763) (#31794)
* Annotations: Make the annotation clean up batch size configurable (#31487) (#31769)
* Fix escaping in ANSI and dynamic button removal (#31731) (#31767)
* DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718)
* log skipped, performed and duration for migrations (#31722) (#31754)
* Search: Make items more compact (#31734) (#31750)
* loki_datasource: add documentation to label_format and line_format (#31710) (#31746)
* Tempo: Convert tempo to backend data source2 (#31733)
* Elasticsearch: Fix script fields in query editor (#31681) (#31727)
* Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717)
* Admin: Keeps expired api keys visible in table after delete (#31636) (#31675)
* Tempo: set authentication header properly (#31699) (#31701)
* Tempo: convert to backend data source (#31618) (#31695)
* Update package.json (#31672)
* Release: Bump version to 7.5.0-beta.1 (#31664)
* Fix whatsNewUrl version to 7.5 (#31666)
* Chore: add alias for what's new 7.5 (#31669)
* Docs: Update doc for PostgreSQL authentication (#31434)
* Docs: document report template variables (#31637)
* AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633)
* Color: Fixes issue where colors where reset to gray when switch panels (#31611)
* Live: Use pure WebSocket transport (#31630)
* Docs: Fix broken image link (#31661)
* Docs: Add Whats new in 7.5 (#31659)
* Docs: Fix links for 7.5 (#31658)
* Update enterprise-configuration.md (#31656)
* Explore/Logs: Escaping of incorrectly escaped log lines (#31352)
* Tracing: Small improvements to trace types (#31646)
* Update _index.md (#31645)
* AlertingNG: code refactoring (#30787)
* Remove pkill gpg-agent (#31169)
* Remove format for plugin routes (#31633)
* Library Panels: Change unsaved change detection logic (#31477)
* CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624)
* add new metrics and dimensions (#31595)
* fix devenv dashboard content typo (#31583)
* DashList: Sort starred and searched dashboard alphabetically (#31605)
* Docs: Update whats-new-in-v7-4.md (#31612)
* SSE: Add 'Classic Condition' on backend (#31511)
* InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259)
* Alerting: PagerDuty: adding current state to the payload (#29270)
* devenv: Fix typo (#31589)
* Loki: Label browser (#30351)
* LibraryPanels: No save modal when user is on same dashboard (#31606)
* Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603)
* Update node-graph.md (#31571)
* test: pass Cypress options objects into selector wrappers (#31567)
* Loki: Add support for alerting (#31424)
* Tracing: Specify type of the data frame that is expected for TraceView (#31465)
* LibraryPanels: Adds version column (#31590)
* PieChart: Add color changing options to pie chart (#31588)
* Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558)
* Bring back correct legend sizing afer PlotLegend refactor (#31582)
* Alerting: Fix bug in Discord for when name for metric value is absent (#31257)
* LibraryPanels: Deletes library panels during folder deletion (#31572)
* chore: bump lodash to 4.17.21 (#31549)
* Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518)
* TestData: Fixes never ending annotations scenario (#31573)
* CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498)
* propagate plugin unavailable message to UI (#31560)
* ConfirmButton: updates story from knobs to controls (#31476)
* Loki: Refactor line limit to use grafana/ui component (#31509)
* LibraryPanels: Adds folder checks and permissions (#31473)
* Add guide on custom option editors (#31254)
* PieChart: Update text color and minor changes (#31546)
* Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036)
* Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210)
* PieChart: Improve piechart legend and options (#31446)
* Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538)
* Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539)
* Add multiselect options ui (#31501)
* Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516)
* Variables: Fixes error with: cannot read property length of undefined (#31458)
* Explore: Show ANSI colored logs in logs context (#31510)
* LogsPanel: Show all received logs (#31505)
* AddPanel: Design polish (#31484)
* TimeSeriesPanel: Remove unnecessary margin from legend (#31467)
* influxdb: flux: handle is-hidden (#31324)
* Graph: Fix tooltip not showing when close to the edge of viewport (#31493)
* FolderPicker: Remove useNewForms from FolderPicker (#31485)
* Add reportVariables feature toggle (#31469)
* Grafana datasource: support multiple targets (#31495)
* Update license-restrictions.md (#31488)
* Docs: Derived fields links in logs detail view (#31482)
* Docs: Add new data source links to Enterprise page (#31480)
* Convert annotations to dataframes (#31400)
* ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475)
* GrafanaUI: Fixes typescript error for missing css prop (#31479)
* Login: handle custom token creation error messages (#31283)
* Library Panels: Don't list current panel in available panels list (#31472)
* DashboardSettings: Migrate Link Settings to React (#31150)
* Frontend changes for library panels feature (#30653)
* Alerting notifier SensuGo: improvements in default message (#31428)
* AppPlugins: Options to disable showing config page in nav (#31354)
* add aws config (#31464)
* Heatmap: Fix missing/wrong value in heatmap legend (#31430)
* Chore: Fixes small typos (#31461)
* Graphite/SSE: update graphite to work with server side expressions (#31455)
* update the lastest version to 7.4.3 (#31457)
* ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454)
* AWS: Add aws plugin configuration (#31312)
* Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452)
* Remove UserSyncInfo.tsx (#31450)
* Elasticsearch: Add word highlighting to search results (#30293)
* Chore: Fix eslint react hook warnings in grafana-ui (#31092)
* CloudWatch: Make it possible to specify custom api endpoint (#31402)
* Chore: fixed incorrect naming for disable settings (#31448)
* TraceViewer: Fix show log marker in spanbar (#30742)
* LibraryPanels: Adds permissions to getAllHandler (#31416)
* NamedColorsPalette: updates story from knobs to controls (#31443)
* 'Release: Updated versions in package to 7.4.3' (#31444)
* ColorPicker: updates story from knobs to controls (#31429)
* Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431)
* ClipboardButton: updates story from knobs to controls (#31422)
* we should never log unhashed tokens (#31432)
* CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407)
* Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322)
* Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353)
* CloudWatch: Added AWS Ground Station metrics and dimensions (#31362)
* TraceViewer: Fix trace to logs icon to show in right pane (#31414)
* add hg team as migrations code owners (#31420)
* Remove tidy-check script (#31423)
* InfluxDB: handle columns named 'table' (#30985)
* Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401)
* Devenv: Add gdev-influxdb2 data source (#31250)
* Update grabpl from 0.5.38 to 0.5.42 version (#31419)
* Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421)
* remove squadcast details from docs (#31413)
* Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297)
* Logging: add frontend logging helpers to @grafana/runtime package (#30482)
* CallToActionCard: updates story from knobs to controls (#31393)
* Add eu-south-1 cloudwatch region, closes #31197 (#31198)
* Chore: Upgrade eslint packages (#31408)
* Cascader: updates story from knobs to controls (#31399)
* addressed issues 28763 and 30314. (#31404)
* Added section Query a time series database by id (#31337)
* Prometheus: Change default httpMethod for new instances to POST (#31292)
* Data source list: Use Card component (#31326)
* Chore: Remove gotest.tools dependency (#31391)
* Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388)
* Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387)
* AdHocVariables: Fixes crash when values are stored as numbers (#31382)
* Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379)
* Chore: Fix strict errors, down to 416 (#31365)
* Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378)
* StoryBook: Introduces Grafana Controls (#31351)
* ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313)
* Theming: Support for runtime theme switching and hooks for custom themes (#31301)
* Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282)
* Zipkin: Show success on test data source (#30829)
* Update grot template (needs more info) (#31350)
* DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347)
* TimeSeriesPanel: Fixes overlapping time axis ticks (#31332)
* Grafana/UI: Add basic legend to the PieChart (#31278)
* SAML: single logout only enabled in enterprise (#31325)
* QueryEditor: handle query.hide changes in angular based query-editors (#31336)
* DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334)
* LibraryPanels: Syncs panel title with name (#31311)
* Chore: Upgrade golangci-lint (#31330)
* Add info to docs about concurrent session limits (#31333)
* Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316)
* BarGuage: updates story from knobs to controls (#31223)
* Docs: Clarifies how to add Key/Value pairs (#31303)
* Usagestats: Exclude folders from total dashboard count (#31320)
* ButtonCascader: updates story from knobs to controls (#31288)
* test: allow check for Table as well as Graph for Explore e2e flow (#31290)
* Grafana-UI: Update tooltip type (#31310)
* fix 7.4.2 release note (#31299)
* Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285)
* Chore: reduce strict errors for variables (#31241)
* update latest release version (#31296)
* ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291)
* Correct name of Discord notifier tests (#31277)
* Docs: Clarifies custom date formats for variables (#31271)
* BigValue: updates story from knobs to controls (#31240)
* Docs: Annotations update (#31194)
* Introduce functions for interacting with library panels API (#30993)
* Search: display sort metadata (#31167)
* Folders: Editors should be able to edit name and delete folders (#31242)
* Make Datetime local (No date if today) working (#31274)
* UsageStats: Purpose named variables (#31264)
* Snapshots: Disallow anonymous user to create snapshots (#31263)
* only update usagestats every 30min (#31131)
* Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701)
* Grafana-UI: Add id to Select to make it easier to test (#31230)
* Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055)
* UI/Card: Fix handling of 'onClick' callback (#31225)
* Loki: Add line limit for annotations (#31183)
* Remove deprecated and breaking loki config field (#31227)
* SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236)
* LibraryPanels: Disconnect before connect during dashboard save (#31235)
* Disable Change Password for OAuth users (#27886)
* TagsInput: Design update and component refactor (#31163)
* Variables: Adds back default option for data source variable (#31208)
* IPv6: Support host address configured with enclosing square brackets (#31226)
* Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179)
* GraphNG: refactor core to class component (#30941)
* Remove last synchronisation field from LDAP debug view (#30984)
* Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975)
* Graph: Make axes unit option work even when field option unit is set (#31205)
* AlertingNG: Test definition (#30886)
* Docs: Update Influx config options (#31146)
* WIP: Skip this call when we skip migrations (#31216)
* use 0.1.0 (#31215)
* DataSourceSrv: Filter out non queryable data sources by default (#31144)
* QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193)
* Chore: report eslint no-explicit-any errors to metrics (#31182)
* Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211)
* Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773)
* Alerting: Fix modal text for deleting obsolete notifier (#31171)
* Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204)
* Variables: Fixes missing empty elements from regex filters (#31156)
* StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126)
* Fixed the typo. (#31189)
* Docs: Rewrite preferences docs (#31154)
* Explore/Refactor: Simplify URL handling (#29173)
* DashboardLinks: Fixes links always cause full page reload (#31178)
* Replace PR with Commit truncated hash when build fails (#31177)
* Alert: update story to use controls (#31145)
* Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132)
* CloudWatch: Ensure empty query row errors are not passed to the panel (#31172)
* Update prometheus.md (#31173)
* Variables: Extend option pickers to accept custom onChange callback (#30913)
* Prometheus: Multiply exemplars timestamp to follow api change (#31143)
* DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160)
* Add author name and pr number in drone pipeline notifications (#31124)
* Prometheus: Add documentation for ad-hoc filters (#31122)
* DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135)
* Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079)
* Chore: Update latest.json (#31139)
* Docs: add 7.4.1 relese notes link (#31137)
* PieChart: Progress on new core pie chart (#28020)
* ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133)
* Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989)
* Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121)
* MuxWriter: Handle error for already closed file (#31119)
* Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115)
* Search: add sort information in dashboard results (#30609)
* area/grafana/e2e: ginstall should pull version specified (#31056)
* Exemplars: Change CTA style (#30880)
* Influx: Make max series limit configurable and show the limiting message if applied (#31025)
* Docs: request security (#30937)
* update configurePanel for 7.4.0 changes (#31093)
* Elasticsearch: fix log row context erroring out (#31088)
* Prometheus: Fix issues with ad-hoc filters (#30931)
* LogsPanel: Add deduplication option for logs (#31019)
* Drone: Make sure CDN upload is ok before pushing docker images (#31075)
* PluginManager: Remove some global state (#31081)
* test: update addDashboard flow for v7.4.0 changes (#31059)
* Transformations: Fixed typo in FilterByValue transformer description. (#31078)
* Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074)
* Usage stats: Adds source/distributor setting (#31039)
* CDN: Add CDN upload step to enterprise and release pipelines (#31058)
* Chore: Replace native select with grafana ui select (#31030)
* Docs: Update json-model.md (#31066)
* Docs: Update whats-new-in-v7-4.md (#31069)
* Added hyperlinks to Graphite documentation (#31064)
* DashboardSettings: Update to new form styles (#31022)
* CDN: Fixing drone CI config (#31052)
* convert path to posix by default (#31045)
* DashboardLinks: Fixes crash when link has no title (#31008)
* Alerting: Fixes so notification channels are properly deleted (#31040)
* Explore: Remove emotion error when displaying logs (#31026)
* Elasticsearch: Fix alias field value not being shown in query editor (#30992)
* CDN: Adds uppload to CDN step to drone CI (#30879)
* Improved glossary (#31004)
* BarGauge: Improvements to value sizing and table inner width calculations (#30990)
* Drone: Fix deployment image (#31027)
* ColorPicker: migrated styles from sass to emotion (#30909)
* Dashboard: Migrate general settings to react (#30914)
* Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018)
* Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966)
* Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017)
* Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013)
* Graph: Fixes so graph is shown for non numeric time values (#30972)
* CloudMonitoring: Prevent resource type variable function from crashing (#30901)
* Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971)
* Build: Releases e2e and e2e-selectors too (#31006)
* TextPanel: Fixes so panel title is updated when variables change (#30884)
* Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000)
* instrumentation: make the first database histogram bucket smaller (#30995)
* Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt… (#30988)
* StatPanel: Fixes issue formatting date values using unit option (#30979)
* Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973)
* Units: Fixes formatting of duration units (#30982)
* Elasticsearch: Show Size setting for raw_data metric (#30980)
* Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935)
* make sure service and slo display name is passed to segment comp (#30900)
* assign changes in cloud datasources to the new cloud datasources team (#30645)
* Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927)
* Theme: Use higher order theme color variables rather then is light/dark logic (#30939)
* Docs: Add alias for what's new in 7.4 (#30945)
* e2e: extends selector factory to plugins (#30932)
* Chore: Upgrade docker build image (#30820)
* Docs: updated developer guide (#29978)
* Alerts: Update Alert storybook to show more states (#30908)
* Variables: Adds queryparam formatting option (#30858)
* Chore: pad unknown values with undefined (#30808)
* Transformers: add search to transform selection (#30854)
* Exemplars: change api to reflect latest changes (#30910)
* docs: use selinux relabelling on docker containers (#27685)
* Docs: Fix bad image path for alert notification template (#30911)
* Make value mappings correctly interpret numeric-like strings (#30893)
* Chore: Update latest.json (#30905)
* Docs: Update whats-new-in-v7-4.md (#30882)
* Dashboard: Ignore changes to dashboard when the user session expires (#30897)
* ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902)
* test: add support for timeout to be passed in for addDatasource (#30736)
* increase page size and make sure the cache supports query params (#30892)
* DataSourceSettings: Adds info box and link to Grafana Cloud (#30891)
* OAuth: custom username docs (#28400)
* Panels: Remove value mapping of values that have been formatted #26763 (#30868)
* Alerting: Fixes alert panel header icon not showing (#30840)
* AlertingNG: Edit Alert Definition (#30676)
* Logging: sourcemap support for frontend stacktraces (#30590)
* Added 'Restart Grafana' topic. (#30844)
* Docs: Org, Team, and User Admin (#30756)
* bump grabpl version to 0.5.36 (#30874)
* Plugins: Requests validator (#30445)
* Docs: Update whats-new-in-v7-4.md (#30876)
* Docs: Add server view folder (#30849)
* Fixed image name and path (#30871)
* Grafana-ui: fixes closing modals with escape key (#30745)
* InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827)
* TestData: Fixes issue with for ever loading state when all queries are hidden (#30861)
* Chart/Tooltip: refactored style declaration (#30824)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853)
* Grafana-ui: fixes no data message in Table component (#30821)
* grafana/ui: Update pagination component for large number of pages (#30151)
* Alerting: Customise OK notification priorities for Pushover notifier (#30169)
* DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569)
* Chore: Remove panelTime.html, closes #30097 (#30842)
* Docs: Time series panel, bar alignment docs (#30780)
* Chore: add more docs annotations (#30847)
* Transforms: allow boolean in field calculations (#30802)
* Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825)
* Update prometheus.md with image link fix (#30833)
* BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806)
* Update license-expiration.md (#30839)
* Explore rewrite (#30804)
* Prometheus: Set type of labels to string (#30831)
* GrafanaUI: Add a way to persistently close InfoBox (#30716)
* Fix typo in transformer registry (#30712)
* Elasticsearch: Display errors with text responses (#30122)
* CDN: Fixes cdn path when Grafana is under sub path (#30822)
* TraceViewer: Fix lazy loading (#30700)
* FormField: migrated sass styling to emotion (#30392)
* AlertingNG: change API permissions (#30781)
* Variables: Clears drop down state when leaving dashboard (#30810)
* Grafana-UI: Add story/docs for ErrorBoundary (#30304)
* Add missing callback dependency (#30797)
* PanelLibrary: Adds library panel meta information to dashboard json (#30770)
* Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343)
* Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771)
* GraphNG: improve behavior when switching between solid/dash/dots (#30796)
* Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778)
* Add width for Variable Editors (#30791)
* Chore: Remove warning when calling resource (#30752)
* Auth: Use SigV4 lib from grafana-aws-sdk (#30713)
* Panels: Fixes so panels are refreshed when scrolling past them fast (#30784)
* GraphNG: add bar alignment option (#30499)
* Expressions: Measure total transformation requests and elapsed time (#30514)
* Menu: Mark menu components as internal (#30740)
* TableInputCSV: migrated styles from sass to emotion (#30554)
* CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777)
* Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772)
* CDN: Adds support for serving assets over a CDN (#30691)
* PanelEdit: Trigger refresh when changing data source (#30744)
* Chore: remove __debug_bin (#30725)
* BarChart: add alpha bar chart panel (#30323)
* Docs: Time series panel (#30690)
* Backend Plugins: Convert test data source to use SDK contracts (#29916)
* Docs: Update whats-new-in-v7-4.md (#30747)
* Add link to Elasticsearch docs. (#30748)
* Mobile: Fixes issue scrolling on mobile in chrome (#30746)
* TagsInput: Make placeholder configurable (#30718)
* Docs: Add config settings for fonts in reporting (#30421)
* Add menu.yaml to .gitignore (#30743)
* bump cypress to 6.3.0 (#30644)
* Datasource: Use json-iterator configuration compatible with standard library (#30732)
* AlertingNG: Update UX to use new PageToolbar component (#30680)
* Docs: Add usage insights export feature (#30376)
* skip symlinks to directories when generating plugin manifest (#30721)
* PluginCiE2E: Upgrade base images (#30696)
* Variables: Fixes so text format will show All instead of custom all (#30730)
* PanelLibrary: better handling of deleted panels (#30709)
* Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724)
* Added 'curated dashboards' information and broke down, rearranged topics. (#30659)
* Transform: improve the 'outer join' performance/behavior (#30407)
* Add alt text to plugin logos (#30710)
* Deleted menu.yaml file (#30717)
* Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000)
* Added entry for web server. (#30715)
* DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706)
* Use connected GraphNG in Explore (#30707)
* Fix documentation for streaming data sources (#30704)
* PanelLibrary: changes casing of responses and adds meta property (#30668)
* Influx: Show all datapoints for dynamically windowed flux query (#30688)
* Trace: trace to logs design update (#30637)
* DeployImage: Switch base images to Debian (#30684)
* Chore: remove CSP debug logging line (#30689)
* Docs: 7.4 documentation for expressions (#30524)
* PanelEdit: Get rid of last remaining usage of navbar-button (#30682)
* Grafana-UI: Fix setting default value for MultiSelect (#30671)
* CustomScrollbar: migrated styles from sass to emotion (#30506)
* DashboardSettings & PanelEdit: Use new PageToolbar (#30675)
* Explore: Fix jumpy live tailing (#30650)
* ci(npm-publish): add missing github package token to env vars (#30665)
* PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588)
* AlertingNG: pause/unpause definitions via the API (#30627)
* Docs: Refer to product docs in whats new for alerting templating feature (#30652)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666)
* Variables: Fixes display value when using capture groups in regex (#30636)
* Docs: Update _index.md (#30655)
* Docs: Auditing updates (#30433)
* Docs: add hidden_users configuration field (#30435)
* Docs: Define TLS/SSL terminology (#30533)
* Docs: Fix expressions enabled description (#30589)
* Docs: Update ES screenshots (#30598)
* Licensing Docs: Adding license restrictions docs (#30216)
* Update documentation-style-guide.md (#30611)
* Docs: Update queries.md (#30616)
* chore(grafana-ui): bump storybook to 6.1.15 (#30642)
* DashboardSettings: fixes vertical scrolling (#30640)
* Usage Stats: Remove unused method for getting user stats (#30074)
* Grafana/UI: Unit picker should not set a category as unit (#30638)
* Graph: Fixes auto decimals issue in legend and tooltip (#30628)
* AlertingNG: List saved Alert definitions in Alert Rule list (#30603)
* chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605)
* Grafana/UI: Add disable prop to Segment (#30539)
* Variables: Fixes so queries work for numbers values too (#30602)
* Admin: Fixes so form values are filled in from backend (#30544)
* Docs: Add new override info and add whats new 7.4 links (#30615)
* TestData: Improve what's new in v7.4 (#30612)
* Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502)
* NodeGraph: Add docs (#30504)
* Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517)
* TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570)
* Update styling.md guide (#30594)
* TestData: Adding what's new in v7.4 to the devenv dashboards (#30568)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583)
* Chore(deps): Bump github.com/prometheus/client_golang (#30585)
* Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587)
* Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584)
* Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572)
* RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474)
* Add documentation for Exemplars (#30317)
* OldGraph: Fix height issue in Firefox (#30565)
* XY Chart: fix editor error with empty frame (no fields) (#30573)
* ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510)
* XY Chart: share legend config with timeseries (#30559)
* configuration.md: Document Content Security Policy options (#30413)
* DataFrame: cache frame/field index in field state (#30529)
* List + before -; rm old Git ref; reformat. (#30543)
* Expressions: Add option to disable feature (#30541)
* Explore: Fix loading visualisation on the top of the new time series panel (#30553)
* Prometheus: Fix show query instead of Value if no __name__ and metric (#30511)
* Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519)
* Postgres: Convert tests to stdlib (#30536)
* Storybook: Migrate card story to use controls (#30535)
* AlertingNG: Enable UI to Save Alert Definitions (#30394)
* Postgres: Be consistent about TLS/SSL terminology (#30532)
* Loki: Append refId to logs uid (#30418)
* Postgres: Fix indentation (#30531)
* GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527)
* updates for e2e docker image (#30465)
* GraphNG: uPlot 1.6.2 (#30521)
* Docs: Update whats-new-in-v7-4.md (#30520)
* Prettier: ignore build and devenv dirs (#30501)
* Chore: Upgrade grabpl version (#30486)
* Explore: Update styling of buttons (#30493)
* Cloud Monitoring: Fix legend naming with display name override (#30440)
* GraphNG: Disable Plot logging by default (#30390)
* Admin: Fixes so whole org drop down is visible when adding users to org (#30481)
* Docs: include Makefile option for local assets (#30455)
* Footer: Fixes layout issue in footer (#30443)
* TimeSeriesPanel: Fixed default value for gradientMode (#30484)
* Docs: fix typo in what's new doc (#30489)
* Chore: adds wait to e2e test (#30488)
* chore: update packages dependent on dot-prop to fix security vulnerability (#30432)
* Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480)
* Chore: fix spelling mistake (#30473)
* Chore: Restrict internal imports from other packages (#30453)
* Docs: What's new fixes and improvements (#30469)
* Timeseries: only migrage point size when configured (#30461)
* Alerting: Hides threshold handle for percentual thresholds (#30431)
* Graph: Fixes so only users with correct permissions can add annotations (#30419)
* Chore: update latest version to 7.4.0-beta1 (#30452)
* Docs: Add whats new 7.4 links (#30463)
* Update whats-new-in-v7-4.md (#30460)
* docs: 7.4 what's new (Add expressions note) (#30446)
* Chore: Upgrade build pipeline tool (#30456)
* PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441)
* Expressions: Fix button icon (#30444)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449)
* Docs: Fix img link for alert notification template (#30436)
* grafana/ui: Fix internal import from grafana/data (#30439)
* prevent field config from being overwritten (#30437)
* PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389)
* Dashboard: Remove template variables option from ShareModal (#30395)
* Added doc content for variables inspector code change by Hugo (#30408)
* Docs: update license expiration behavior for reporting (#30420)
* Chore: use old version format in package.json (#30430)
* Chore: upgrade NPM security vulnerabilities (#30397)
* 'Release: Updated versions in package to 7.5.0-pre.0' (#30428)
* contribute: Add backend and configuration guidelines for PRs (#30426)
* Chore: Update what's new URL (#30424)
- Update to version 7.4.5
- CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809)
- CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813)
- CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371)
Patchnames
SUSE-2021-2660,SUSE-SLE-Manager-Tools-15-2021-2660
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grafana", title: "Title of the patch", }, { category: "description", text: "This update for grafana fixes the following issues:\n\n- CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803)\n- Update to version 7.5.7:\n * Updated relref to 'Configuring exemplars' section (#34240) (#34243)\n * Added exemplar topic (#34147) (#34226)\n * Quota: Do not count folders towards dashboard quota (#32519) (#34025)\n * Instructions to separate emails with semicolons (#32499) (#34138)\n * Docs: Remove documentation of v8 generic OAuth feature (#34018)\n * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975)\n * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935)\n * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936)\n * Stop hoisting @icons/material (#33922)\n * Chore: fix react-color version in yarn.lock (#33914)\n * 'Release: Updated versions in package to 7.5.6' (#33909)\n * Loki: fix label browser crashing when + typed (#33900) (#33901)\n * Document `hide_version` flag (#33670) (#33881)\n * Add isolation level db configuration parameter (#33830) (#33878)\n * Sanitize PromLink button (#33874) (#33876)\n * Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872)\n * Docs feedback: /administration/provisioning.md (#33804) (#33842)\n * Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851)\n * Docs: Update _index.md (#33797) (#33799)\n * Docs: Update installation.md (#33656) (#33703)\n * GraphNG: uPlot 1.6.9 (#33598) (#33612)\n * dont consider invalid email address a failed email (#33671) (#33681)\n * InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625)\n * add template for dashboard url parameters (#33549) (#33588)\n * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586)\n * Update team.md (#33454) (#33536)\n * Removed duplicate file 'dashboard_folder_permissions.md (#33497)\n * Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495)\n * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492)\n * Documentation: Update developer-guide.md (#33478) (#33490)\n * add closed parenthesis to fix a hyperlink (#33471) (#33481)\n\n- Update to version 7.5.5:\n * 'Release: Updated versions in package to 7.5.5' (#33469)\n * GraphNG: Fix exemplars window position (#33427) (#33462)\n * Remove field limitation from slack notification (#33113) (#33455)\n * Prometheus: Support POST in template variables (#33321) (#33441)\n * Instrumentation: Add success rate metrics for email notifications (#33359) (#33409)\n * Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406)\n * Docs: Removed type from find annotations example. (#33399) (#33403)\n * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255)\n * Updated label for add panel. (#33285) (#33286)\n * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248)\n * Docs: Sync latest master docs with 7.5.x (#33156)\n * Docs: Update getting-started-influxdb.md (#33234) (#33241)\n * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239)\n * Minor Changes in Auditing.md (#31435) (#33238)\n * Docs: Add license check endpoint doc (#32987) (#33236)\n * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219)\n * Docs: InfluxDB doc improvements (#32815) (#33185)\n * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031)\n * update cla (#33181)\n * Fix inefficient regular expression (#33155) (#33159)\n * Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136)\n * Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128)\n * Update team.md (#33060) (#33084)\n * GE issue 1268 (#33049) (#33081)\n * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079)\n * Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061)\n * Docs: Replace next with latest in aliases (#33054) (#33059)\n * Added missing link item. (#33052) (#33055)\n * Backport 33034 (#33038)\n * Docs: Backport 32916 to v7.5x (#33008)\n * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998)\n * Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996)\n * Docs: Sync release branch with latest docs (#32986)\n\n- Update to version 7.5.4:\n * 'Release: Updated versions in package to 7.5.4' (#32971)\n * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967)\n * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968)\n * fix sqlite3 tx retry condition operator precedence (#32897) (#32952)\n * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947)\n * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945)\n * GraphNG: uPlot 1.6.8 (#32859) (#32863)\n * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844)\n * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804)\n * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758)\n * TablePanel: Makes sorting case-insensitive (#32435) (#32752)\n\n- Update to version 7.5.3:\n * 'Release: Updated versions in package to 7.5.3' (#32745)\n * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741)\n * Loki: Remove empty annotations tags (#32359) (#32490)\n * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739)\n * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726)\n * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714)\n * Variables: Confirms selection before opening new picker (#32586) (#32710)\n * CloudWarch: Fix service quotas link (#32686) (#32689)\n * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598)\n * chore: bump execa to v2.1.0 (#32543) (#32592)\n * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558)\n * Fix broken gtime tests (#32582) (#32587)\n * resolve conflicts (#32567)\n * gtime: Make ParseInterval deterministic (#32539) (#32560)\n * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535)\n * TextboxVariable: Limits the length of the preview value (#32472) (#32530)\n * AdHocVariable: Adds default data source (#32470) (#32476)\n * Variables: Fixes Unsupported data format error for null values (#32480) (#32487)\n * Prometheus: align exemplars check to latest api change (#32513) (#32515)\n * 'Release: Updated versions in package to 7.5.2' (#32502)\n * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488)\n * Set spanNulls to default (#32471) (#32486)\n * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442)\n * API: Return 409 on datasource version conflict (#32425) (#32433)\n * API: Return 400 on invalid Annotation requests (#32429) (#32431)\n * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424)\n * Table: Fixes so links work for image cells (#32370) (#32410)\n * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394)\n * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395)\n * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397)\n * 'Release: Updated versions in package to 7.5.1' (#32362)\n * MSSQL: Upgrade go-mssqldb (#32347) (#32361)\n * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348)\n * 'Release: Updated versions in package to 7.5.0' (#32308)\n * Loki: Fix text search in Label browser (#32293) (#32306)\n * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299)\n * PieChartV2: Add migration from old piechart (#32259) (#32291)\n * LibraryPanels: Adds Type and Description to DB (#32258) (#32288)\n * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284)\n * Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281)\n * LibraryPanels: Changes to non readonly reducer (#32193) (#32200)\n * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262)\n * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102)\n * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247)\n * Logs: If log message missing, use empty string (#32080) (#32243)\n * CloudWatch: Use latest version of aws sdk (#32217) (#32223)\n * Release: Updated versions in package to 7.5.0-beta.2 (#32158)\n * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154)\n * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151)\n * Fix loading timezone info on windows (#32029) (#32149)\n * SQLStore: Close session in withDbSession (#31775) (#32108)\n * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148)\n * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125)\n * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144)\n * Backport 32005 to v7.5.x #32128 (#32130)\n * Loki: Label browser UI updates (#31737) (#32119)\n * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929)\n * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103)\n * LibraryPanels: Improves the Get All experience (#32028) (#32093)\n * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032)\n * Exemplars: always query exemplars (#31673) (#32024)\n * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055)\n * Chore: Collect elasticsearch version usage stats (#31787) (#32063)\n * Chore: Tidy up Go deps (#32053)\n * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066)\n * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060)\n * [v7.5.x] Auth: Allow soft token revocation (#32037)\n * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036)\n * Make master green (#32011) (#32015)\n * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982)\n * Variables: Fixes filtering in picker with null items (#31979) (#31995)\n * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003)\n * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987)\n * Loki: Fix type errors in language_provider (#31902) (#31945)\n * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977)\n * Cloudwatch: use shared library for aws auth (#29550) (#31946)\n * Tooltip: partial perf improvement (#31774) (#31837) (#31957)\n * Backport 31913 to v7.5.x (#31955)\n * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938)\n * Variables: Do not reset description on variable type change (#31933) (#31939)\n * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894)\n * Elasticseach: Support histogram fields (#29079) (#31914)\n * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896)\n * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891)\n * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801)\n * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882)\n * Run go mod tidy to update go.mod and go.sum (#31859)\n * Grafana/ui: display all selected levels for Cascader (#31729) (#31862)\n * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861)\n * Cloudwatch: ListMetrics API page limit (#31788) (#31851)\n * Remove invalid attribute (#31848) (#31850)\n * CloudWatch: Restrict auth provider and assume role usage according to… (#31845)\n * CloudWatch: Add support for EC2 IAM role (#31804) (#31841)\n * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819)\n * Variables: Improves inspection performance and unknown filtering (#31811) (#31813)\n * Change piechart plugin state to beta (#31797) (#31798)\n * ReduceTransform: Include series with numeric string names (#31763) (#31794)\n * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769)\n * Fix escaping in ANSI and dynamic button removal (#31731) (#31767)\n * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718)\n * log skipped, performed and duration for migrations (#31722) (#31754)\n * Search: Make items more compact (#31734) (#31750)\n * loki_datasource: add documentation to label_format and line_format (#31710) (#31746)\n * Tempo: Convert tempo to backend data source2 (#31733)\n * Elasticsearch: Fix script fields in query editor (#31681) (#31727)\n * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717)\n * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675)\n * Tempo: set authentication header properly (#31699) (#31701)\n * Tempo: convert to backend data source (#31618) (#31695)\n * Update package.json (#31672)\n * Release: Bump version to 7.5.0-beta.1 (#31664)\n * Fix whatsNewUrl version to 7.5 (#31666)\n * Chore: add alias for what's new 7.5 (#31669)\n * Docs: Update doc for PostgreSQL authentication (#31434)\n * Docs: document report template variables (#31637)\n * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633)\n * Color: Fixes issue where colors where reset to gray when switch panels (#31611)\n * Live: Use pure WebSocket transport (#31630)\n * Docs: Fix broken image link (#31661)\n * Docs: Add Whats new in 7.5 (#31659)\n * Docs: Fix links for 7.5 (#31658)\n * Update enterprise-configuration.md (#31656)\n * Explore/Logs: Escaping of incorrectly escaped log lines (#31352)\n * Tracing: Small improvements to trace types (#31646)\n * Update _index.md (#31645)\n * AlertingNG: code refactoring (#30787)\n * Remove pkill gpg-agent (#31169)\n * Remove format for plugin routes (#31633)\n * Library Panels: Change unsaved change detection logic (#31477)\n * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624)\n * add new metrics and dimensions (#31595)\n * fix devenv dashboard content typo (#31583)\n * DashList: Sort starred and searched dashboard alphabetically (#31605)\n * Docs: Update whats-new-in-v7-4.md (#31612)\n * SSE: Add 'Classic Condition' on backend (#31511)\n * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259)\n * Alerting: PagerDuty: adding current state to the payload (#29270)\n * devenv: Fix typo (#31589)\n * Loki: Label browser (#30351)\n * LibraryPanels: No save modal when user is on same dashboard (#31606)\n * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603)\n * Update node-graph.md (#31571)\n * test: pass Cypress options objects into selector wrappers (#31567)\n * Loki: Add support for alerting (#31424)\n * Tracing: Specify type of the data frame that is expected for TraceView (#31465)\n * LibraryPanels: Adds version column (#31590)\n * PieChart: Add color changing options to pie chart (#31588)\n * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558)\n * Bring back correct legend sizing afer PlotLegend refactor (#31582)\n * Alerting: Fix bug in Discord for when name for metric value is absent (#31257)\n * LibraryPanels: Deletes library panels during folder deletion (#31572)\n * chore: bump lodash to 4.17.21 (#31549)\n * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518)\n * TestData: Fixes never ending annotations scenario (#31573)\n * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498)\n * propagate plugin unavailable message to UI (#31560)\n * ConfirmButton: updates story from knobs to controls (#31476)\n * Loki: Refactor line limit to use grafana/ui component (#31509)\n * LibraryPanels: Adds folder checks and permissions (#31473)\n * Add guide on custom option editors (#31254)\n * PieChart: Update text color and minor changes (#31546)\n * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036)\n * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210)\n * PieChart: Improve piechart legend and options (#31446)\n * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538)\n * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539)\n * Add multiselect options ui (#31501)\n * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516)\n * Variables: Fixes error with: cannot read property length of undefined (#31458)\n * Explore: Show ANSI colored logs in logs context (#31510)\n * LogsPanel: Show all received logs (#31505)\n * AddPanel: Design polish (#31484)\n * TimeSeriesPanel: Remove unnecessary margin from legend (#31467)\n * influxdb: flux: handle is-hidden (#31324)\n * Graph: Fix tooltip not showing when close to the edge of viewport (#31493)\n * FolderPicker: Remove useNewForms from FolderPicker (#31485)\n * Add reportVariables feature toggle (#31469)\n * Grafana datasource: support multiple targets (#31495)\n * Update license-restrictions.md (#31488)\n * Docs: Derived fields links in logs detail view (#31482)\n * Docs: Add new data source links to Enterprise page (#31480)\n * Convert annotations to dataframes (#31400)\n * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475)\n * GrafanaUI: Fixes typescript error for missing css prop (#31479)\n * Login: handle custom token creation error messages (#31283)\n * Library Panels: Don't list current panel in available panels list (#31472)\n * DashboardSettings: Migrate Link Settings to React (#31150)\n * Frontend changes for library panels feature (#30653)\n * Alerting notifier SensuGo: improvements in default message (#31428)\n * AppPlugins: Options to disable showing config page in nav (#31354)\n * add aws config (#31464)\n * Heatmap: Fix missing/wrong value in heatmap legend (#31430)\n * Chore: Fixes small typos (#31461)\n * Graphite/SSE: update graphite to work with server side expressions (#31455)\n * update the lastest version to 7.4.3 (#31457)\n * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454)\n * AWS: Add aws plugin configuration (#31312)\n * Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452)\n * Remove UserSyncInfo.tsx (#31450)\n * Elasticsearch: Add word highlighting to search results (#30293)\n * Chore: Fix eslint react hook warnings in grafana-ui (#31092)\n * CloudWatch: Make it possible to specify custom api endpoint (#31402)\n * Chore: fixed incorrect naming for disable settings (#31448)\n * TraceViewer: Fix show log marker in spanbar (#30742)\n * LibraryPanels: Adds permissions to getAllHandler (#31416)\n * NamedColorsPalette: updates story from knobs to controls (#31443)\n * 'Release: Updated versions in package to 7.4.3' (#31444)\n * ColorPicker: updates story from knobs to controls (#31429)\n * Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431)\n * ClipboardButton: updates story from knobs to controls (#31422)\n * we should never log unhashed tokens (#31432)\n * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407)\n * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322)\n * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353)\n * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362)\n * TraceViewer: Fix trace to logs icon to show in right pane (#31414)\n * add hg team as migrations code owners (#31420)\n * Remove tidy-check script (#31423)\n * InfluxDB: handle columns named 'table' (#30985)\n * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401)\n * Devenv: Add gdev-influxdb2 data source (#31250)\n * Update grabpl from 0.5.38 to 0.5.42 version (#31419)\n * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421)\n * remove squadcast details from docs (#31413)\n * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297)\n * Logging: add frontend logging helpers to @grafana/runtime package (#30482)\n * CallToActionCard: updates story from knobs to controls (#31393)\n * Add eu-south-1 cloudwatch region, closes #31197 (#31198)\n * Chore: Upgrade eslint packages (#31408)\n * Cascader: updates story from knobs to controls (#31399)\n * addressed issues 28763 and 30314. (#31404)\n * Added section Query a time series database by id (#31337)\n * Prometheus: Change default httpMethod for new instances to POST (#31292)\n * Data source list: Use Card component (#31326)\n * Chore: Remove gotest.tools dependency (#31391)\n * Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388)\n * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387)\n * AdHocVariables: Fixes crash when values are stored as numbers (#31382)\n * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379)\n * Chore: Fix strict errors, down to 416 (#31365)\n * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378)\n * StoryBook: Introduces Grafana Controls (#31351)\n * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313)\n * Theming: Support for runtime theme switching and hooks for custom themes (#31301)\n * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282)\n * Zipkin: Show success on test data source (#30829)\n * Update grot template (needs more info) (#31350)\n * DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347)\n * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332)\n * Grafana/UI: Add basic legend to the PieChart (#31278)\n * SAML: single logout only enabled in enterprise (#31325)\n * QueryEditor: handle query.hide changes in angular based query-editors (#31336)\n * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334)\n * LibraryPanels: Syncs panel title with name (#31311)\n * Chore: Upgrade golangci-lint (#31330)\n * Add info to docs about concurrent session limits (#31333)\n * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316)\n * BarGuage: updates story from knobs to controls (#31223)\n * Docs: Clarifies how to add Key/Value pairs (#31303)\n * Usagestats: Exclude folders from total dashboard count (#31320)\n * ButtonCascader: updates story from knobs to controls (#31288)\n * test: allow check for Table as well as Graph for Explore e2e flow (#31290)\n * Grafana-UI: Update tooltip type (#31310)\n * fix 7.4.2 release note (#31299)\n * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285)\n * Chore: reduce strict errors for variables (#31241)\n * update latest release version (#31296)\n * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291)\n * Correct name of Discord notifier tests (#31277)\n * Docs: Clarifies custom date formats for variables (#31271)\n * BigValue: updates story from knobs to controls (#31240)\n * Docs: Annotations update (#31194)\n * Introduce functions for interacting with library panels API (#30993)\n * Search: display sort metadata (#31167)\n * Folders: Editors should be able to edit name and delete folders (#31242)\n * Make Datetime local (No date if today) working (#31274)\n * UsageStats: Purpose named variables (#31264)\n * Snapshots: Disallow anonymous user to create snapshots (#31263)\n * only update usagestats every 30min (#31131)\n * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701)\n * Grafana-UI: Add id to Select to make it easier to test (#31230)\n * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055)\n * UI/Card: Fix handling of 'onClick' callback (#31225)\n * Loki: Add line limit for annotations (#31183)\n * Remove deprecated and breaking loki config field (#31227)\n * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236)\n * LibraryPanels: Disconnect before connect during dashboard save (#31235)\n * Disable Change Password for OAuth users (#27886)\n * TagsInput: Design update and component refactor (#31163)\n * Variables: Adds back default option for data source variable (#31208)\n * IPv6: Support host address configured with enclosing square brackets (#31226)\n * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179)\n * GraphNG: refactor core to class component (#30941)\n * Remove last synchronisation field from LDAP debug view (#30984)\n * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975)\n * Graph: Make axes unit option work even when field option unit is set (#31205)\n * AlertingNG: Test definition (#30886)\n * Docs: Update Influx config options (#31146)\n * WIP: Skip this call when we skip migrations (#31216)\n * use 0.1.0 (#31215)\n * DataSourceSrv: Filter out non queryable data sources by default (#31144)\n * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193)\n * Chore: report eslint no-explicit-any errors to metrics (#31182)\n * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211)\n * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773)\n * Alerting: Fix modal text for deleting obsolete notifier (#31171)\n * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204)\n * Variables: Fixes missing empty elements from regex filters (#31156)\n * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126)\n * Fixed the typo. (#31189)\n * Docs: Rewrite preferences docs (#31154)\n * Explore/Refactor: Simplify URL handling (#29173)\n * DashboardLinks: Fixes links always cause full page reload (#31178)\n * Replace PR with Commit truncated hash when build fails (#31177)\n * Alert: update story to use controls (#31145)\n * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132)\n * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172)\n * Update prometheus.md (#31173)\n * Variables: Extend option pickers to accept custom onChange callback (#30913)\n * Prometheus: Multiply exemplars timestamp to follow api change (#31143)\n * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160)\n * Add author name and pr number in drone pipeline notifications (#31124)\n * Prometheus: Add documentation for ad-hoc filters (#31122)\n * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135)\n * Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079)\n * Chore: Update latest.json (#31139)\n * Docs: add 7.4.1 relese notes link (#31137)\n * PieChart: Progress on new core pie chart (#28020)\n * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133)\n * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989)\n * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121)\n * MuxWriter: Handle error for already closed file (#31119)\n * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115)\n * Search: add sort information in dashboard results (#30609)\n * area/grafana/e2e: ginstall should pull version specified (#31056)\n * Exemplars: Change CTA style (#30880)\n * Influx: Make max series limit configurable and show the limiting message if applied (#31025)\n * Docs: request security (#30937)\n * update configurePanel for 7.4.0 changes (#31093)\n * Elasticsearch: fix log row context erroring out (#31088)\n * Prometheus: Fix issues with ad-hoc filters (#30931)\n * LogsPanel: Add deduplication option for logs (#31019)\n * Drone: Make sure CDN upload is ok before pushing docker images (#31075)\n * PluginManager: Remove some global state (#31081)\n * test: update addDashboard flow for v7.4.0 changes (#31059)\n * Transformations: Fixed typo in FilterByValue transformer description. (#31078)\n * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074)\n * Usage stats: Adds source/distributor setting (#31039)\n * CDN: Add CDN upload step to enterprise and release pipelines (#31058)\n * Chore: Replace native select with grafana ui select (#31030)\n * Docs: Update json-model.md (#31066)\n * Docs: Update whats-new-in-v7-4.md (#31069)\n * Added hyperlinks to Graphite documentation (#31064)\n * DashboardSettings: Update to new form styles (#31022)\n * CDN: Fixing drone CI config (#31052)\n * convert path to posix by default (#31045)\n * DashboardLinks: Fixes crash when link has no title (#31008)\n * Alerting: Fixes so notification channels are properly deleted (#31040)\n * Explore: Remove emotion error when displaying logs (#31026)\n * Elasticsearch: Fix alias field value not being shown in query editor (#30992)\n * CDN: Adds uppload to CDN step to drone CI (#30879)\n * Improved glossary (#31004)\n * BarGauge: Improvements to value sizing and table inner width calculations (#30990)\n * Drone: Fix deployment image (#31027)\n * ColorPicker: migrated styles from sass to emotion (#30909)\n * Dashboard: Migrate general settings to react (#30914)\n * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018)\n * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966)\n * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017)\n * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013)\n * Graph: Fixes so graph is shown for non numeric time values (#30972)\n * CloudMonitoring: Prevent resource type variable function from crashing (#30901)\n * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971)\n * Build: Releases e2e and e2e-selectors too (#31006)\n * TextPanel: Fixes so panel title is updated when variables change (#30884)\n * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000)\n * instrumentation: make the first database histogram bucket smaller (#30995)\n * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt… (#30988)\n * StatPanel: Fixes issue formatting date values using unit option (#30979)\n * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973)\n * Units: Fixes formatting of duration units (#30982)\n * Elasticsearch: Show Size setting for raw_data metric (#30980)\n * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935)\n * make sure service and slo display name is passed to segment comp (#30900)\n * assign changes in cloud datasources to the new cloud datasources team (#30645)\n * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927)\n * Theme: Use higher order theme color variables rather then is light/dark logic (#30939)\n * Docs: Add alias for what's new in 7.4 (#30945)\n * e2e: extends selector factory to plugins (#30932)\n * Chore: Upgrade docker build image (#30820)\n * Docs: updated developer guide (#29978)\n * Alerts: Update Alert storybook to show more states (#30908)\n * Variables: Adds queryparam formatting option (#30858)\n * Chore: pad unknown values with undefined (#30808)\n * Transformers: add search to transform selection (#30854)\n * Exemplars: change api to reflect latest changes (#30910)\n * docs: use selinux relabelling on docker containers (#27685)\n * Docs: Fix bad image path for alert notification template (#30911)\n * Make value mappings correctly interpret numeric-like strings (#30893)\n * Chore: Update latest.json (#30905)\n * Docs: Update whats-new-in-v7-4.md (#30882)\n * Dashboard: Ignore changes to dashboard when the user session expires (#30897)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902)\n * test: add support for timeout to be passed in for addDatasource (#30736)\n * increase page size and make sure the cache supports query params (#30892)\n * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891)\n * OAuth: custom username docs (#28400)\n * Panels: Remove value mapping of values that have been formatted #26763 (#30868)\n * Alerting: Fixes alert panel header icon not showing (#30840)\n * AlertingNG: Edit Alert Definition (#30676)\n * Logging: sourcemap support for frontend stacktraces (#30590)\n * Added 'Restart Grafana' topic. (#30844)\n * Docs: Org, Team, and User Admin (#30756)\n * bump grabpl version to 0.5.36 (#30874)\n * Plugins: Requests validator (#30445)\n * Docs: Update whats-new-in-v7-4.md (#30876)\n * Docs: Add server view folder (#30849)\n * Fixed image name and path (#30871)\n * Grafana-ui: fixes closing modals with escape key (#30745)\n * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827)\n * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861)\n * Chart/Tooltip: refactored style declaration (#30824)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853)\n * Grafana-ui: fixes no data message in Table component (#30821)\n * grafana/ui: Update pagination component for large number of pages (#30151)\n * Alerting: Customise OK notification priorities for Pushover notifier (#30169)\n * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569)\n * Chore: Remove panelTime.html, closes #30097 (#30842)\n * Docs: Time series panel, bar alignment docs (#30780)\n * Chore: add more docs annotations (#30847)\n * Transforms: allow boolean in field calculations (#30802)\n * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825)\n * Update prometheus.md with image link fix (#30833)\n * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806)\n * Update license-expiration.md (#30839)\n * Explore rewrite (#30804)\n * Prometheus: Set type of labels to string (#30831)\n * GrafanaUI: Add a way to persistently close InfoBox (#30716)\n * Fix typo in transformer registry (#30712)\n * Elasticsearch: Display errors with text responses (#30122)\n * CDN: Fixes cdn path when Grafana is under sub path (#30822)\n * TraceViewer: Fix lazy loading (#30700)\n * FormField: migrated sass styling to emotion (#30392)\n * AlertingNG: change API permissions (#30781)\n * Variables: Clears drop down state when leaving dashboard (#30810)\n * Grafana-UI: Add story/docs for ErrorBoundary (#30304)\n * Add missing callback dependency (#30797)\n * PanelLibrary: Adds library panel meta information to dashboard json (#30770)\n * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343)\n * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771)\n * GraphNG: improve behavior when switching between solid/dash/dots (#30796)\n * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778)\n * Add width for Variable Editors (#30791)\n * Chore: Remove warning when calling resource (#30752)\n * Auth: Use SigV4 lib from grafana-aws-sdk (#30713)\n * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784)\n * GraphNG: add bar alignment option (#30499)\n * Expressions: Measure total transformation requests and elapsed time (#30514)\n * Menu: Mark menu components as internal (#30740)\n * TableInputCSV: migrated styles from sass to emotion (#30554)\n * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777)\n * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772)\n * CDN: Adds support for serving assets over a CDN (#30691)\n * PanelEdit: Trigger refresh when changing data source (#30744)\n * Chore: remove __debug_bin (#30725)\n * BarChart: add alpha bar chart panel (#30323)\n * Docs: Time series panel (#30690)\n * Backend Plugins: Convert test data source to use SDK contracts (#29916)\n * Docs: Update whats-new-in-v7-4.md (#30747)\n * Add link to Elasticsearch docs. (#30748)\n * Mobile: Fixes issue scrolling on mobile in chrome (#30746)\n * TagsInput: Make placeholder configurable (#30718)\n * Docs: Add config settings for fonts in reporting (#30421)\n * Add menu.yaml to .gitignore (#30743)\n * bump cypress to 6.3.0 (#30644)\n * Datasource: Use json-iterator configuration compatible with standard library (#30732)\n * AlertingNG: Update UX to use new PageToolbar component (#30680)\n * Docs: Add usage insights export feature (#30376)\n * skip symlinks to directories when generating plugin manifest (#30721)\n * PluginCiE2E: Upgrade base images (#30696)\n * Variables: Fixes so text format will show All instead of custom all (#30730)\n * PanelLibrary: better handling of deleted panels (#30709)\n * Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724)\n * Added 'curated dashboards' information and broke down, rearranged topics. (#30659)\n * Transform: improve the 'outer join' performance/behavior (#30407)\n * Add alt text to plugin logos (#30710)\n * Deleted menu.yaml file (#30717)\n * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000)\n * Added entry for web server. (#30715)\n * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706)\n * Use connected GraphNG in Explore (#30707)\n * Fix documentation for streaming data sources (#30704)\n * PanelLibrary: changes casing of responses and adds meta property (#30668)\n * Influx: Show all datapoints for dynamically windowed flux query (#30688)\n * Trace: trace to logs design update (#30637)\n * DeployImage: Switch base images to Debian (#30684)\n * Chore: remove CSP debug logging line (#30689)\n * Docs: 7.4 documentation for expressions (#30524)\n * PanelEdit: Get rid of last remaining usage of navbar-button (#30682)\n * Grafana-UI: Fix setting default value for MultiSelect (#30671)\n * CustomScrollbar: migrated styles from sass to emotion (#30506)\n * DashboardSettings & PanelEdit: Use new PageToolbar (#30675)\n * Explore: Fix jumpy live tailing (#30650)\n * ci(npm-publish): add missing github package token to env vars (#30665)\n * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588)\n * AlertingNG: pause/unpause definitions via the API (#30627)\n * Docs: Refer to product docs in whats new for alerting templating feature (#30652)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666)\n * Variables: Fixes display value when using capture groups in regex (#30636)\n * Docs: Update _index.md (#30655)\n * Docs: Auditing updates (#30433)\n * Docs: add hidden_users configuration field (#30435)\n * Docs: Define TLS/SSL terminology (#30533)\n * Docs: Fix expressions enabled description (#30589)\n * Docs: Update ES screenshots (#30598)\n * Licensing Docs: Adding license restrictions docs (#30216)\n * Update documentation-style-guide.md (#30611)\n * Docs: Update queries.md (#30616)\n * chore(grafana-ui): bump storybook to 6.1.15 (#30642)\n * DashboardSettings: fixes vertical scrolling (#30640)\n * Usage Stats: Remove unused method for getting user stats (#30074)\n * Grafana/UI: Unit picker should not set a category as unit (#30638)\n * Graph: Fixes auto decimals issue in legend and tooltip (#30628)\n * AlertingNG: List saved Alert definitions in Alert Rule list (#30603)\n * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605)\n * Grafana/UI: Add disable prop to Segment (#30539)\n * Variables: Fixes so queries work for numbers values too (#30602)\n * Admin: Fixes so form values are filled in from backend (#30544)\n * Docs: Add new override info and add whats new 7.4 links (#30615)\n * TestData: Improve what's new in v7.4 (#30612)\n * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502)\n * NodeGraph: Add docs (#30504)\n * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517)\n * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570)\n * Update styling.md guide (#30594)\n * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583)\n * Chore(deps): Bump github.com/prometheus/client_golang (#30585)\n * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587)\n * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584)\n * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572)\n * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474)\n * Add documentation for Exemplars (#30317)\n * OldGraph: Fix height issue in Firefox (#30565)\n * XY Chart: fix editor error with empty frame (no fields) (#30573)\n * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510)\n * XY Chart: share legend config with timeseries (#30559)\n * configuration.md: Document Content Security Policy options (#30413)\n * DataFrame: cache frame/field index in field state (#30529)\n * List + before -; rm old Git ref; reformat. (#30543)\n * Expressions: Add option to disable feature (#30541)\n * Explore: Fix loading visualisation on the top of the new time series panel (#30553)\n * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511)\n * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519)\n * Postgres: Convert tests to stdlib (#30536)\n * Storybook: Migrate card story to use controls (#30535)\n * AlertingNG: Enable UI to Save Alert Definitions (#30394)\n * Postgres: Be consistent about TLS/SSL terminology (#30532)\n * Loki: Append refId to logs uid (#30418)\n * Postgres: Fix indentation (#30531)\n * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527)\n * updates for e2e docker image (#30465)\n * GraphNG: uPlot 1.6.2 (#30521)\n * Docs: Update whats-new-in-v7-4.md (#30520)\n * Prettier: ignore build and devenv dirs (#30501)\n * Chore: Upgrade grabpl version (#30486)\n * Explore: Update styling of buttons (#30493)\n * Cloud Monitoring: Fix legend naming with display name override (#30440)\n * GraphNG: Disable Plot logging by default (#30390)\n * Admin: Fixes so whole org drop down is visible when adding users to org (#30481)\n * Docs: include Makefile option for local assets (#30455)\n * Footer: Fixes layout issue in footer (#30443)\n * TimeSeriesPanel: Fixed default value for gradientMode (#30484)\n * Docs: fix typo in what's new doc (#30489)\n * Chore: adds wait to e2e test (#30488)\n * chore: update packages dependent on dot-prop to fix security vulnerability (#30432)\n * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480)\n * Chore: fix spelling mistake (#30473)\n * Chore: Restrict internal imports from other packages (#30453)\n * Docs: What's new fixes and improvements (#30469)\n * Timeseries: only migrage point size when configured (#30461)\n * Alerting: Hides threshold handle for percentual thresholds (#30431)\n * Graph: Fixes so only users with correct permissions can add annotations (#30419)\n * Chore: update latest version to 7.4.0-beta1 (#30452)\n * Docs: Add whats new 7.4 links (#30463)\n * Update whats-new-in-v7-4.md (#30460)\n * docs: 7.4 what's new (Add expressions note) (#30446)\n * Chore: Upgrade build pipeline tool (#30456)\n * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441)\n * Expressions: Fix button icon (#30444)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449)\n * Docs: Fix img link for alert notification template (#30436)\n * grafana/ui: Fix internal import from grafana/data (#30439)\n * prevent field config from being overwritten (#30437)\n * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389)\n * Dashboard: Remove template variables option from ShareModal (#30395)\n * Added doc content for variables inspector code change by Hugo (#30408)\n * Docs: update license expiration behavior for reporting (#30420)\n * Chore: use old version format in package.json (#30430)\n * Chore: upgrade NPM security vulnerabilities (#30397)\n * 'Release: Updated versions in package to 7.5.0-pre.0' (#30428)\n * contribute: Add backend and configuration guidelines for PRs (#30426)\n * Chore: Update what's new URL (#30424)\n- Update to version 7.4.5\n- CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809)\n- CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813)\n- CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-2660,SUSE-SLE-Manager-Tools-15-2021-2660", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2660-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:2660-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20212660-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:2660-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009284.html", }, { category: "self", summary: "SUSE Bug 1183803", url: "https://bugzilla.suse.com/1183803", }, { category: "self", summary: "SUSE Bug 1183809", url: "https://bugzilla.suse.com/1183809", }, { category: "self", summary: "SUSE Bug 1183811", url: "https://bugzilla.suse.com/1183811", }, { category: "self", summary: "SUSE Bug 1183813", url: "https://bugzilla.suse.com/1183813", }, { category: "self", summary: "SUSE Bug 1184371", url: "https://bugzilla.suse.com/1184371", }, { category: "self", summary: "SUSE CVE CVE-2021-27358 page", url: "https://www.suse.com/security/cve/CVE-2021-27358/", }, { category: "self", summary: "SUSE CVE CVE-2021-27962 page", url: "https://www.suse.com/security/cve/CVE-2021-27962/", }, { category: "self", summary: "SUSE CVE CVE-2021-28146 page", url: "https://www.suse.com/security/cve/CVE-2021-28146/", }, { category: "self", summary: "SUSE CVE CVE-2021-28147 page", url: "https://www.suse.com/security/cve/CVE-2021-28147/", }, { category: "self", summary: "SUSE CVE CVE-2021-28148 page", url: "https://www.suse.com/security/cve/CVE-2021-28148/", }, ], title: "Security update for grafana", tracking: { current_release_date: "2021-08-12T10:01:36Z", generator: { date: "2021-08-12T10:01:36Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:2660-1", initial_release_date: "2021-08-12T10:01:36Z", revision_history: [ { date: "2021-08-12T10:01:36Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-7.5.7-1.21.1.aarch64", product: { name: "grafana-7.5.7-1.21.1.aarch64", product_id: "grafana-7.5.7-1.21.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-7.5.7-1.21.1.i586", product: { name: "grafana-7.5.7-1.21.1.i586", product_id: "grafana-7.5.7-1.21.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grafana-7.5.7-1.21.1.ppc64le", product: { name: "grafana-7.5.7-1.21.1.ppc64le", product_id: "grafana-7.5.7-1.21.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-7.5.7-1.21.1.s390x", product: { name: "grafana-7.5.7-1.21.1.s390x", product_id: "grafana-7.5.7-1.21.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grafana-7.5.7-1.21.1.x86_64", product: { name: "grafana-7.5.7-1.21.1.x86_64", product_id: "grafana-7.5.7-1.21.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Client Tools 15", product: { name: "SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15", }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.21.1.aarch64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", }, product_reference: "grafana-7.5.7-1.21.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.21.1.ppc64le as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", }, product_reference: "grafana-7.5.7-1.21.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.21.1.s390x as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", }, product_reference: "grafana-7.5.7-1.21.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.21.1.x86_64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", }, product_reference: "grafana-7.5.7-1.21.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, ], }, vulnerabilities: [ { cve: "CVE-2021-27358", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27358", }, ], notes: [ { category: "general", text: "The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27358", url: "https://www.suse.com/security/cve/CVE-2021-27358", }, { category: "external", summary: "SUSE Bug 1183803 for CVE-2021-27358", url: "https://bugzilla.suse.com/1183803", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:01:36Z", details: "important", }, ], title: "CVE-2021-27358", }, { cve: "CVE-2021-27962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27962", }, ], notes: [ { category: "general", text: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27962", url: "https://www.suse.com/security/cve/CVE-2021-27962", }, { category: "external", summary: "SUSE Bug 1184371 for CVE-2021-27962", url: "https://bugzilla.suse.com/1184371", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:01:36Z", details: "moderate", }, ], title: "CVE-2021-27962", }, { cve: "CVE-2021-28146", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28146", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28146", url: "https://www.suse.com/security/cve/CVE-2021-28146", }, { category: "external", summary: "SUSE Bug 1183811 for CVE-2021-28146", url: "https://bugzilla.suse.com/1183811", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:01:36Z", details: "moderate", }, ], title: "CVE-2021-28146", }, { cve: "CVE-2021-28147", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28147", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28147", url: "https://www.suse.com/security/cve/CVE-2021-28147", }, { category: "external", summary: "SUSE Bug 1183809 for CVE-2021-28147", url: "https://bugzilla.suse.com/1183809", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:01:36Z", details: "moderate", }, ], title: "CVE-2021-28147", }, { cve: "CVE-2021-28148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28148", }, ], notes: [ { category: "general", text: "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28148", url: "https://www.suse.com/security/cve/CVE-2021-28148", }, { category: "external", summary: "SUSE Bug 1183813 for CVE-2021-28148", url: "https://bugzilla.suse.com/1183813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.aarch64", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.ppc64le", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.s390x", "SUSE Manager Client Tools 15:grafana-7.5.7-1.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:01:36Z", details: "important", }, ], title: "CVE-2021-28148", }, ], }
suse-su-2021:2673-1
Vulnerability from csaf_suse
Published
2021-08-12 10:04
Modified
2021-08-12 10:04
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
golang-github-prometheus-prometheus:
- Provide and reload firewalld configuration only for:
+ openSUSE Leap 15.0, 15.1, 15.2
+ SUSE SUSE Linux Enterprise 15, SP1, SP2
- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)
- SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242)
+ Features:
* Promtool: Retroactive rule evaluation functionality.
* Configuration: Environment variable expansion for external labels.
Behind '--enable-feature=expand-external-labels' flag.
* TSDB: Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the
blocks for small Prometheus instances.
* UI: Add a dark theme.
* AWS Lightsail Discovery: Add AWS Lightsail Discovery.
* Docker Discovery: Add Docker Service Discovery.
* OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.
* Remote Write: Send exemplars via remote write. Experimental and disabled by default.
+ Enhancements:
* Digital Ocean Discovery: Add __meta_digitalocean_vpc label.
* Scaleway Discovery: Read Scaleway secret from a file.
* Scrape: Add configurable limits for label size and count.
* UI: Add 16w and 26w time range steps.
* Templating: Enable parsing strings in humanize functions.
+ Bugfixes:
* UI: Provide errors instead of blank page on TSDB Status Page.
* TSDB: Do not panic when writing very large records to the WAL.
* TSDB: Avoid panic when mmaped memory is referenced after the file is closed.
* Scaleway Discovery: Fix nil pointer dereference.
* Consul Discovery: Restart no longer required after config update with no targets.
- Update package with changes from `server:monitoring` (bsc#1175478)
Left out removal of firewalld related configuration files as SLE-15-SP1's `firewalld` package does not contain
prometheus configuration yet.
grafana:
- Update to version 7.5.7:
* Updated relref to 'Configuring exemplars' section
* Added exemplar topic
* Quota: Do not count folders towards dashboard quota
* Instructions to separate emails with semicolons
* Docs: Remove documentation of v8 generic OAuth feature
* Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned
* Add missing '--no-cache' to Dockerfile.
* ReleaseNotes: Updated changelog and release notes for 7.5.6
* Stop hoisting @icons/material
* Chore: fix react-color version in yarn.lock.
* 'Release: Updated versions in package to 7.5.6'
* Loki: fix label browser crashing when + typed
* Document `hide_version` flag
* Add isolation level db configuration parameter
* Sanitize PromLink button
* Docs feedback: '/administration/provisioning.md'
* Docs: delete from high availability docs references to removed configurations related to session storage
* Docs: Update '_index.md'
* Docs: Update 'installation.md'
* GraphNG: uPlot 1.6.9
* dont consider invalid email address a failed email
* InfluxDB: Improve measurement-autocomplete behavior in query editor
* add template for dashboard url parameters
* Add note to Snapshot API doc to specify that user has to provide the entire dashboard model
* Update 'team.md'
* Removed duplicate file 'dashboard_folder_permissions.md'
* Document 'customQueryParameters' for prometheus datasource provisioning
* ReleaseNotes: Updated changelog and release notes for 7.5.5
* Documentation: Update 'developer-guide.md'
* add closed parenthesis to fix a hyperlink
* GraphNG: Fix exemplars window position
* Remove field limitation from slack notification
* Prometheus: Support POST in template variables
* Instrumentation: Add success rate metrics for email notifications
* Use either moment objects (for absolute times in the datepicker) or string (for relative time)
* Docs: Removed type from find annotations example.
* FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters
to prometheus
* Updated label for add panel.
* Bug: Add git to ''Dockerfile.ubuntu'
* Docs: Sync latest master docs with 7.5.x
* Docs: Update ''getting-started-influxdb.md'
* Doc: Document the X-Grafana-Org-Id HTTP header
* Minor Changes in ''Auditing.md'
* Docs: Add license check endpoint doc
* Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second
* Docs: InfluxDB doc improvements
* Loki: Pass Skip TLS Verify setting to alert queries
* update cla
* Fix inefficient regular expression
* Auth: Don't clear auth token cookie when lookup token fails
* Elasticsearch: Add documentation for supported Elasticsearch query transformations
* Fixed some formatting issues for PRs from yesterday.
* Explore: Load default data source in Explore when the provided source does not exist
* Docs: Replace next with latest in aliases
* Added missing link item.
* Docs: Backport 32916 to v7.5x
* ReleaseNotes: Updated changelog and release notes for 7.5.4
* Elasticsearch: Force re-rendering of each editor row type change
* Docs: Sync release branch with latest docs
- Update to version 7.5.4:
* 'Release: Updated versions in package to 7.5.4' (#32971)
* fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967)
* Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968)
* fix sqlite3 tx retry condition operator precedence (#32897) (#32952)
* AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947)
* Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945)
* GraphNG: uPlot 1.6.8 (#32859) (#32863)
* Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844)
* Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804)
* [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758)
* TablePanel: Makes sorting case-insensitive (#32435) (#32752)
- Update to version 7.5.3:
* 'Release: Updated versions in package to 7.5.3' (#32745)
* FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741)
* Loki: Remove empty annotations tags (#32359) (#32490)
* SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739)
* Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726)
* Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714)
* Variables: Confirms selection before opening new picker (#32586) (#32710)
* CloudWarch: Fix service quotas link (#32686) (#32689)
* Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598)
* chore: bump execa to v2.1.0 (#32543) (#32592)
* Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558)
* Fix broken gtime tests (#32582) (#32587)
* resolve conflicts (#32567)
* gtime: Make ParseInterval deterministic (#32539) (#32560)
* Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535)
* TextboxVariable: Limits the length of the preview value (#32472) (#32530)
* AdHocVariable: Adds default data source (#32470) (#32476)
* Variables: Fixes Unsupported data format error for null values (#32480) (#32487)
* Prometheus: align exemplars check to latest api change (#32513) (#32515)
* 'Release: Updated versions in package to 7.5.2' (#32502)
* SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488)
* Set spanNulls to default (#32471) (#32486)
* Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442)
* API: Return 409 on datasource version conflict (#32425) (#32433)
* API: Return 400 on invalid Annotation requests (#32429) (#32431)
* Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424)
* Table: Fixes so links work for image cells (#32370) (#32410)
* Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394)
* DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395)
* API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397)
* 'Release: Updated versions in package to 7.5.1' (#32362)
* MSSQL: Upgrade go-mssqldb (#32347) (#32361)
* GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348)
* 'Release: Updated versions in package to 7.5.0' (#32308)
* Loki: Fix text search in Label browser (#32293) (#32306)
* Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299)
* PieChartV2: Add migration from old piechart (#32259) (#32291)
* LibraryPanels: Adds Type and Description to DB (#32258) (#32288)
* LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284)
* Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281)
* LibraryPanels: Changes to non readonly reducer (#32193) (#32200)
* Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262)
* SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102)
* DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247)
* Logs: If log message missing, use empty string (#32080) (#32243)
* CloudWatch: Use latest version of aws sdk (#32217) (#32223)
* Release: Updated versions in package to 7.5.0-beta.2 (#32158)
* HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154)
* GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151)
* Fix loading timezone info on windows (#32029) (#32149)
* SQLStore: Close session in withDbSession (#31775) (#32108)
* Remove datalink template suggestions for accessing specific fields when there are multiple dataframes.
* GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125)
* MixedDataSource: Name is updated when data source variable changes (#32090) (#32144)
* Backport 32005 to v7.5.x #32128 (#32130)
* Loki: Label browser UI updates (#31737) (#32119)
* ValueMappings: Fixes value 0 not being mapped (#31924) (#31929)
* GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103)
* LibraryPanels: Improves the Get All experience (#32028) (#32093)
* Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032)
* Exemplars: always query exemplars (#31673) (#32024)
* [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055)
* Chore: Collect elasticsearch version usage stats (#31787) (#32063)
* Chore: Tidy up Go deps (#32053)
* GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066)
* Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060)
* [v7.5.x] Auth: Allow soft token revocation (#32037)
* Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036)
* Make master green (#32011) (#32015)
* Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982)
* Variables: Fixes filtering in picker with null items (#31979) (#31995)
* TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003)
* Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987)
* Loki: Fix type errors in language_provider (#31902) (#31945)
* PanelInspect: Interpolates variables in CSV file name (#31936) (#31977)
* Cloudwatch: use shared library for aws auth (#29550) (#31946)
* Tooltip: partial perf improvement (#31774) (#31837) (#31957)
* Backport 31913 to v7.5.x (#31955)
* Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938)
* Variables: Do not reset description on variable type change (#31933) (#31939)
* [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894)
* Elasticseach: Support histogram fields (#29079) (#31914)
* Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896)
* Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891)
* Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801)
* [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882)
* Run go mod tidy to update go.mod and go.sum (#31859)
* Grafana/ui: display all selected levels for Cascader (#31729) (#31862)
* CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861)
* Cloudwatch: ListMetrics API page limit (#31788) (#31851)
* Remove invalid attribute (#31848) (#31850)
* CloudWatch: Restrict auth provider and assume role usage
* CloudWatch: Add support for EC2 IAM role (#31804) (#31841)
* Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819)
* Variables: Improves inspection performance and unknown filtering (#31811) (#31813)
* Change piechart plugin state to beta (#31797) (#31798)
* ReduceTransform: Include series with numeric string names (#31763) (#31794)
* Annotations: Make the annotation clean up batch size configurable (#31487) (#31769)
* Fix escaping in ANSI and dynamic button removal (#31731) (#31767)
* DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718)
* log skipped, performed and duration for migrations (#31722) (#31754)
* Search: Make items more compact (#31734) (#31750)
* loki_datasource: add documentation to label_format and line_format (#31710) (#31746)
* Tempo: Convert tempo to backend data source2 (#31733)
* Elasticsearch: Fix script fields in query editor (#31681) (#31727)
* Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717)
* Admin: Keeps expired api keys visible in table after delete (#31636) (#31675)
* Tempo: set authentication header properly (#31699) (#31701)
* Tempo: convert to backend data source (#31618) (#31695)
* Update package.json (#31672)
* Release: Bump version to 7.5.0-beta.1 (#31664)
* Fix whatsNewUrl version to 7.5 (#31666)
* Chore: add alias for what's new 7.5 (#31669)
* Docs: Update doc for PostgreSQL authentication (#31434)
* Docs: document report template variables (#31637)
* AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633)
* Color: Fixes issue where colors where reset to gray when switch panels (#31611)
* Live: Use pure WebSocket transport (#31630)
* Docs: Fix broken image link (#31661)
* Docs: Add Whats new in 7.5 (#31659)
* Docs: Fix links for 7.5 (#31658)
* Update enterprise-configuration.md (#31656)
* Explore/Logs: Escaping of incorrectly escaped log lines (#31352)
* Tracing: Small improvements to trace types (#31646)
* Update _index.md (#31645)
* AlertingNG: code refactoring (#30787)
* Remove pkill gpg-agent (#31169)
* Remove format for plugin routes (#31633)
* Library Panels: Change unsaved change detection logic (#31477)
* CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624)
* add new metrics and dimensions (#31595)
* fix devenv dashboard content typo (#31583)
* DashList: Sort starred and searched dashboard alphabetically (#31605)
* Docs: Update whats-new-in-v7-4.md (#31612)
* SSE: Add 'Classic Condition' on backend (#31511)
* InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259)
* Alerting: PagerDuty: adding current state to the payload (#29270)
* devenv: Fix typo (#31589)
* Loki: Label browser (#30351)
* LibraryPanels: No save modal when user is on same dashboard (#31606)
* Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603)
* Update node-graph.md (#31571)
* test: pass Cypress options objects into selector wrappers (#31567)
* Loki: Add support for alerting (#31424)
* Tracing: Specify type of the data frame that is expected for TraceView (#31465)
* LibraryPanels: Adds version column (#31590)
* PieChart: Add color changing options to pie chart (#31588)
* Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558)
* Bring back correct legend sizing afer PlotLegend refactor (#31582)
* Alerting: Fix bug in Discord for when name for metric value is absent (#31257)
* LibraryPanels: Deletes library panels during folder deletion (#31572)
* chore: bump lodash to 4.17.21 (#31549)
* Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus
in explore
* TestData: Fixes never ending annotations scenario (#31573)
* CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498)
* propagate plugin unavailable message to UI (#31560)
* ConfirmButton: updates story from knobs to controls (#31476)
* Loki: Refactor line limit to use grafana/ui component (#31509)
* LibraryPanels: Adds folder checks and permissions (#31473)
* Add guide on custom option editors (#31254)
* PieChart: Update text color and minor changes (#31546)
* Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036)
* Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210)
* PieChart: Improve piechart legend and options (#31446)
* Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538)
* Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539)
* Add multiselect options ui (#31501)
* Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516)
* Variables: Fixes error with: cannot read property length of undefined (#31458)
* Explore: Show ANSI colored logs in logs context (#31510)
* LogsPanel: Show all received logs (#31505)
* AddPanel: Design polish (#31484)
* TimeSeriesPanel: Remove unnecessary margin from legend (#31467)
* influxdb: flux: handle is-hidden (#31324)
* Graph: Fix tooltip not showing when close to the edge of viewport (#31493)
* FolderPicker: Remove useNewForms from FolderPicker (#31485)
* Add reportVariables feature toggle (#31469)
* Grafana datasource: support multiple targets (#31495)
* Update license-restrictions.md (#31488)
* Docs: Derived fields links in logs detail view (#31482)
* Docs: Add new data source links to Enterprise page (#31480)
* Convert annotations to dataframes (#31400)
* ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475)
* GrafanaUI: Fixes typescript error for missing css prop (#31479)
* Login: handle custom token creation error messages (#31283)
* Library Panels: Don't list current panel in available panels list (#31472)
* DashboardSettings: Migrate Link Settings to React (#31150)
* Frontend changes for library panels feature (#30653)
* Alerting notifier SensuGo: improvements in default message (#31428)
* AppPlugins: Options to disable showing config page in nav (#31354)
* add aws config (#31464)
* Heatmap: Fix missing/wrong value in heatmap legend (#31430)
* Chore: Fixes small typos (#31461)
* Graphite/SSE: update graphite to work with server side expressions (#31455)
* update the lastest version to 7.4.3 (#31457)
* ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454)
* AWS: Add aws plugin configuration (#31312)
* Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452)
* Remove UserSyncInfo.tsx (#31450)
* Elasticsearch: Add word highlighting to search results (#30293)
* Chore: Fix eslint react hook warnings in grafana-ui (#31092)
* CloudWatch: Make it possible to specify custom api endpoint (#31402)
* Chore: fixed incorrect naming for disable settings (#31448)
* TraceViewer: Fix show log marker in spanbar (#30742)
* LibraryPanels: Adds permissions to getAllHandler (#31416)
* NamedColorsPalette: updates story from knobs to controls (#31443)
* 'Release: Updated versions in package to 7.4.3' (#31444)
* ColorPicker: updates story from knobs to controls (#31429)
* Fixes an issue with time series panel and streaming data source when scrolling back from being out of view
* ClipboardButton: updates story from knobs to controls (#31422)
* we should never log unhashed tokens (#31432)
* CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407)
* Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322)
* Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353)
* CloudWatch: Added AWS Ground Station metrics and dimensions (#31362)
* TraceViewer: Fix trace to logs icon to show in right pane (#31414)
* add hg team as migrations code owners (#31420)
* Remove tidy-check script (#31423)
* InfluxDB: handle columns named 'table' (#30985)
* Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401)
* Devenv: Add gdev-influxdb2 data source (#31250)
* Update grabpl from 0.5.38 to 0.5.42 version (#31419)
* Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421)
* remove squadcast details from docs (#31413)
* Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297)
* Logging: add frontend logging helpers to @grafana/runtime package (#30482)
* CallToActionCard: updates story from knobs to controls (#31393)
* Add eu-south-1 cloudwatch region, closes #31197 (#31198)
* Chore: Upgrade eslint packages (#31408)
* Cascader: updates story from knobs to controls (#31399)
* addressed issues 28763 and 30314. (#31404)
* Added section Query a time series database by id (#31337)
* Prometheus: Change default httpMethod for new instances to POST (#31292)
* Data source list: Use Card component (#31326)
* Chore: Remove gotest.tools dependency (#31391)
* Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388)
* Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387)
* AdHocVariables: Fixes crash when values are stored as numbers (#31382)
* Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379)
* Chore: Fix strict errors, down to 416 (#31365)
* Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378)
* StoryBook: Introduces Grafana Controls (#31351)
* ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313)
* Theming: Support for runtime theme switching and hooks for custom themes (#31301)
* Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282)
* Zipkin: Show success on test data source (#30829)
* Update grot template (needs more info) (#31350)
* DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347)
* TimeSeriesPanel: Fixes overlapping time axis ticks (#31332)
* Grafana/UI: Add basic legend to the PieChart (#31278)
* SAML: single logout only enabled in enterprise (#31325)
* QueryEditor: handle query.hide changes in angular based query-editors (#31336)
* DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334)
* LibraryPanels: Syncs panel title with name (#31311)
* Chore: Upgrade golangci-lint (#31330)
* Add info to docs about concurrent session limits (#31333)
* Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316)
* BarGuage: updates story from knobs to controls (#31223)
* Docs: Clarifies how to add Key/Value pairs (#31303)
* Usagestats: Exclude folders from total dashboard count (#31320)
* ButtonCascader: updates story from knobs to controls (#31288)
* test: allow check for Table as well as Graph for Explore e2e flow (#31290)
* Grafana-UI: Update tooltip type (#31310)
* fix 7.4.2 release note (#31299)
* Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285)
* Chore: reduce strict errors for variables (#31241)
* update latest release version (#31296)
* ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291)
* Correct name of Discord notifier tests (#31277)
* Docs: Clarifies custom date formats for variables (#31271)
* BigValue: updates story from knobs to controls (#31240)
* Docs: Annotations update (#31194)
* Introduce functions for interacting with library panels API (#30993)
* Search: display sort metadata (#31167)
* Folders: Editors should be able to edit name and delete folders (#31242)
* Make Datetime local (No date if today) working (#31274)
* UsageStats: Purpose named variables (#31264)
* Snapshots: Disallow anonymous user to create snapshots (#31263)
* only update usagestats every 30min (#31131)
* Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701)
* Grafana-UI: Add id to Select to make it easier to test (#31230)
* Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055)
* UI/Card: Fix handling of 'onClick' callback (#31225)
* Loki: Add line limit for annotations (#31183)
* Remove deprecated and breaking loki config field (#31227)
* SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236)
* LibraryPanels: Disconnect before connect during dashboard save (#31235)
* Disable Change Password for OAuth users (#27886)
* TagsInput: Design update and component refactor (#31163)
* Variables: Adds back default option for data source variable (#31208)
* IPv6: Support host address configured with enclosing square brackets (#31226)
* Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179)
* GraphNG: refactor core to class component (#30941)
* Remove last synchronisation field from LDAP debug view (#30984)
* Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975)
* Graph: Make axes unit option work even when field option unit is set (#31205)
* AlertingNG: Test definition (#30886)
* Docs: Update Influx config options (#31146)
* WIP: Skip this call when we skip migrations (#31216)
* use 0.1.0 (#31215)
* DataSourceSrv: Filter out non queryable data sources by default (#31144)
* QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193)
* Chore: report eslint no-explicit-any errors to metrics (#31182)
* Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211)
* Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773)
* Alerting: Fix modal text for deleting obsolete notifier (#31171)
* Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204)
* Variables: Fixes missing empty elements from regex filters (#31156)
* StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126)
* Fixed the typo. (#31189)
* Docs: Rewrite preferences docs (#31154)
* Explore/Refactor: Simplify URL handling (#29173)
* DashboardLinks: Fixes links always cause full page reload (#31178)
* Replace PR with Commit truncated hash when build fails (#31177)
* Alert: update story to use controls (#31145)
* Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132)
* CloudWatch: Ensure empty query row errors are not passed to the panel (#31172)
* Update prometheus.md (#31173)
* Variables: Extend option pickers to accept custom onChange callback (#30913)
* Prometheus: Multiply exemplars timestamp to follow api change (#31143)
* DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160)
* Add author name and pr number in drone pipeline notifications (#31124)
* Prometheus: Add documentation for ad-hoc filters (#31122)
* DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135)
* Sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down
* Chore: Update latest.json (#31139)
* Docs: add 7.4.1 relese notes link (#31137)
* PieChart: Progress on new core pie chart (#28020)
* ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133)
* Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989)
* Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before
* MuxWriter: Handle error for already closed file (#31119)
* Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115)
* Search: add sort information in dashboard results (#30609)
* area/grafana/e2e: ginstall should pull version specified (#31056)
* Exemplars: Change CTA style (#30880)
* Influx: Make max series limit configurable and show the limiting message if applied (#31025)
* Docs: request security (#30937)
* update configurePanel for 7.4.0 changes (#31093)
* Elasticsearch: fix log row context erroring out (#31088)
* Prometheus: Fix issues with ad-hoc filters (#30931)
* LogsPanel: Add deduplication option for logs (#31019)
* Drone: Make sure CDN upload is ok before pushing docker images (#31075)
* PluginManager: Remove some global state (#31081)
* test: update addDashboard flow for v7.4.0 changes (#31059)
* Transformations: Fixed typo in FilterByValue transformer description. (#31078)
* Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074)
* Usage stats: Adds source/distributor setting (#31039)
* CDN: Add CDN upload step to enterprise and release pipelines (#31058)
* Chore: Replace native select with grafana ui select (#31030)
* Docs: Update json-model.md (#31066)
* Docs: Update whats-new-in-v7-4.md (#31069)
* Added hyperlinks to Graphite documentation (#31064)
* DashboardSettings: Update to new form styles (#31022)
* CDN: Fixing drone CI config (#31052)
* convert path to posix by default (#31045)
* DashboardLinks: Fixes crash when link has no title (#31008)
* Alerting: Fixes so notification channels are properly deleted (#31040)
* Explore: Remove emotion error when displaying logs (#31026)
* Elasticsearch: Fix alias field value not being shown in query editor (#30992)
* CDN: Adds uppload to CDN step to drone CI (#30879)
* Improved glossary (#31004)
* BarGauge: Improvements to value sizing and table inner width calculations (#30990)
* Drone: Fix deployment image (#31027)
* ColorPicker: migrated styles from sass to emotion (#30909)
* Dashboard: Migrate general settings to react (#30914)
* Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018)
* Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966)
* Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017)
* Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013)
* Graph: Fixes so graph is shown for non numeric time values (#30972)
* CloudMonitoring: Prevent resource type variable function from crashing (#30901)
* Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971)
* Build: Releases e2e and e2e-selectors too (#31006)
* TextPanel: Fixes so panel title is updated when variables change (#30884)
* Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000)
* instrumentation: make the first database histogram bucket smaller (#30995)
* Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt (#30988)
* StatPanel: Fixes issue formatting date values using unit option (#30979)
* Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973)
* Units: Fixes formatting of duration units (#30982)
* Elasticsearch: Show Size setting for raw_data metric (#30980)
* Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935)
* make sure service and slo display name is passed to segment comp (#30900)
* assign changes in cloud datasources to the new cloud datasources team (#30645)
* Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927)
* Theme: Use higher order theme color variables rather then is light/dark logic (#30939)
* Docs: Add alias for what's new in 7.4 (#30945)
* e2e: extends selector factory to plugins (#30932)
* Chore: Upgrade docker build image (#30820)
* Docs: updated developer guide (#29978)
* Alerts: Update Alert storybook to show more states (#30908)
* Variables: Adds queryparam formatting option (#30858)
* Chore: pad unknown values with undefined (#30808)
* Transformers: add search to transform selection (#30854)
* Exemplars: change api to reflect latest changes (#30910)
* docs: use selinux relabelling on docker containers (#27685)
* Docs: Fix bad image path for alert notification template (#30911)
* Make value mappings correctly interpret numeric-like strings (#30893)
* Chore: Update latest.json (#30905)
* Docs: Update whats-new-in-v7-4.md (#30882)
* Dashboard: Ignore changes to dashboard when the user session expires (#30897)
* ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902)
* test: add support for timeout to be passed in for addDatasource (#30736)
* increase page size and make sure the cache supports query params (#30892)
* DataSourceSettings: Adds info box and link to Grafana Cloud (#30891)
* OAuth: custom username docs (#28400)
* Panels: Remove value mapping of values that have been formatted #26763 (#30868)
* Alerting: Fixes alert panel header icon not showing (#30840)
* AlertingNG: Edit Alert Definition (#30676)
* Logging: sourcemap support for frontend stacktraces (#30590)
* Added 'Restart Grafana' topic. (#30844)
* Docs: Org, Team, and User Admin (#30756)
* bump grabpl version to 0.5.36 (#30874)
* Plugins: Requests validator (#30445)
* Docs: Update whats-new-in-v7-4.md (#30876)
* Docs: Add server view folder (#30849)
* Fixed image name and path (#30871)
* Grafana-ui: fixes closing modals with escape key (#30745)
* InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827)
* TestData: Fixes issue with for ever loading state when all queries are hidden (#30861)
* Chart/Tooltip: refactored style declaration (#30824)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853)
* Grafana-ui: fixes no data message in Table component (#30821)
* grafana/ui: Update pagination component for large number of pages (#30151)
* Alerting: Customise OK notification priorities for Pushover notifier (#30169)
* DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569)
* Chore: Remove panelTime.html, closes #30097 (#30842)
* Docs: Time series panel, bar alignment docs (#30780)
* Chore: add more docs annotations (#30847)
* Transforms: allow boolean in field calculations (#30802)
* Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825)
* Update prometheus.md with image link fix (#30833)
* BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806)
* Update license-expiration.md (#30839)
* Explore rewrite (#30804)
* Prometheus: Set type of labels to string (#30831)
* GrafanaUI: Add a way to persistently close InfoBox (#30716)
* Fix typo in transformer registry (#30712)
* Elasticsearch: Display errors with text responses (#30122)
* CDN: Fixes cdn path when Grafana is under sub path (#30822)
* TraceViewer: Fix lazy loading (#30700)
* FormField: migrated sass styling to emotion (#30392)
* AlertingNG: change API permissions (#30781)
* Variables: Clears drop down state when leaving dashboard (#30810)
* Grafana-UI: Add story/docs for ErrorBoundary (#30304)
* Add missing callback dependency (#30797)
* PanelLibrary: Adds library panel meta information to dashboard json (#30770)
* Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343)
* Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771)
* GraphNG: improve behavior when switching between solid/dash/dots (#30796)
* Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778)
* Add width for Variable Editors (#30791)
* Chore: Remove warning when calling resource (#30752)
* Auth: Use SigV4 lib from grafana-aws-sdk (#30713)
* Panels: Fixes so panels are refreshed when scrolling past them fast (#30784)
* GraphNG: add bar alignment option (#30499)
* Expressions: Measure total transformation requests and elapsed time (#30514)
* Menu: Mark menu components as internal (#30740)
* TableInputCSV: migrated styles from sass to emotion (#30554)
* CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777)
* Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772)
* CDN: Adds support for serving assets over a CDN (#30691)
* PanelEdit: Trigger refresh when changing data source (#30744)
* Chore: remove __debug_bin (#30725)
* BarChart: add alpha bar chart panel (#30323)
* Docs: Time series panel (#30690)
* Backend Plugins: Convert test data source to use SDK contracts (#29916)
* Docs: Update whats-new-in-v7-4.md (#30747)
* Add link to Elasticsearch docs. (#30748)
* Mobile: Fixes issue scrolling on mobile in chrome (#30746)
* TagsInput: Make placeholder configurable (#30718)
* Docs: Add config settings for fonts in reporting (#30421)
* Add menu.yaml to .gitignore (#30743)
* bump cypress to 6.3.0 (#30644)
* Datasource: Use json-iterator configuration compatible with standard library (#30732)
* AlertingNG: Update UX to use new PageToolbar component (#30680)
* Docs: Add usage insights export feature (#30376)
* skip symlinks to directories when generating plugin manifest (#30721)
* PluginCiE2E: Upgrade base images (#30696)
* Variables: Fixes so text format will show All instead of custom all (#30730)
* PanelLibrary: better handling of deleted panels (#30709)
* Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724)
* Added 'curated dashboards' information and broke down, rearranged topics. (#30659)
* Transform: improve the 'outer join' performance/behavior (#30407)
* Add alt text to plugin logos (#30710)
* Deleted menu.yaml file (#30717)
* Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000)
* Added entry for web server. (#30715)
* DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706)
* Use connected GraphNG in Explore (#30707)
* Fix documentation for streaming data sources (#30704)
* PanelLibrary: changes casing of responses and adds meta property (#30668)
* Influx: Show all datapoints for dynamically windowed flux query (#30688)
* Trace: trace to logs design update (#30637)
* DeployImage: Switch base images to Debian (#30684)
* Chore: remove CSP debug logging line (#30689)
* Docs: 7.4 documentation for expressions (#30524)
* PanelEdit: Get rid of last remaining usage of navbar-button (#30682)
* Grafana-UI: Fix setting default value for MultiSelect (#30671)
* CustomScrollbar: migrated styles from sass to emotion (#30506)
* DashboardSettings & PanelEdit: Use new PageToolbar (#30675)
* Explore: Fix jumpy live tailing (#30650)
* ci(npm-publish): add missing github package token to env vars (#30665)
* PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588)
* AlertingNG: pause/unpause definitions via the API (#30627)
* Docs: Refer to product docs in whats new for alerting templating feature (#30652)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666)
* Variables: Fixes display value when using capture groups in regex (#30636)
* Docs: Update _index.md (#30655)
* Docs: Auditing updates (#30433)
* Docs: add hidden_users configuration field (#30435)
* Docs: Define TLS/SSL terminology (#30533)
* Docs: Fix expressions enabled description (#30589)
* Docs: Update ES screenshots (#30598)
* Licensing Docs: Adding license restrictions docs (#30216)
* Update documentation-style-guide.md (#30611)
* Docs: Update queries.md (#30616)
* chore(grafana-ui): bump storybook to 6.1.15 (#30642)
* DashboardSettings: fixes vertical scrolling (#30640)
* Usage Stats: Remove unused method for getting user stats (#30074)
* Grafana/UI: Unit picker should not set a category as unit (#30638)
* Graph: Fixes auto decimals issue in legend and tooltip (#30628)
* AlertingNG: List saved Alert definitions in Alert Rule list (#30603)
* chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605)
* Grafana/UI: Add disable prop to Segment (#30539)
* Variables: Fixes so queries work for numbers values too (#30602)
* Admin: Fixes so form values are filled in from backend (#30544)
* Docs: Add new override info and add whats new 7.4 links (#30615)
* TestData: Improve what's new in v7.4 (#30612)
* Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502)
* NodeGraph: Add docs (#30504)
* Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517)
* TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570)
* Update styling.md guide (#30594)
* TestData: Adding what's new in v7.4 to the devenv dashboards (#30568)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583)
* Chore(deps): Bump github.com/prometheus/client_golang (#30585)
* Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587)
* Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584)
* Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572)
* RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474)
* Add documentation for Exemplars (#30317)
* OldGraph: Fix height issue in Firefox (#30565)
* XY Chart: fix editor error with empty frame (no fields) (#30573)
* ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510)
* XY Chart: share legend config with timeseries (#30559)
* configuration.md: Document Content Security Policy options (#30413)
* DataFrame: cache frame/field index in field state (#30529)
* List + before -; rm old Git ref; reformat. (#30543)
* Expressions: Add option to disable feature (#30541)
* Explore: Fix loading visualisation on the top of the new time series panel (#30553)
* Prometheus: Fix show query instead of Value if no __name__ and metric (#30511)
* Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519)
* Postgres: Convert tests to stdlib (#30536)
* Storybook: Migrate card story to use controls (#30535)
* AlertingNG: Enable UI to Save Alert Definitions (#30394)
* Postgres: Be consistent about TLS/SSL terminology (#30532)
* Loki: Append refId to logs uid (#30418)
* Postgres: Fix indentation (#30531)
* GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527)
* updates for e2e docker image (#30465)
* GraphNG: uPlot 1.6.2 (#30521)
* Docs: Update whats-new-in-v7-4.md (#30520)
* Prettier: ignore build and devenv dirs (#30501)
* Chore: Upgrade grabpl version (#30486)
* Explore: Update styling of buttons (#30493)
* Cloud Monitoring: Fix legend naming with display name override (#30440)
* GraphNG: Disable Plot logging by default (#30390)
* Admin: Fixes so whole org drop down is visible when adding users to org (#30481)
* Docs: include Makefile option for local assets (#30455)
* Footer: Fixes layout issue in footer (#30443)
* TimeSeriesPanel: Fixed default value for gradientMode (#30484)
* Docs: fix typo in what's new doc (#30489)
* Chore: adds wait to e2e test (#30488)
* chore: update packages dependent on dot-prop to fix security vulnerability (#30432)
* Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480)
* Chore: fix spelling mistake (#30473)
* Chore: Restrict internal imports from other packages (#30453)
* Docs: What's new fixes and improvements (#30469)
* Timeseries: only migrage point size when configured (#30461)
* Alerting: Hides threshold handle for percentual thresholds (#30431)
* Graph: Fixes so only users with correct permissions can add annotations (#30419)
* Chore: update latest version to 7.4.0-beta1 (#30452)
* Docs: Add whats new 7.4 links (#30463)
* Update whats-new-in-v7-4.md (#30460)
* docs: 7.4 what's new (Add expressions note) (#30446)
* Chore: Upgrade build pipeline tool (#30456)
* PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441)
* Expressions: Fix button icon (#30444)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449)
* Docs: Fix img link for alert notification template (#30436)
* grafana/ui: Fix internal import from grafana/data (#30439)
* prevent field config from being overwritten (#30437)
* Refactoring applying panel and field options out of PanelModel and add property clean up for properties not
in field config registry
* Dashboard: Remove template variables option from ShareModal (#30395)
* Added doc content for variables inspector code change by Hugo (#30408)
* Docs: update license expiration behavior for reporting (#30420)
* Chore: use old version format in package.json (#30430)
* Chore: upgrade NPM security vulnerabilities (#30397)
* 'Release: Updated versions in package to 7.5.0-pre.0' (#30428)
* contribute: Add backend and configuration guidelines for PRs (#30426)
* Chore: Update what's new URL (#30424)
- Update to version 7.4.5
* Security: Fix API permissions issues related to team-sync CVE-2021-28146, CVE-2021-28147.
* Security: Usage insights requires signed in users CVE-2021-28148.
* Security: Do not allow editors to incorrectly bypass permissions on the default data source. CVE-2021-27962.
mgr-cfg:
- No visible impact for the user
mgr-custom-info:
- No visible impact for the user
mgr-osad:
- No visible impact for the user
mgr-push:
- No visible impact for the user
mgr-virtualization:
- No visible impact for the user
rhnlib:
- No visible impact for the user
spacecmd:
- Make spacecmd aware of retracted patches/packages
- Enhance help for installation types when creating distributions (bsc#1186581)
- Parse empty argument when nothing in between the separator
spacewalk-client-tools:
- Update translation strings
spacewalk-koan:
- No visible impact for the user
spacewalk-oscap:
- No visible impact for the user
suseRegisterInfo:
- No visible impact for the user
uyuni-common-libs:
- Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650)
- Maintainer field in debian packages are only recommended (bsc#1186508)
Patchnames
SUSE-2021-2673,SUSE-SLE-Manager-Tools-12-2021-2673
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\ngolang-github-prometheus-prometheus:\n\n- Provide and reload firewalld configuration only for:\n + openSUSE Leap 15.0, 15.1, 15.2\n + SUSE SUSE Linux Enterprise 15, SP1, SP2\n- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)\n\n - SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242)\n + Features:\n * Promtool: Retroactive rule evaluation functionality.\n * Configuration: Environment variable expansion for external labels. \n Behind '--enable-feature=expand-external-labels' flag.\n * TSDB: Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the \n blocks for small Prometheus instances.\n * UI: Add a dark theme.\n * AWS Lightsail Discovery: Add AWS Lightsail Discovery.\n * Docker Discovery: Add Docker Service Discovery.\n * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.\n * Remote Write: Send exemplars via remote write. Experimental and disabled by default.\n + Enhancements:\n * Digital Ocean Discovery: Add __meta_digitalocean_vpc label.\n * Scaleway Discovery: Read Scaleway secret from a file.\n * Scrape: Add configurable limits for label size and count.\n * UI: Add 16w and 26w time range steps.\n * Templating: Enable parsing strings in humanize functions.\n + Bugfixes:\n * UI: Provide errors instead of blank page on TSDB Status Page.\n * TSDB: Do not panic when writing very large records to the WAL.\n * TSDB: Avoid panic when mmaped memory is referenced after the file is closed.\n * Scaleway Discovery: Fix nil pointer dereference.\n * Consul Discovery: Restart no longer required after config update with no targets.\n- Update package with changes from `server:monitoring` (bsc#1175478)\n Left out removal of firewalld related configuration files as SLE-15-SP1's `firewalld` package does not contain \n prometheus configuration yet.\n\ngrafana:\n\n- Update to version 7.5.7:\n * Updated relref to 'Configuring exemplars' section\n * Added exemplar topic\n * Quota: Do not count folders towards dashboard quota\n * Instructions to separate emails with semicolons\n * Docs: Remove documentation of v8 generic OAuth feature\n * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned \n * Add missing '--no-cache' to Dockerfile.\n * ReleaseNotes: Updated changelog and release notes for 7.5.6\n * Stop hoisting @icons/material\n * Chore: fix react-color version in yarn.lock.\n * 'Release: Updated versions in package to 7.5.6'\n * Loki: fix label browser crashing when + typed\n * Document `hide_version` flag\n * Add isolation level db configuration parameter\n * Sanitize PromLink button\n * Docs feedback: '/administration/provisioning.md'\n * Docs: delete from high availability docs references to removed configurations related to session storage\n * Docs: Update '_index.md'\n * Docs: Update 'installation.md'\n * GraphNG: uPlot 1.6.9\n * dont consider invalid email address a failed email\n * InfluxDB: Improve measurement-autocomplete behavior in query editor \n * add template for dashboard url parameters\n * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model\n * Update 'team.md' \n * Removed duplicate file 'dashboard_folder_permissions.md' \n * Document 'customQueryParameters' for prometheus datasource provisioning\n * ReleaseNotes: Updated changelog and release notes for 7.5.5\n * Documentation: Update 'developer-guide.md'\n * add closed parenthesis to fix a hyperlink\n * GraphNG: Fix exemplars window position\n * Remove field limitation from slack notification\n * Prometheus: Support POST in template variables\n * Instrumentation: Add success rate metrics for email notifications\n * Use either moment objects (for absolute times in the datepicker) or string (for relative time)\n * Docs: Removed type from find annotations example.\n * FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters \n to prometheus\n * Updated label for add panel.\n * Bug: Add git to ''Dockerfile.ubuntu'\n * Docs: Sync latest master docs with 7.5.x\n * Docs: Update ''getting-started-influxdb.md'\n * Doc: Document the X-Grafana-Org-Id HTTP header\n * Minor Changes in ''Auditing.md'\n * Docs: Add license check endpoint doc\n * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second\n * Docs: InfluxDB doc improvements\n * Loki: Pass Skip TLS Verify setting to alert queries\n * update cla\n * Fix inefficient regular expression\n * Auth: Don't clear auth token cookie when lookup token fails\n * Elasticsearch: Add documentation for supported Elasticsearch query transformations\n * Fixed some formatting issues for PRs from yesterday.\n * Explore: Load default data source in Explore when the provided source does not exist\n * Docs: Replace next with latest in aliases\n * Added missing link item.\n * Docs: Backport 32916 to v7.5x\n * ReleaseNotes: Updated changelog and release notes for 7.5.4\n * Elasticsearch: Force re-rendering of each editor row type change\n * Docs: Sync release branch with latest docs\n - Update to version 7.5.4:\n * 'Release: Updated versions in package to 7.5.4' (#32971)\n * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967)\n * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968)\n * fix sqlite3 tx retry condition operator precedence (#32897) (#32952)\n * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947)\n * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945)\n * GraphNG: uPlot 1.6.8 (#32859) (#32863)\n * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844)\n * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804)\n * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758)\n * TablePanel: Makes sorting case-insensitive (#32435) (#32752)\n- Update to version 7.5.3:\n * 'Release: Updated versions in package to 7.5.3' (#32745)\n * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741)\n * Loki: Remove empty annotations tags (#32359) (#32490)\n * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739)\n * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726)\n * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714)\n * Variables: Confirms selection before opening new picker (#32586) (#32710)\n * CloudWarch: Fix service quotas link (#32686) (#32689)\n * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598)\n * chore: bump execa to v2.1.0 (#32543) (#32592)\n * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558)\n * Fix broken gtime tests (#32582) (#32587)\n * resolve conflicts (#32567)\n * gtime: Make ParseInterval deterministic (#32539) (#32560)\n * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535)\n * TextboxVariable: Limits the length of the preview value (#32472) (#32530)\n * AdHocVariable: Adds default data source (#32470) (#32476)\n * Variables: Fixes Unsupported data format error for null values (#32480) (#32487)\n * Prometheus: align exemplars check to latest api change (#32513) (#32515)\n * 'Release: Updated versions in package to 7.5.2' (#32502)\n * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488)\n * Set spanNulls to default (#32471) (#32486)\n * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442)\n * API: Return 409 on datasource version conflict (#32425) (#32433)\n * API: Return 400 on invalid Annotation requests (#32429) (#32431)\n * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424)\n * Table: Fixes so links work for image cells (#32370) (#32410)\n * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394)\n * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395)\n * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397)\n * 'Release: Updated versions in package to 7.5.1' (#32362)\n * MSSQL: Upgrade go-mssqldb (#32347) (#32361)\n * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348)\n * 'Release: Updated versions in package to 7.5.0' (#32308)\n * Loki: Fix text search in Label browser (#32293) (#32306)\n * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299)\n * PieChartV2: Add migration from old piechart (#32259) (#32291)\n * LibraryPanels: Adds Type and Description to DB (#32258) (#32288)\n * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284)\n * Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281)\n * LibraryPanels: Changes to non readonly reducer (#32193) (#32200)\n * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262)\n * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102)\n * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247)\n * Logs: If log message missing, use empty string (#32080) (#32243)\n * CloudWatch: Use latest version of aws sdk (#32217) (#32223)\n * Release: Updated versions in package to 7.5.0-beta.2 (#32158)\n * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154)\n * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151)\n * Fix loading timezone info on windows (#32029) (#32149)\n * SQLStore: Close session in withDbSession (#31775) (#32108)\n * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes.\n * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125)\n * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144)\n * Backport 32005 to v7.5.x #32128 (#32130)\n * Loki: Label browser UI updates (#31737) (#32119)\n * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929)\n * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103)\n * LibraryPanels: Improves the Get All experience (#32028) (#32093)\n * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032)\n * Exemplars: always query exemplars (#31673) (#32024)\n * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055)\n * Chore: Collect elasticsearch version usage stats (#31787) (#32063)\n * Chore: Tidy up Go deps (#32053)\n * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066)\n * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060)\n * [v7.5.x] Auth: Allow soft token revocation (#32037)\n * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036)\n * Make master green (#32011) (#32015)\n * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982)\n * Variables: Fixes filtering in picker with null items (#31979) (#31995)\n * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003)\n * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987)\n * Loki: Fix type errors in language_provider (#31902) (#31945)\n * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977)\n * Cloudwatch: use shared library for aws auth (#29550) (#31946)\n * Tooltip: partial perf improvement (#31774) (#31837) (#31957)\n * Backport 31913 to v7.5.x (#31955)\n * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938)\n * Variables: Do not reset description on variable type change (#31933) (#31939)\n * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894)\n * Elasticseach: Support histogram fields (#29079) (#31914)\n * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896)\n * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891)\n * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801)\n * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882)\n * Run go mod tidy to update go.mod and go.sum (#31859)\n * Grafana/ui: display all selected levels for Cascader (#31729) (#31862)\n * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861)\n * Cloudwatch: ListMetrics API page limit (#31788) (#31851)\n * Remove invalid attribute (#31848) (#31850)\n * CloudWatch: Restrict auth provider and assume role usage \n * CloudWatch: Add support for EC2 IAM role (#31804) (#31841)\n * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819)\n * Variables: Improves inspection performance and unknown filtering (#31811) (#31813)\n * Change piechart plugin state to beta (#31797) (#31798)\n * ReduceTransform: Include series with numeric string names (#31763) (#31794)\n * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769)\n * Fix escaping in ANSI and dynamic button removal (#31731) (#31767)\n * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718)\n * log skipped, performed and duration for migrations (#31722) (#31754)\n * Search: Make items more compact (#31734) (#31750)\n * loki_datasource: add documentation to label_format and line_format (#31710) (#31746)\n * Tempo: Convert tempo to backend data source2 (#31733)\n * Elasticsearch: Fix script fields in query editor (#31681) (#31727)\n * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717)\n * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675)\n * Tempo: set authentication header properly (#31699) (#31701)\n * Tempo: convert to backend data source (#31618) (#31695)\n * Update package.json (#31672)\n * Release: Bump version to 7.5.0-beta.1 (#31664)\n * Fix whatsNewUrl version to 7.5 (#31666)\n * Chore: add alias for what's new 7.5 (#31669)\n * Docs: Update doc for PostgreSQL authentication (#31434)\n * Docs: document report template variables (#31637)\n * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633)\n * Color: Fixes issue where colors where reset to gray when switch panels (#31611)\n * Live: Use pure WebSocket transport (#31630)\n * Docs: Fix broken image link (#31661)\n * Docs: Add Whats new in 7.5 (#31659)\n * Docs: Fix links for 7.5 (#31658)\n * Update enterprise-configuration.md (#31656)\n * Explore/Logs: Escaping of incorrectly escaped log lines (#31352)\n * Tracing: Small improvements to trace types (#31646)\n * Update _index.md (#31645)\n * AlertingNG: code refactoring (#30787)\n * Remove pkill gpg-agent (#31169)\n * Remove format for plugin routes (#31633)\n * Library Panels: Change unsaved change detection logic (#31477)\n * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624)\n * add new metrics and dimensions (#31595)\n * fix devenv dashboard content typo (#31583)\n * DashList: Sort starred and searched dashboard alphabetically (#31605)\n * Docs: Update whats-new-in-v7-4.md (#31612)\n * SSE: Add 'Classic Condition' on backend (#31511)\n * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259)\n * Alerting: PagerDuty: adding current state to the payload (#29270)\n * devenv: Fix typo (#31589)\n * Loki: Label browser (#30351)\n * LibraryPanels: No save modal when user is on same dashboard (#31606)\n * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603)\n * Update node-graph.md (#31571)\n * test: pass Cypress options objects into selector wrappers (#31567)\n * Loki: Add support for alerting (#31424)\n * Tracing: Specify type of the data frame that is expected for TraceView (#31465)\n * LibraryPanels: Adds version column (#31590)\n * PieChart: Add color changing options to pie chart (#31588)\n * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558)\n * Bring back correct legend sizing afer PlotLegend refactor (#31582)\n * Alerting: Fix bug in Discord for when name for metric value is absent (#31257)\n * LibraryPanels: Deletes library panels during folder deletion (#31572)\n * chore: bump lodash to 4.17.21 (#31549)\n * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus \n in explore\n * TestData: Fixes never ending annotations scenario (#31573)\n * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498)\n * propagate plugin unavailable message to UI (#31560)\n * ConfirmButton: updates story from knobs to controls (#31476)\n * Loki: Refactor line limit to use grafana/ui component (#31509)\n * LibraryPanels: Adds folder checks and permissions (#31473)\n * Add guide on custom option editors (#31254)\n * PieChart: Update text color and minor changes (#31546)\n * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036)\n * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210)\n * PieChart: Improve piechart legend and options (#31446)\n * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538)\n * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539)\n * Add multiselect options ui (#31501)\n * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516)\n * Variables: Fixes error with: cannot read property length of undefined (#31458)\n * Explore: Show ANSI colored logs in logs context (#31510)\n * LogsPanel: Show all received logs (#31505)\n * AddPanel: Design polish (#31484)\n * TimeSeriesPanel: Remove unnecessary margin from legend (#31467)\n * influxdb: flux: handle is-hidden (#31324)\n * Graph: Fix tooltip not showing when close to the edge of viewport (#31493)\n * FolderPicker: Remove useNewForms from FolderPicker (#31485)\n * Add reportVariables feature toggle (#31469)\n * Grafana datasource: support multiple targets (#31495)\n * Update license-restrictions.md (#31488)\n * Docs: Derived fields links in logs detail view (#31482)\n * Docs: Add new data source links to Enterprise page (#31480)\n * Convert annotations to dataframes (#31400)\n * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475)\n * GrafanaUI: Fixes typescript error for missing css prop (#31479)\n * Login: handle custom token creation error messages (#31283)\n * Library Panels: Don't list current panel in available panels list (#31472)\n * DashboardSettings: Migrate Link Settings to React (#31150)\n * Frontend changes for library panels feature (#30653)\n * Alerting notifier SensuGo: improvements in default message (#31428)\n * AppPlugins: Options to disable showing config page in nav (#31354)\n * add aws config (#31464)\n * Heatmap: Fix missing/wrong value in heatmap legend (#31430)\n * Chore: Fixes small typos (#31461)\n * Graphite/SSE: update graphite to work with server side expressions (#31455)\n * update the lastest version to 7.4.3 (#31457)\n * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454)\n * AWS: Add aws plugin configuration (#31312)\n * Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452)\n * Remove UserSyncInfo.tsx (#31450)\n * Elasticsearch: Add word highlighting to search results (#30293)\n * Chore: Fix eslint react hook warnings in grafana-ui (#31092)\n * CloudWatch: Make it possible to specify custom api endpoint (#31402)\n * Chore: fixed incorrect naming for disable settings (#31448)\n * TraceViewer: Fix show log marker in spanbar (#30742)\n * LibraryPanels: Adds permissions to getAllHandler (#31416)\n * NamedColorsPalette: updates story from knobs to controls (#31443)\n * 'Release: Updated versions in package to 7.4.3' (#31444)\n * ColorPicker: updates story from knobs to controls (#31429)\n * Fixes an issue with time series panel and streaming data source when scrolling back from being out of view\n * ClipboardButton: updates story from knobs to controls (#31422)\n * we should never log unhashed tokens (#31432)\n * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407)\n * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322)\n * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353)\n * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362)\n * TraceViewer: Fix trace to logs icon to show in right pane (#31414)\n * add hg team as migrations code owners (#31420)\n * Remove tidy-check script (#31423)\n * InfluxDB: handle columns named 'table' (#30985)\n * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401)\n * Devenv: Add gdev-influxdb2 data source (#31250)\n * Update grabpl from 0.5.38 to 0.5.42 version (#31419)\n * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421)\n * remove squadcast details from docs (#31413)\n * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297)\n * Logging: add frontend logging helpers to @grafana/runtime package (#30482)\n * CallToActionCard: updates story from knobs to controls (#31393)\n * Add eu-south-1 cloudwatch region, closes #31197 (#31198)\n * Chore: Upgrade eslint packages (#31408)\n * Cascader: updates story from knobs to controls (#31399)\n * addressed issues 28763 and 30314. (#31404)\n * Added section Query a time series database by id (#31337)\n * Prometheus: Change default httpMethod for new instances to POST (#31292)\n * Data source list: Use Card component (#31326)\n * Chore: Remove gotest.tools dependency (#31391)\n * Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388)\n * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387)\n * AdHocVariables: Fixes crash when values are stored as numbers (#31382)\n * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379)\n * Chore: Fix strict errors, down to 416 (#31365)\n * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378)\n * StoryBook: Introduces Grafana Controls (#31351)\n * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313)\n * Theming: Support for runtime theme switching and hooks for custom themes (#31301)\n * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282)\n * Zipkin: Show success on test data source (#30829)\n * Update grot template (needs more info) (#31350)\n * DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347)\n * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332)\n * Grafana/UI: Add basic legend to the PieChart (#31278)\n * SAML: single logout only enabled in enterprise (#31325)\n * QueryEditor: handle query.hide changes in angular based query-editors (#31336)\n * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334)\n * LibraryPanels: Syncs panel title with name (#31311)\n * Chore: Upgrade golangci-lint (#31330)\n * Add info to docs about concurrent session limits (#31333)\n * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316)\n * BarGuage: updates story from knobs to controls (#31223)\n * Docs: Clarifies how to add Key/Value pairs (#31303)\n * Usagestats: Exclude folders from total dashboard count (#31320)\n * ButtonCascader: updates story from knobs to controls (#31288)\n * test: allow check for Table as well as Graph for Explore e2e flow (#31290)\n * Grafana-UI: Update tooltip type (#31310)\n * fix 7.4.2 release note (#31299)\n * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285)\n * Chore: reduce strict errors for variables (#31241)\n * update latest release version (#31296)\n * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291)\n * Correct name of Discord notifier tests (#31277)\n * Docs: Clarifies custom date formats for variables (#31271)\n * BigValue: updates story from knobs to controls (#31240)\n * Docs: Annotations update (#31194)\n * Introduce functions for interacting with library panels API (#30993)\n * Search: display sort metadata (#31167)\n * Folders: Editors should be able to edit name and delete folders (#31242)\n * Make Datetime local (No date if today) working (#31274)\n * UsageStats: Purpose named variables (#31264)\n * Snapshots: Disallow anonymous user to create snapshots (#31263)\n * only update usagestats every 30min (#31131)\n * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701)\n * Grafana-UI: Add id to Select to make it easier to test (#31230)\n * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055)\n * UI/Card: Fix handling of 'onClick' callback (#31225)\n * Loki: Add line limit for annotations (#31183)\n * Remove deprecated and breaking loki config field (#31227)\n * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236)\n * LibraryPanels: Disconnect before connect during dashboard save (#31235)\n * Disable Change Password for OAuth users (#27886)\n * TagsInput: Design update and component refactor (#31163)\n * Variables: Adds back default option for data source variable (#31208)\n * IPv6: Support host address configured with enclosing square brackets (#31226)\n * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179)\n * GraphNG: refactor core to class component (#30941)\n * Remove last synchronisation field from LDAP debug view (#30984)\n * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975)\n * Graph: Make axes unit option work even when field option unit is set (#31205)\n * AlertingNG: Test definition (#30886)\n * Docs: Update Influx config options (#31146)\n * WIP: Skip this call when we skip migrations (#31216)\n * use 0.1.0 (#31215)\n * DataSourceSrv: Filter out non queryable data sources by default (#31144)\n * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193)\n * Chore: report eslint no-explicit-any errors to metrics (#31182)\n * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211)\n * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773)\n * Alerting: Fix modal text for deleting obsolete notifier (#31171)\n * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204)\n * Variables: Fixes missing empty elements from regex filters (#31156)\n * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126)\n * Fixed the typo. (#31189)\n * Docs: Rewrite preferences docs (#31154)\n * Explore/Refactor: Simplify URL handling (#29173)\n * DashboardLinks: Fixes links always cause full page reload (#31178)\n * Replace PR with Commit truncated hash when build fails (#31177)\n * Alert: update story to use controls (#31145)\n * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132)\n * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172)\n * Update prometheus.md (#31173)\n * Variables: Extend option pickers to accept custom onChange callback (#30913)\n * Prometheus: Multiply exemplars timestamp to follow api change (#31143)\n * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160)\n * Add author name and pr number in drone pipeline notifications (#31124)\n * Prometheus: Add documentation for ad-hoc filters (#31122)\n * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135)\n * Sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down\n * Chore: Update latest.json (#31139)\n * Docs: add 7.4.1 relese notes link (#31137)\n * PieChart: Progress on new core pie chart (#28020)\n * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133)\n * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989)\n * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before\n * MuxWriter: Handle error for already closed file (#31119)\n * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115)\n * Search: add sort information in dashboard results (#30609)\n * area/grafana/e2e: ginstall should pull version specified (#31056)\n * Exemplars: Change CTA style (#30880)\n * Influx: Make max series limit configurable and show the limiting message if applied (#31025)\n * Docs: request security (#30937)\n * update configurePanel for 7.4.0 changes (#31093)\n * Elasticsearch: fix log row context erroring out (#31088)\n * Prometheus: Fix issues with ad-hoc filters (#30931)\n * LogsPanel: Add deduplication option for logs (#31019)\n * Drone: Make sure CDN upload is ok before pushing docker images (#31075)\n * PluginManager: Remove some global state (#31081)\n * test: update addDashboard flow for v7.4.0 changes (#31059)\n * Transformations: Fixed typo in FilterByValue transformer description. (#31078)\n * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074)\n * Usage stats: Adds source/distributor setting (#31039)\n * CDN: Add CDN upload step to enterprise and release pipelines (#31058)\n * Chore: Replace native select with grafana ui select (#31030)\n * Docs: Update json-model.md (#31066)\n * Docs: Update whats-new-in-v7-4.md (#31069)\n * Added hyperlinks to Graphite documentation (#31064)\n * DashboardSettings: Update to new form styles (#31022)\n * CDN: Fixing drone CI config (#31052)\n * convert path to posix by default (#31045)\n * DashboardLinks: Fixes crash when link has no title (#31008)\n * Alerting: Fixes so notification channels are properly deleted (#31040)\n * Explore: Remove emotion error when displaying logs (#31026)\n * Elasticsearch: Fix alias field value not being shown in query editor (#30992)\n * CDN: Adds uppload to CDN step to drone CI (#30879)\n * Improved glossary (#31004)\n * BarGauge: Improvements to value sizing and table inner width calculations (#30990)\n * Drone: Fix deployment image (#31027)\n * ColorPicker: migrated styles from sass to emotion (#30909)\n * Dashboard: Migrate general settings to react (#30914)\n * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018)\n * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966)\n * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017)\n * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013)\n * Graph: Fixes so graph is shown for non numeric time values (#30972)\n * CloudMonitoring: Prevent resource type variable function from crashing (#30901)\n * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971)\n * Build: Releases e2e and e2e-selectors too (#31006)\n * TextPanel: Fixes so panel title is updated when variables change (#30884)\n * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000)\n * instrumentation: make the first database histogram bucket smaller (#30995)\n * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt (#30988)\n * StatPanel: Fixes issue formatting date values using unit option (#30979)\n * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973)\n * Units: Fixes formatting of duration units (#30982)\n * Elasticsearch: Show Size setting for raw_data metric (#30980)\n * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935)\n * make sure service and slo display name is passed to segment comp (#30900)\n * assign changes in cloud datasources to the new cloud datasources team (#30645)\n * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927)\n * Theme: Use higher order theme color variables rather then is light/dark logic (#30939)\n * Docs: Add alias for what's new in 7.4 (#30945)\n * e2e: extends selector factory to plugins (#30932)\n * Chore: Upgrade docker build image (#30820)\n * Docs: updated developer guide (#29978)\n * Alerts: Update Alert storybook to show more states (#30908)\n * Variables: Adds queryparam formatting option (#30858)\n * Chore: pad unknown values with undefined (#30808)\n * Transformers: add search to transform selection (#30854)\n * Exemplars: change api to reflect latest changes (#30910)\n * docs: use selinux relabelling on docker containers (#27685)\n * Docs: Fix bad image path for alert notification template (#30911)\n * Make value mappings correctly interpret numeric-like strings (#30893)\n * Chore: Update latest.json (#30905)\n * Docs: Update whats-new-in-v7-4.md (#30882)\n * Dashboard: Ignore changes to dashboard when the user session expires (#30897)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902)\n * test: add support for timeout to be passed in for addDatasource (#30736)\n * increase page size and make sure the cache supports query params (#30892)\n * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891)\n * OAuth: custom username docs (#28400)\n * Panels: Remove value mapping of values that have been formatted #26763 (#30868)\n * Alerting: Fixes alert panel header icon not showing (#30840)\n * AlertingNG: Edit Alert Definition (#30676)\n * Logging: sourcemap support for frontend stacktraces (#30590)\n * Added 'Restart Grafana' topic. (#30844)\n * Docs: Org, Team, and User Admin (#30756)\n * bump grabpl version to 0.5.36 (#30874)\n * Plugins: Requests validator (#30445)\n * Docs: Update whats-new-in-v7-4.md (#30876)\n * Docs: Add server view folder (#30849)\n * Fixed image name and path (#30871)\n * Grafana-ui: fixes closing modals with escape key (#30745)\n * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827)\n * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861)\n * Chart/Tooltip: refactored style declaration (#30824)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853)\n * Grafana-ui: fixes no data message in Table component (#30821)\n * grafana/ui: Update pagination component for large number of pages (#30151)\n * Alerting: Customise OK notification priorities for Pushover notifier (#30169)\n * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569)\n * Chore: Remove panelTime.html, closes #30097 (#30842)\n * Docs: Time series panel, bar alignment docs (#30780)\n * Chore: add more docs annotations (#30847)\n * Transforms: allow boolean in field calculations (#30802)\n * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825)\n * Update prometheus.md with image link fix (#30833)\n * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806)\n * Update license-expiration.md (#30839)\n * Explore rewrite (#30804)\n * Prometheus: Set type of labels to string (#30831)\n * GrafanaUI: Add a way to persistently close InfoBox (#30716)\n * Fix typo in transformer registry (#30712)\n * Elasticsearch: Display errors with text responses (#30122)\n * CDN: Fixes cdn path when Grafana is under sub path (#30822)\n * TraceViewer: Fix lazy loading (#30700)\n * FormField: migrated sass styling to emotion (#30392)\n * AlertingNG: change API permissions (#30781)\n * Variables: Clears drop down state when leaving dashboard (#30810)\n * Grafana-UI: Add story/docs for ErrorBoundary (#30304)\n * Add missing callback dependency (#30797)\n * PanelLibrary: Adds library panel meta information to dashboard json (#30770)\n * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343)\n * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771)\n * GraphNG: improve behavior when switching between solid/dash/dots (#30796)\n * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778)\n * Add width for Variable Editors (#30791)\n * Chore: Remove warning when calling resource (#30752)\n * Auth: Use SigV4 lib from grafana-aws-sdk (#30713)\n * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784)\n * GraphNG: add bar alignment option (#30499)\n * Expressions: Measure total transformation requests and elapsed time (#30514)\n * Menu: Mark menu components as internal (#30740)\n * TableInputCSV: migrated styles from sass to emotion (#30554)\n * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777)\n * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772)\n * CDN: Adds support for serving assets over a CDN (#30691)\n * PanelEdit: Trigger refresh when changing data source (#30744)\n * Chore: remove __debug_bin (#30725)\n * BarChart: add alpha bar chart panel (#30323)\n * Docs: Time series panel (#30690)\n * Backend Plugins: Convert test data source to use SDK contracts (#29916)\n * Docs: Update whats-new-in-v7-4.md (#30747)\n * Add link to Elasticsearch docs. (#30748)\n * Mobile: Fixes issue scrolling on mobile in chrome (#30746)\n * TagsInput: Make placeholder configurable (#30718)\n * Docs: Add config settings for fonts in reporting (#30421)\n * Add menu.yaml to .gitignore (#30743)\n * bump cypress to 6.3.0 (#30644)\n * Datasource: Use json-iterator configuration compatible with standard library (#30732)\n * AlertingNG: Update UX to use new PageToolbar component (#30680)\n * Docs: Add usage insights export feature (#30376)\n * skip symlinks to directories when generating plugin manifest (#30721)\n * PluginCiE2E: Upgrade base images (#30696)\n * Variables: Fixes so text format will show All instead of custom all (#30730)\n * PanelLibrary: better handling of deleted panels (#30709)\n * Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724)\n * Added 'curated dashboards' information and broke down, rearranged topics. (#30659)\n * Transform: improve the 'outer join' performance/behavior (#30407)\n * Add alt text to plugin logos (#30710)\n * Deleted menu.yaml file (#30717)\n * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000)\n * Added entry for web server. (#30715)\n * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706)\n * Use connected GraphNG in Explore (#30707)\n * Fix documentation for streaming data sources (#30704)\n * PanelLibrary: changes casing of responses and adds meta property (#30668)\n * Influx: Show all datapoints for dynamically windowed flux query (#30688)\n * Trace: trace to logs design update (#30637)\n * DeployImage: Switch base images to Debian (#30684)\n * Chore: remove CSP debug logging line (#30689)\n * Docs: 7.4 documentation for expressions (#30524)\n * PanelEdit: Get rid of last remaining usage of navbar-button (#30682)\n * Grafana-UI: Fix setting default value for MultiSelect (#30671)\n * CustomScrollbar: migrated styles from sass to emotion (#30506)\n * DashboardSettings & PanelEdit: Use new PageToolbar (#30675)\n * Explore: Fix jumpy live tailing (#30650)\n * ci(npm-publish): add missing github package token to env vars (#30665)\n * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588)\n * AlertingNG: pause/unpause definitions via the API (#30627)\n * Docs: Refer to product docs in whats new for alerting templating feature (#30652)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666)\n * Variables: Fixes display value when using capture groups in regex (#30636)\n * Docs: Update _index.md (#30655)\n * Docs: Auditing updates (#30433)\n * Docs: add hidden_users configuration field (#30435)\n * Docs: Define TLS/SSL terminology (#30533)\n * Docs: Fix expressions enabled description (#30589)\n * Docs: Update ES screenshots (#30598)\n * Licensing Docs: Adding license restrictions docs (#30216)\n * Update documentation-style-guide.md (#30611)\n * Docs: Update queries.md (#30616)\n * chore(grafana-ui): bump storybook to 6.1.15 (#30642)\n * DashboardSettings: fixes vertical scrolling (#30640)\n * Usage Stats: Remove unused method for getting user stats (#30074)\n * Grafana/UI: Unit picker should not set a category as unit (#30638)\n * Graph: Fixes auto decimals issue in legend and tooltip (#30628)\n * AlertingNG: List saved Alert definitions in Alert Rule list (#30603)\n * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605)\n * Grafana/UI: Add disable prop to Segment (#30539)\n * Variables: Fixes so queries work for numbers values too (#30602)\n * Admin: Fixes so form values are filled in from backend (#30544)\n * Docs: Add new override info and add whats new 7.4 links (#30615)\n * TestData: Improve what's new in v7.4 (#30612)\n * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502)\n * NodeGraph: Add docs (#30504)\n * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517)\n * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570)\n * Update styling.md guide (#30594)\n * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583)\n * Chore(deps): Bump github.com/prometheus/client_golang (#30585)\n * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587)\n * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584)\n * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572)\n * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474)\n * Add documentation for Exemplars (#30317)\n * OldGraph: Fix height issue in Firefox (#30565)\n * XY Chart: fix editor error with empty frame (no fields) (#30573)\n * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510)\n * XY Chart: share legend config with timeseries (#30559)\n * configuration.md: Document Content Security Policy options (#30413)\n * DataFrame: cache frame/field index in field state (#30529)\n * List + before -; rm old Git ref; reformat. (#30543)\n * Expressions: Add option to disable feature (#30541)\n * Explore: Fix loading visualisation on the top of the new time series panel (#30553)\n * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511)\n * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519)\n * Postgres: Convert tests to stdlib (#30536)\n * Storybook: Migrate card story to use controls (#30535)\n * AlertingNG: Enable UI to Save Alert Definitions (#30394)\n * Postgres: Be consistent about TLS/SSL terminology (#30532)\n * Loki: Append refId to logs uid (#30418)\n * Postgres: Fix indentation (#30531)\n * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527)\n * updates for e2e docker image (#30465)\n * GraphNG: uPlot 1.6.2 (#30521)\n * Docs: Update whats-new-in-v7-4.md (#30520)\n * Prettier: ignore build and devenv dirs (#30501)\n * Chore: Upgrade grabpl version (#30486)\n * Explore: Update styling of buttons (#30493)\n * Cloud Monitoring: Fix legend naming with display name override (#30440)\n * GraphNG: Disable Plot logging by default (#30390)\n * Admin: Fixes so whole org drop down is visible when adding users to org (#30481)\n * Docs: include Makefile option for local assets (#30455)\n * Footer: Fixes layout issue in footer (#30443)\n * TimeSeriesPanel: Fixed default value for gradientMode (#30484)\n * Docs: fix typo in what's new doc (#30489)\n * Chore: adds wait to e2e test (#30488)\n * chore: update packages dependent on dot-prop to fix security vulnerability (#30432)\n * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480)\n * Chore: fix spelling mistake (#30473)\n * Chore: Restrict internal imports from other packages (#30453)\n * Docs: What's new fixes and improvements (#30469)\n * Timeseries: only migrage point size when configured (#30461)\n * Alerting: Hides threshold handle for percentual thresholds (#30431)\n * Graph: Fixes so only users with correct permissions can add annotations (#30419)\n * Chore: update latest version to 7.4.0-beta1 (#30452)\n * Docs: Add whats new 7.4 links (#30463)\n * Update whats-new-in-v7-4.md (#30460)\n * docs: 7.4 what's new (Add expressions note) (#30446)\n * Chore: Upgrade build pipeline tool (#30456)\n * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441)\n * Expressions: Fix button icon (#30444)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449)\n * Docs: Fix img link for alert notification template (#30436)\n * grafana/ui: Fix internal import from grafana/data (#30439)\n * prevent field config from being overwritten (#30437)\n * Refactoring applying panel and field options out of PanelModel and add property clean up for properties not \n in field config registry\n * Dashboard: Remove template variables option from ShareModal (#30395)\n * Added doc content for variables inspector code change by Hugo (#30408)\n * Docs: update license expiration behavior for reporting (#30420)\n * Chore: use old version format in package.json (#30430)\n * Chore: upgrade NPM security vulnerabilities (#30397)\n * 'Release: Updated versions in package to 7.5.0-pre.0' (#30428)\n * contribute: Add backend and configuration guidelines for PRs (#30426)\n * Chore: Update what's new URL (#30424)\n- Update to version 7.4.5\n * Security: Fix API permissions issues related to team-sync CVE-2021-28146, CVE-2021-28147.\n * Security: Usage insights requires signed in users CVE-2021-28148.\n * Security: Do not allow editors to incorrectly bypass permissions on the default data source. CVE-2021-27962.\n\nmgr-cfg:\n\n- No visible impact for the user\n\nmgr-custom-info:\n\n- No visible impact for the user\n\nmgr-osad:\n\n- No visible impact for the user\n\nmgr-push:\n\n- No visible impact for the user\n\nmgr-virtualization:\n\n- No visible impact for the user\n\nrhnlib:\n\n- No visible impact for the user\n\nspacecmd:\n\n- Make spacecmd aware of retracted patches/packages\n- Enhance help for installation types when creating distributions (bsc#1186581)\n- Parse empty argument when nothing in between the separator\n\nspacewalk-client-tools:\n\n- Update translation strings\n\nspacewalk-koan:\n\n- No visible impact for the user\n\nspacewalk-oscap:\n\n- No visible impact for the user\n\nsuseRegisterInfo:\n\n- No visible impact for the user\n\nuyuni-common-libs:\n\n- Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650)\n- Maintainer field in debian packages are only recommended (bsc#1186508)\n\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-2673,SUSE-SLE-Manager-Tools-12-2021-2673", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2673-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:2673-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20212673-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:2673-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009283.html", }, { category: "self", summary: "SUSE Bug 1175478", url: "https://bugzilla.suse.com/1175478", }, { category: "self", summary: "SUSE Bug 1186242", url: "https://bugzilla.suse.com/1186242", }, { category: "self", summary: "SUSE Bug 1186508", url: "https://bugzilla.suse.com/1186508", }, { category: "self", summary: "SUSE Bug 1186581", url: "https://bugzilla.suse.com/1186581", }, { category: "self", summary: "SUSE Bug 1186650", url: "https://bugzilla.suse.com/1186650", }, { category: "self", summary: "SUSE CVE CVE-2021-27962 page", url: "https://www.suse.com/security/cve/CVE-2021-27962/", }, { category: "self", summary: "SUSE CVE CVE-2021-28146 page", url: "https://www.suse.com/security/cve/CVE-2021-28146/", }, { category: "self", summary: "SUSE CVE CVE-2021-28147 page", url: "https://www.suse.com/security/cve/CVE-2021-28147/", }, { category: "self", summary: "SUSE CVE CVE-2021-28148 page", url: "https://www.suse.com/security/cve/CVE-2021-28148/", }, { category: "self", summary: "SUSE CVE CVE-2021-29622 page", url: "https://www.suse.com/security/cve/CVE-2021-29622/", }, ], title: "Security update for SUSE Manager Client Tools", tracking: { current_release_date: "2021-08-12T10:04:57Z", generator: { date: "2021-08-12T10:04:57Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:2673-1", initial_release_date: "2021-08-12T10:04:57Z", revision_history: [ { date: "2021-08-12T10:04:57Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", product: { name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", product_id: "golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", }, }, { category: "product_version", name: "grafana-7.5.7-1.21.2.aarch64", product: { name: "grafana-7.5.7-1.21.2.aarch64", product_id: "grafana-7.5.7-1.21.2.aarch64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", product_id: "python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.i586", product: { name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.i586", product_id: "golang-github-prometheus-prometheus-2.27.1-1.29.2.i586", }, }, { category: "product_version", name: "grafana-7.5.7-1.21.2.i586", product: { name: "grafana-7.5.7-1.21.2.i586", product_id: "grafana-7.5.7-1.21.2.i586", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.2.i586", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.2.i586", product_id: "python2-uyuni-common-libs-4.2.5-1.15.2.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "mgr-cfg-4.2.3-1.18.2.noarch", product: { name: "mgr-cfg-4.2.3-1.18.2.noarch", product_id: "mgr-cfg-4.2.3-1.18.2.noarch", }, }, { category: "product_version", name: "mgr-cfg-actions-4.2.3-1.18.2.noarch", product: { name: "mgr-cfg-actions-4.2.3-1.18.2.noarch", product_id: "mgr-cfg-actions-4.2.3-1.18.2.noarch", }, }, { category: "product_version", name: "mgr-cfg-client-4.2.3-1.18.2.noarch", product: { name: "mgr-cfg-client-4.2.3-1.18.2.noarch", product_id: "mgr-cfg-client-4.2.3-1.18.2.noarch", }, }, { category: "product_version", name: "mgr-cfg-management-4.2.3-1.18.2.noarch", product: { name: "mgr-cfg-management-4.2.3-1.18.2.noarch", product_id: "mgr-cfg-management-4.2.3-1.18.2.noarch", }, }, { category: "product_version", name: "mgr-custom-info-4.2.2-1.12.2.noarch", product: { name: "mgr-custom-info-4.2.2-1.12.2.noarch", product_id: "mgr-custom-info-4.2.2-1.12.2.noarch", }, }, { category: "product_version", name: "mgr-osa-dispatcher-4.2.6-1.30.2.noarch", product: { name: "mgr-osa-dispatcher-4.2.6-1.30.2.noarch", product_id: "mgr-osa-dispatcher-4.2.6-1.30.2.noarch", }, }, { category: "product_version", name: "mgr-osad-4.2.6-1.30.2.noarch", product: { name: "mgr-osad-4.2.6-1.30.2.noarch", product_id: "mgr-osad-4.2.6-1.30.2.noarch", }, }, { category: "product_version", name: "mgr-push-4.2.3-1.12.2.noarch", product: { name: "mgr-push-4.2.3-1.12.2.noarch", product_id: "mgr-push-4.2.3-1.12.2.noarch", }, }, { category: "product_version", name: "mgr-virtualization-host-4.2.2-1.20.2.noarch", product: { name: "mgr-virtualization-host-4.2.2-1.20.2.noarch", product_id: "mgr-virtualization-host-4.2.2-1.20.2.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-4.2.3-1.18.2.noarch", product: { name: "python2-mgr-cfg-4.2.3-1.18.2.noarch", product_id: "python2-mgr-cfg-4.2.3-1.18.2.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", product: { name: "python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", product_id: "python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-client-4.2.3-1.18.2.noarch", product: { name: "python2-mgr-cfg-client-4.2.3-1.18.2.noarch", product_id: "python2-mgr-cfg-client-4.2.3-1.18.2.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-management-4.2.3-1.18.2.noarch", product: { name: "python2-mgr-cfg-management-4.2.3-1.18.2.noarch", product_id: "python2-mgr-cfg-management-4.2.3-1.18.2.noarch", }, }, { category: "product_version", name: "python2-mgr-osa-common-4.2.6-1.30.2.noarch", product: { name: "python2-mgr-osa-common-4.2.6-1.30.2.noarch", product_id: "python2-mgr-osa-common-4.2.6-1.30.2.noarch", }, }, { category: "product_version", name: "python2-mgr-osa-dispatcher-4.2.6-1.30.2.noarch", product: { name: "python2-mgr-osa-dispatcher-4.2.6-1.30.2.noarch", product_id: "python2-mgr-osa-dispatcher-4.2.6-1.30.2.noarch", }, }, { category: "product_version", name: "python2-mgr-osad-4.2.6-1.30.2.noarch", product: { name: "python2-mgr-osad-4.2.6-1.30.2.noarch", product_id: "python2-mgr-osad-4.2.6-1.30.2.noarch", }, }, { category: "product_version", name: "python2-mgr-push-4.2.3-1.12.2.noarch", product: { name: "python2-mgr-push-4.2.3-1.12.2.noarch", product_id: "python2-mgr-push-4.2.3-1.12.2.noarch", }, }, { category: "product_version", name: "python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", product: { name: "python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", product_id: "python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", }, }, { category: "product_version", name: "python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", product: { name: "python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", product_id: "python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", }, }, { category: "product_version", name: "python2-rhnlib-4.2.4-21.34.2.noarch", product: { name: "python2-rhnlib-4.2.4-21.34.2.noarch", product_id: "python2-rhnlib-4.2.4-21.34.2.noarch", }, }, { category: "product_version", name: "python2-spacewalk-check-4.2.12-52.53.2.noarch", product: { name: "python2-spacewalk-check-4.2.12-52.53.2.noarch", product_id: "python2-spacewalk-check-4.2.12-52.53.2.noarch", }, }, { category: "product_version", name: "python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", product: { name: "python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", product_id: "python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", }, }, { category: "product_version", name: "python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", product: { name: "python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", product_id: "python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", }, }, { category: "product_version", name: "python2-spacewalk-koan-4.2.4-24.24.2.noarch", product: { name: "python2-spacewalk-koan-4.2.4-24.24.2.noarch", product_id: "python2-spacewalk-koan-4.2.4-24.24.2.noarch", }, }, { category: "product_version", name: "python2-spacewalk-oscap-4.2.2-19.18.2.noarch", product: { name: "python2-spacewalk-oscap-4.2.2-19.18.2.noarch", product_id: "python2-spacewalk-oscap-4.2.2-19.18.2.noarch", }, }, { category: "product_version", name: "python2-suseRegisterInfo-4.2.4-25.18.2.noarch", product: { name: "python2-suseRegisterInfo-4.2.4-25.18.2.noarch", product_id: "python2-suseRegisterInfo-4.2.4-25.18.2.noarch", }, }, { category: "product_version", name: "spacecmd-4.2.11-38.85.2.noarch", product: { name: "spacecmd-4.2.11-38.85.2.noarch", product_id: "spacecmd-4.2.11-38.85.2.noarch", }, }, { category: "product_version", name: "spacewalk-check-4.2.12-52.53.2.noarch", product: { name: "spacewalk-check-4.2.12-52.53.2.noarch", product_id: "spacewalk-check-4.2.12-52.53.2.noarch", }, }, { category: "product_version", name: "spacewalk-client-setup-4.2.12-52.53.2.noarch", product: { name: "spacewalk-client-setup-4.2.12-52.53.2.noarch", product_id: "spacewalk-client-setup-4.2.12-52.53.2.noarch", }, }, { category: "product_version", name: "spacewalk-client-tools-4.2.12-52.53.2.noarch", product: { name: "spacewalk-client-tools-4.2.12-52.53.2.noarch", product_id: "spacewalk-client-tools-4.2.12-52.53.2.noarch", }, }, { category: "product_version", name: "spacewalk-koan-4.2.4-24.24.2.noarch", product: { name: "spacewalk-koan-4.2.4-24.24.2.noarch", product_id: "spacewalk-koan-4.2.4-24.24.2.noarch", }, }, { category: "product_version", name: "spacewalk-oscap-4.2.2-19.18.2.noarch", product: { name: "spacewalk-oscap-4.2.2-19.18.2.noarch", product_id: "spacewalk-oscap-4.2.2-19.18.2.noarch", }, }, { category: "product_version", name: "suseRegisterInfo-4.2.4-25.18.2.noarch", product: { name: "suseRegisterInfo-4.2.4-25.18.2.noarch", product_id: "suseRegisterInfo-4.2.4-25.18.2.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", product: { name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", product_id: "golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", }, }, { category: "product_version", name: "grafana-7.5.7-1.21.2.ppc64le", product: { name: "grafana-7.5.7-1.21.2.ppc64le", product_id: "grafana-7.5.7-1.21.2.ppc64le", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", product_id: "python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.2.s390", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.2.s390", product_id: "python2-uyuni-common-libs-4.2.5-1.15.2.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", product: { name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", product_id: "golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", }, }, { category: "product_version", name: "grafana-7.5.7-1.21.2.s390x", product: { name: "grafana-7.5.7-1.21.2.s390x", product_id: "grafana-7.5.7-1.21.2.s390x", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.2.s390x", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.2.s390x", product_id: "python2-uyuni-common-libs-4.2.5-1.15.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", product: { name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", product_id: "golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", }, }, { category: "product_version", name: "grafana-7.5.7-1.21.2.x86_64", product: { name: "grafana-7.5.7-1.21.2.x86_64", product_id: "grafana-7.5.7-1.21.2.x86_64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", product_id: "python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Client Tools 12", product: { name: "SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12", }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", }, product_reference: "golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", }, product_reference: "golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", }, product_reference: "golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", }, product_reference: "golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.21.2.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", }, product_reference: "grafana-7.5.7-1.21.2.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.21.2.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", }, product_reference: "grafana-7.5.7-1.21.2.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.21.2.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", }, product_reference: "grafana-7.5.7-1.21.2.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.21.2.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", }, product_reference: "grafana-7.5.7-1.21.2.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-4.2.3-1.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", }, product_reference: "mgr-cfg-4.2.3-1.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-actions-4.2.3-1.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", }, product_reference: "mgr-cfg-actions-4.2.3-1.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-client-4.2.3-1.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", }, product_reference: "mgr-cfg-client-4.2.3-1.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-management-4.2.3-1.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", }, product_reference: "mgr-cfg-management-4.2.3-1.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-custom-info-4.2.2-1.12.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", }, product_reference: "mgr-custom-info-4.2.2-1.12.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-osad-4.2.6-1.30.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", }, product_reference: "mgr-osad-4.2.6-1.30.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-push-4.2.3-1.12.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", }, product_reference: "mgr-push-4.2.3-1.12.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-virtualization-host-4.2.2-1.20.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", }, product_reference: "mgr-virtualization-host-4.2.2-1.20.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-4.2.3-1.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", }, product_reference: "python2-mgr-cfg-4.2.3-1.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-actions-4.2.3-1.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", }, product_reference: "python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-client-4.2.3-1.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", }, product_reference: "python2-mgr-cfg-client-4.2.3-1.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-management-4.2.3-1.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", }, product_reference: "python2-mgr-cfg-management-4.2.3-1.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-osa-common-4.2.6-1.30.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", }, product_reference: "python2-mgr-osa-common-4.2.6-1.30.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-osad-4.2.6-1.30.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", }, product_reference: "python2-mgr-osad-4.2.6-1.30.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-push-4.2.3-1.12.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", }, product_reference: "python2-mgr-push-4.2.3-1.12.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-virtualization-common-4.2.2-1.20.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", }, product_reference: "python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-virtualization-host-4.2.2-1.20.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", }, product_reference: "python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-rhnlib-4.2.4-21.34.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", }, product_reference: "python2-rhnlib-4.2.4-21.34.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-check-4.2.12-52.53.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", }, product_reference: "python2-spacewalk-check-4.2.12-52.53.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-client-setup-4.2.12-52.53.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", }, product_reference: "python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-client-tools-4.2.12-52.53.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", }, product_reference: "python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-koan-4.2.4-24.24.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", }, product_reference: "python2-spacewalk-koan-4.2.4-24.24.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-oscap-4.2.2-19.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", }, product_reference: "python2-spacewalk-oscap-4.2.2-19.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-suseRegisterInfo-4.2.4-25.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", }, product_reference: "python2-suseRegisterInfo-4.2.4-25.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.2.5-1.15.2.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", }, product_reference: "python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", }, product_reference: "python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.2.5-1.15.2.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", }, product_reference: "python2-uyuni-common-libs-4.2.5-1.15.2.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.2.5-1.15.2.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", }, product_reference: "python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.2.11-38.85.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", }, product_reference: "spacecmd-4.2.11-38.85.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-check-4.2.12-52.53.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", }, product_reference: "spacewalk-check-4.2.12-52.53.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-setup-4.2.12-52.53.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", }, product_reference: "spacewalk-client-setup-4.2.12-52.53.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.2.12-52.53.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", }, product_reference: "spacewalk-client-tools-4.2.12-52.53.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-koan-4.2.4-24.24.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", }, product_reference: "spacewalk-koan-4.2.4-24.24.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-oscap-4.2.2-19.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", }, product_reference: "spacewalk-oscap-4.2.2-19.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "suseRegisterInfo-4.2.4-25.18.2.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", }, product_reference: "suseRegisterInfo-4.2.4-25.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, ], }, vulnerabilities: [ { cve: "CVE-2021-27962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27962", }, ], notes: [ { category: "general", text: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-27962", url: "https://www.suse.com/security/cve/CVE-2021-27962", }, { category: "external", summary: "SUSE Bug 1184371 for CVE-2021-27962", url: "https://bugzilla.suse.com/1184371", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:04:57Z", details: "moderate", }, ], title: "CVE-2021-27962", }, { cve: "CVE-2021-28146", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28146", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-28146", url: "https://www.suse.com/security/cve/CVE-2021-28146", }, { category: "external", summary: "SUSE Bug 1183811 for CVE-2021-28146", url: "https://bugzilla.suse.com/1183811", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:04:57Z", details: "moderate", }, ], title: "CVE-2021-28146", }, { cve: "CVE-2021-28147", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28147", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-28147", url: "https://www.suse.com/security/cve/CVE-2021-28147", }, { category: "external", summary: "SUSE Bug 1183809 for CVE-2021-28147", url: "https://bugzilla.suse.com/1183809", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:04:57Z", details: "moderate", }, ], title: "CVE-2021-28147", }, { cve: "CVE-2021-28148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28148", }, ], notes: [ { category: "general", text: "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-28148", url: "https://www.suse.com/security/cve/CVE-2021-28148", }, { category: "external", summary: "SUSE Bug 1183813 for CVE-2021-28148", url: "https://bugzilla.suse.com/1183813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:04:57Z", details: "important", }, ], title: "CVE-2021-28148", }, { cve: "CVE-2021-29622", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-29622", }, ], notes: [ { category: "general", text: "Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-29622", url: "https://www.suse.com/security/cve/CVE-2021-29622", }, { category: "external", summary: "SUSE Bug 1186242 for CVE-2021-29622", url: "https://bugzilla.suse.com/1186242", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.27.1-1.29.2.x86_64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.aarch64", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.ppc64le", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.s390x", "SUSE Manager Client Tools 12:grafana-7.5.7-1.21.2.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.2.2-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.2.3-1.18.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.2.6-1.30.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.2.3-1.12.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.2.2-1.20.2.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.2.4-21.34.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.2.4-25.18.2.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.2.5-1.15.2.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.2.11-38.85.2.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.2.12-52.53.2.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.2.4-24.24.2.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.2.2-19.18.2.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.2.4-25.18.2.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:04:57Z", details: "moderate", }, ], title: "CVE-2021-29622", }, ], }
opensuse-su-2021:1148-1
Vulnerability from csaf_opensuse
Published
2021-08-13 11:17
Modified
2021-08-13 11:17
Summary
Security update for grafana
Notes
Title of the patch
Security update for grafana
Description of the patch
This update for grafana fixes the following issues:
- CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803)
- Update to version 7.5.7:
* Updated relref to 'Configuring exemplars' section (#34240) (#34243)
* Added exemplar topic (#34147) (#34226)
* Quota: Do not count folders towards dashboard quota (#32519) (#34025)
* Instructions to separate emails with semicolons (#32499) (#34138)
* Docs: Remove documentation of v8 generic OAuth feature (#34018)
* Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975)
* [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935)
* ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936)
* Stop hoisting @icons/material (#33922)
* Chore: fix react-color version in yarn.lock (#33914)
* 'Release: Updated versions in package to 7.5.6' (#33909)
* Loki: fix label browser crashing when + typed (#33900) (#33901)
* Document `hide_version` flag (#33670) (#33881)
* Add isolation level db configuration parameter (#33830) (#33878)
* Sanitize PromLink button (#33874) (#33876)
* Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872)
* Docs feedback: /administration/provisioning.md (#33804) (#33842)
* Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851)
* Docs: Update _index.md (#33797) (#33799)
* Docs: Update installation.md (#33656) (#33703)
* GraphNG: uPlot 1.6.9 (#33598) (#33612)
* dont consider invalid email address a failed email (#33671) (#33681)
* InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625)
* add template for dashboard url parameters (#33549) (#33588)
* Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586)
* Update team.md (#33454) (#33536)
* Removed duplicate file 'dashboard_folder_permissions.md (#33497)
* Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495)
* ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492)
* Documentation: Update developer-guide.md (#33478) (#33490)
* add closed parenthesis to fix a hyperlink (#33471) (#33481)
- Update to version 7.5.5:
* 'Release: Updated versions in package to 7.5.5' (#33469)
* GraphNG: Fix exemplars window position (#33427) (#33462)
* Remove field limitation from slack notification (#33113) (#33455)
* Prometheus: Support POST in template variables (#33321) (#33441)
* Instrumentation: Add success rate metrics for email notifications (#33359) (#33409)
* Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406)
* Docs: Removed type from find annotations example. (#33399) (#33403)
* [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255)
* Updated label for add panel. (#33285) (#33286)
* Bug: Add git to Dockerfile.ubuntu (#33247) (#33248)
* Docs: Sync latest master docs with 7.5.x (#33156)
* Docs: Update getting-started-influxdb.md (#33234) (#33241)
* Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239)
* Minor Changes in Auditing.md (#31435) (#33238)
* Docs: Add license check endpoint doc (#32987) (#33236)
* Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219)
* Docs: InfluxDB doc improvements (#32815) (#33185)
* [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031)
* update cla (#33181)
* Fix inefficient regular expression (#33155) (#33159)
* Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136)
* Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128)
* Update team.md (#33060) (#33084)
* GE issue 1268 (#33049) (#33081)
* Fixed some formatting issues for PRs from yesterday. (#33078) (#33079)
* Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061)
* Docs: Replace next with latest in aliases (#33054) (#33059)
* Added missing link item. (#33052) (#33055)
* Backport 33034 (#33038)
* Docs: Backport 32916 to v7.5x (#33008)
* ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998)
* Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996)
* Docs: Sync release branch with latest docs (#32986)
- Update to version 7.5.4:
* 'Release: Updated versions in package to 7.5.4' (#32971)
* fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967)
* Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968)
* fix sqlite3 tx retry condition operator precedence (#32897) (#32952)
* AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947)
* Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945)
* GraphNG: uPlot 1.6.8 (#32859) (#32863)
* Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844)
* Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804)
* [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758)
* TablePanel: Makes sorting case-insensitive (#32435) (#32752)
- Update to version 7.5.3:
* 'Release: Updated versions in package to 7.5.3' (#32745)
* FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741)
* Loki: Remove empty annotations tags (#32359) (#32490)
* SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739)
* Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726)
* Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714)
* Variables: Confirms selection before opening new picker (#32586) (#32710)
* CloudWarch: Fix service quotas link (#32686) (#32689)
* Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598)
* chore: bump execa to v2.1.0 (#32543) (#32592)
* Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558)
* Fix broken gtime tests (#32582) (#32587)
* resolve conflicts (#32567)
* gtime: Make ParseInterval deterministic (#32539) (#32560)
* Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535)
* TextboxVariable: Limits the length of the preview value (#32472) (#32530)
* AdHocVariable: Adds default data source (#32470) (#32476)
* Variables: Fixes Unsupported data format error for null values (#32480) (#32487)
* Prometheus: align exemplars check to latest api change (#32513) (#32515)
* 'Release: Updated versions in package to 7.5.2' (#32502)
* SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488)
* Set spanNulls to default (#32471) (#32486)
* Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442)
* API: Return 409 on datasource version conflict (#32425) (#32433)
* API: Return 400 on invalid Annotation requests (#32429) (#32431)
* Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424)
* Table: Fixes so links work for image cells (#32370) (#32410)
* Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394)
* DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395)
* API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397)
* 'Release: Updated versions in package to 7.5.1' (#32362)
* MSSQL: Upgrade go-mssqldb (#32347) (#32361)
* GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348)
* 'Release: Updated versions in package to 7.5.0' (#32308)
* Loki: Fix text search in Label browser (#32293) (#32306)
* Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299)
* PieChartV2: Add migration from old piechart (#32259) (#32291)
* LibraryPanels: Adds Type and Description to DB (#32258) (#32288)
* LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284)
* Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281)
* LibraryPanels: Changes to non readonly reducer (#32193) (#32200)
* Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262)
* SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102)
* DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247)
* Logs: If log message missing, use empty string (#32080) (#32243)
* CloudWatch: Use latest version of aws sdk (#32217) (#32223)
* Release: Updated versions in package to 7.5.0-beta.2 (#32158)
* HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154)
* GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151)
* Fix loading timezone info on windows (#32029) (#32149)
* SQLStore: Close session in withDbSession (#31775) (#32108)
* Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148)
* GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125)
* MixedDataSource: Name is updated when data source variable changes (#32090) (#32144)
* Backport 32005 to v7.5.x #32128 (#32130)
* Loki: Label browser UI updates (#31737) (#32119)
* ValueMappings: Fixes value 0 not being mapped (#31924) (#31929)
* GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103)
* LibraryPanels: Improves the Get All experience (#32028) (#32093)
* Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032)
* Exemplars: always query exemplars (#31673) (#32024)
* [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055)
* Chore: Collect elasticsearch version usage stats (#31787) (#32063)
* Chore: Tidy up Go deps (#32053)
* GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066)
* Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060)
* [v7.5.x] Auth: Allow soft token revocation (#32037)
* Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036)
* Make master green (#32011) (#32015)
* Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982)
* Variables: Fixes filtering in picker with null items (#31979) (#31995)
* TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003)
* Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987)
* Loki: Fix type errors in language_provider (#31902) (#31945)
* PanelInspect: Interpolates variables in CSV file name (#31936) (#31977)
* Cloudwatch: use shared library for aws auth (#29550) (#31946)
* Tooltip: partial perf improvement (#31774) (#31837) (#31957)
* Backport 31913 to v7.5.x (#31955)
* Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938)
* Variables: Do not reset description on variable type change (#31933) (#31939)
* [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894)
* Elasticseach: Support histogram fields (#29079) (#31914)
* Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896)
* Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891)
* Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801)
* [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882)
* Run go mod tidy to update go.mod and go.sum (#31859)
* Grafana/ui: display all selected levels for Cascader (#31729) (#31862)
* CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861)
* Cloudwatch: ListMetrics API page limit (#31788) (#31851)
* Remove invalid attribute (#31848) (#31850)
* CloudWatch: Restrict auth provider and assume role usage according to… (#31845)
* CloudWatch: Add support for EC2 IAM role (#31804) (#31841)
* Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819)
* Variables: Improves inspection performance and unknown filtering (#31811) (#31813)
* Change piechart plugin state to beta (#31797) (#31798)
* ReduceTransform: Include series with numeric string names (#31763) (#31794)
* Annotations: Make the annotation clean up batch size configurable (#31487) (#31769)
* Fix escaping in ANSI and dynamic button removal (#31731) (#31767)
* DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718)
* log skipped, performed and duration for migrations (#31722) (#31754)
* Search: Make items more compact (#31734) (#31750)
* loki_datasource: add documentation to label_format and line_format (#31710) (#31746)
* Tempo: Convert tempo to backend data source2 (#31733)
* Elasticsearch: Fix script fields in query editor (#31681) (#31727)
* Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717)
* Admin: Keeps expired api keys visible in table after delete (#31636) (#31675)
* Tempo: set authentication header properly (#31699) (#31701)
* Tempo: convert to backend data source (#31618) (#31695)
* Update package.json (#31672)
* Release: Bump version to 7.5.0-beta.1 (#31664)
* Fix whatsNewUrl version to 7.5 (#31666)
* Chore: add alias for what's new 7.5 (#31669)
* Docs: Update doc for PostgreSQL authentication (#31434)
* Docs: document report template variables (#31637)
* AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633)
* Color: Fixes issue where colors where reset to gray when switch panels (#31611)
* Live: Use pure WebSocket transport (#31630)
* Docs: Fix broken image link (#31661)
* Docs: Add Whats new in 7.5 (#31659)
* Docs: Fix links for 7.5 (#31658)
* Update enterprise-configuration.md (#31656)
* Explore/Logs: Escaping of incorrectly escaped log lines (#31352)
* Tracing: Small improvements to trace types (#31646)
* Update _index.md (#31645)
* AlertingNG: code refactoring (#30787)
* Remove pkill gpg-agent (#31169)
* Remove format for plugin routes (#31633)
* Library Panels: Change unsaved change detection logic (#31477)
* CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624)
* add new metrics and dimensions (#31595)
* fix devenv dashboard content typo (#31583)
* DashList: Sort starred and searched dashboard alphabetically (#31605)
* Docs: Update whats-new-in-v7-4.md (#31612)
* SSE: Add 'Classic Condition' on backend (#31511)
* InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259)
* Alerting: PagerDuty: adding current state to the payload (#29270)
* devenv: Fix typo (#31589)
* Loki: Label browser (#30351)
* LibraryPanels: No save modal when user is on same dashboard (#31606)
* Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603)
* Update node-graph.md (#31571)
* test: pass Cypress options objects into selector wrappers (#31567)
* Loki: Add support for alerting (#31424)
* Tracing: Specify type of the data frame that is expected for TraceView (#31465)
* LibraryPanels: Adds version column (#31590)
* PieChart: Add color changing options to pie chart (#31588)
* Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558)
* Bring back correct legend sizing afer PlotLegend refactor (#31582)
* Alerting: Fix bug in Discord for when name for metric value is absent (#31257)
* LibraryPanels: Deletes library panels during folder deletion (#31572)
* chore: bump lodash to 4.17.21 (#31549)
* Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518)
* TestData: Fixes never ending annotations scenario (#31573)
* CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498)
* propagate plugin unavailable message to UI (#31560)
* ConfirmButton: updates story from knobs to controls (#31476)
* Loki: Refactor line limit to use grafana/ui component (#31509)
* LibraryPanels: Adds folder checks and permissions (#31473)
* Add guide on custom option editors (#31254)
* PieChart: Update text color and minor changes (#31546)
* Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036)
* Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210)
* PieChart: Improve piechart legend and options (#31446)
* Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538)
* Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539)
* Add multiselect options ui (#31501)
* Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516)
* Variables: Fixes error with: cannot read property length of undefined (#31458)
* Explore: Show ANSI colored logs in logs context (#31510)
* LogsPanel: Show all received logs (#31505)
* AddPanel: Design polish (#31484)
* TimeSeriesPanel: Remove unnecessary margin from legend (#31467)
* influxdb: flux: handle is-hidden (#31324)
* Graph: Fix tooltip not showing when close to the edge of viewport (#31493)
* FolderPicker: Remove useNewForms from FolderPicker (#31485)
* Add reportVariables feature toggle (#31469)
* Grafana datasource: support multiple targets (#31495)
* Update license-restrictions.md (#31488)
* Docs: Derived fields links in logs detail view (#31482)
* Docs: Add new data source links to Enterprise page (#31480)
* Convert annotations to dataframes (#31400)
* ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475)
* GrafanaUI: Fixes typescript error for missing css prop (#31479)
* Login: handle custom token creation error messages (#31283)
* Library Panels: Don't list current panel in available panels list (#31472)
* DashboardSettings: Migrate Link Settings to React (#31150)
* Frontend changes for library panels feature (#30653)
* Alerting notifier SensuGo: improvements in default message (#31428)
* AppPlugins: Options to disable showing config page in nav (#31354)
* add aws config (#31464)
* Heatmap: Fix missing/wrong value in heatmap legend (#31430)
* Chore: Fixes small typos (#31461)
* Graphite/SSE: update graphite to work with server side expressions (#31455)
* update the lastest version to 7.4.3 (#31457)
* ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454)
* AWS: Add aws plugin configuration (#31312)
* Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452)
* Remove UserSyncInfo.tsx (#31450)
* Elasticsearch: Add word highlighting to search results (#30293)
* Chore: Fix eslint react hook warnings in grafana-ui (#31092)
* CloudWatch: Make it possible to specify custom api endpoint (#31402)
* Chore: fixed incorrect naming for disable settings (#31448)
* TraceViewer: Fix show log marker in spanbar (#30742)
* LibraryPanels: Adds permissions to getAllHandler (#31416)
* NamedColorsPalette: updates story from knobs to controls (#31443)
* 'Release: Updated versions in package to 7.4.3' (#31444)
* ColorPicker: updates story from knobs to controls (#31429)
* Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431)
* ClipboardButton: updates story from knobs to controls (#31422)
* we should never log unhashed tokens (#31432)
* CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407)
* Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322)
* Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353)
* CloudWatch: Added AWS Ground Station metrics and dimensions (#31362)
* TraceViewer: Fix trace to logs icon to show in right pane (#31414)
* add hg team as migrations code owners (#31420)
* Remove tidy-check script (#31423)
* InfluxDB: handle columns named 'table' (#30985)
* Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401)
* Devenv: Add gdev-influxdb2 data source (#31250)
* Update grabpl from 0.5.38 to 0.5.42 version (#31419)
* Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421)
* remove squadcast details from docs (#31413)
* Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297)
* Logging: add frontend logging helpers to @grafana/runtime package (#30482)
* CallToActionCard: updates story from knobs to controls (#31393)
* Add eu-south-1 cloudwatch region, closes #31197 (#31198)
* Chore: Upgrade eslint packages (#31408)
* Cascader: updates story from knobs to controls (#31399)
* addressed issues 28763 and 30314. (#31404)
* Added section Query a time series database by id (#31337)
* Prometheus: Change default httpMethod for new instances to POST (#31292)
* Data source list: Use Card component (#31326)
* Chore: Remove gotest.tools dependency (#31391)
* Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388)
* Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387)
* AdHocVariables: Fixes crash when values are stored as numbers (#31382)
* Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379)
* Chore: Fix strict errors, down to 416 (#31365)
* Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378)
* StoryBook: Introduces Grafana Controls (#31351)
* ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313)
* Theming: Support for runtime theme switching and hooks for custom themes (#31301)
* Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282)
* Zipkin: Show success on test data source (#30829)
* Update grot template (needs more info) (#31350)
* DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347)
* TimeSeriesPanel: Fixes overlapping time axis ticks (#31332)
* Grafana/UI: Add basic legend to the PieChart (#31278)
* SAML: single logout only enabled in enterprise (#31325)
* QueryEditor: handle query.hide changes in angular based query-editors (#31336)
* DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334)
* LibraryPanels: Syncs panel title with name (#31311)
* Chore: Upgrade golangci-lint (#31330)
* Add info to docs about concurrent session limits (#31333)
* Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316)
* BarGuage: updates story from knobs to controls (#31223)
* Docs: Clarifies how to add Key/Value pairs (#31303)
* Usagestats: Exclude folders from total dashboard count (#31320)
* ButtonCascader: updates story from knobs to controls (#31288)
* test: allow check for Table as well as Graph for Explore e2e flow (#31290)
* Grafana-UI: Update tooltip type (#31310)
* fix 7.4.2 release note (#31299)
* Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285)
* Chore: reduce strict errors for variables (#31241)
* update latest release version (#31296)
* ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291)
* Correct name of Discord notifier tests (#31277)
* Docs: Clarifies custom date formats for variables (#31271)
* BigValue: updates story from knobs to controls (#31240)
* Docs: Annotations update (#31194)
* Introduce functions for interacting with library panels API (#30993)
* Search: display sort metadata (#31167)
* Folders: Editors should be able to edit name and delete folders (#31242)
* Make Datetime local (No date if today) working (#31274)
* UsageStats: Purpose named variables (#31264)
* Snapshots: Disallow anonymous user to create snapshots (#31263)
* only update usagestats every 30min (#31131)
* Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701)
* Grafana-UI: Add id to Select to make it easier to test (#31230)
* Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055)
* UI/Card: Fix handling of 'onClick' callback (#31225)
* Loki: Add line limit for annotations (#31183)
* Remove deprecated and breaking loki config field (#31227)
* SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236)
* LibraryPanels: Disconnect before connect during dashboard save (#31235)
* Disable Change Password for OAuth users (#27886)
* TagsInput: Design update and component refactor (#31163)
* Variables: Adds back default option for data source variable (#31208)
* IPv6: Support host address configured with enclosing square brackets (#31226)
* Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179)
* GraphNG: refactor core to class component (#30941)
* Remove last synchronisation field from LDAP debug view (#30984)
* Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975)
* Graph: Make axes unit option work even when field option unit is set (#31205)
* AlertingNG: Test definition (#30886)
* Docs: Update Influx config options (#31146)
* WIP: Skip this call when we skip migrations (#31216)
* use 0.1.0 (#31215)
* DataSourceSrv: Filter out non queryable data sources by default (#31144)
* QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193)
* Chore: report eslint no-explicit-any errors to metrics (#31182)
* Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211)
* Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773)
* Alerting: Fix modal text for deleting obsolete notifier (#31171)
* Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204)
* Variables: Fixes missing empty elements from regex filters (#31156)
* StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126)
* Fixed the typo. (#31189)
* Docs: Rewrite preferences docs (#31154)
* Explore/Refactor: Simplify URL handling (#29173)
* DashboardLinks: Fixes links always cause full page reload (#31178)
* Replace PR with Commit truncated hash when build fails (#31177)
* Alert: update story to use controls (#31145)
* Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132)
* CloudWatch: Ensure empty query row errors are not passed to the panel (#31172)
* Update prometheus.md (#31173)
* Variables: Extend option pickers to accept custom onChange callback (#30913)
* Prometheus: Multiply exemplars timestamp to follow api change (#31143)
* DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160)
* Add author name and pr number in drone pipeline notifications (#31124)
* Prometheus: Add documentation for ad-hoc filters (#31122)
* DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135)
* Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079)
* Chore: Update latest.json (#31139)
* Docs: add 7.4.1 relese notes link (#31137)
* PieChart: Progress on new core pie chart (#28020)
* ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133)
* Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989)
* Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121)
* MuxWriter: Handle error for already closed file (#31119)
* Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115)
* Search: add sort information in dashboard results (#30609)
* area/grafana/e2e: ginstall should pull version specified (#31056)
* Exemplars: Change CTA style (#30880)
* Influx: Make max series limit configurable and show the limiting message if applied (#31025)
* Docs: request security (#30937)
* update configurePanel for 7.4.0 changes (#31093)
* Elasticsearch: fix log row context erroring out (#31088)
* Prometheus: Fix issues with ad-hoc filters (#30931)
* LogsPanel: Add deduplication option for logs (#31019)
* Drone: Make sure CDN upload is ok before pushing docker images (#31075)
* PluginManager: Remove some global state (#31081)
* test: update addDashboard flow for v7.4.0 changes (#31059)
* Transformations: Fixed typo in FilterByValue transformer description. (#31078)
* Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074)
* Usage stats: Adds source/distributor setting (#31039)
* CDN: Add CDN upload step to enterprise and release pipelines (#31058)
* Chore: Replace native select with grafana ui select (#31030)
* Docs: Update json-model.md (#31066)
* Docs: Update whats-new-in-v7-4.md (#31069)
* Added hyperlinks to Graphite documentation (#31064)
* DashboardSettings: Update to new form styles (#31022)
* CDN: Fixing drone CI config (#31052)
* convert path to posix by default (#31045)
* DashboardLinks: Fixes crash when link has no title (#31008)
* Alerting: Fixes so notification channels are properly deleted (#31040)
* Explore: Remove emotion error when displaying logs (#31026)
* Elasticsearch: Fix alias field value not being shown in query editor (#30992)
* CDN: Adds uppload to CDN step to drone CI (#30879)
* Improved glossary (#31004)
* BarGauge: Improvements to value sizing and table inner width calculations (#30990)
* Drone: Fix deployment image (#31027)
* ColorPicker: migrated styles from sass to emotion (#30909)
* Dashboard: Migrate general settings to react (#30914)
* Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018)
* Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966)
* Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017)
* Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013)
* Graph: Fixes so graph is shown for non numeric time values (#30972)
* CloudMonitoring: Prevent resource type variable function from crashing (#30901)
* Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971)
* Build: Releases e2e and e2e-selectors too (#31006)
* TextPanel: Fixes so panel title is updated when variables change (#30884)
* Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000)
* instrumentation: make the first database histogram bucket smaller (#30995)
* Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt… (#30988)
* StatPanel: Fixes issue formatting date values using unit option (#30979)
* Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973)
* Units: Fixes formatting of duration units (#30982)
* Elasticsearch: Show Size setting for raw_data metric (#30980)
* Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935)
* make sure service and slo display name is passed to segment comp (#30900)
* assign changes in cloud datasources to the new cloud datasources team (#30645)
* Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927)
* Theme: Use higher order theme color variables rather then is light/dark logic (#30939)
* Docs: Add alias for what's new in 7.4 (#30945)
* e2e: extends selector factory to plugins (#30932)
* Chore: Upgrade docker build image (#30820)
* Docs: updated developer guide (#29978)
* Alerts: Update Alert storybook to show more states (#30908)
* Variables: Adds queryparam formatting option (#30858)
* Chore: pad unknown values with undefined (#30808)
* Transformers: add search to transform selection (#30854)
* Exemplars: change api to reflect latest changes (#30910)
* docs: use selinux relabelling on docker containers (#27685)
* Docs: Fix bad image path for alert notification template (#30911)
* Make value mappings correctly interpret numeric-like strings (#30893)
* Chore: Update latest.json (#30905)
* Docs: Update whats-new-in-v7-4.md (#30882)
* Dashboard: Ignore changes to dashboard when the user session expires (#30897)
* ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902)
* test: add support for timeout to be passed in for addDatasource (#30736)
* increase page size and make sure the cache supports query params (#30892)
* DataSourceSettings: Adds info box and link to Grafana Cloud (#30891)
* OAuth: custom username docs (#28400)
* Panels: Remove value mapping of values that have been formatted #26763 (#30868)
* Alerting: Fixes alert panel header icon not showing (#30840)
* AlertingNG: Edit Alert Definition (#30676)
* Logging: sourcemap support for frontend stacktraces (#30590)
* Added 'Restart Grafana' topic. (#30844)
* Docs: Org, Team, and User Admin (#30756)
* bump grabpl version to 0.5.36 (#30874)
* Plugins: Requests validator (#30445)
* Docs: Update whats-new-in-v7-4.md (#30876)
* Docs: Add server view folder (#30849)
* Fixed image name and path (#30871)
* Grafana-ui: fixes closing modals with escape key (#30745)
* InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827)
* TestData: Fixes issue with for ever loading state when all queries are hidden (#30861)
* Chart/Tooltip: refactored style declaration (#30824)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853)
* Grafana-ui: fixes no data message in Table component (#30821)
* grafana/ui: Update pagination component for large number of pages (#30151)
* Alerting: Customise OK notification priorities for Pushover notifier (#30169)
* DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569)
* Chore: Remove panelTime.html, closes #30097 (#30842)
* Docs: Time series panel, bar alignment docs (#30780)
* Chore: add more docs annotations (#30847)
* Transforms: allow boolean in field calculations (#30802)
* Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825)
* Update prometheus.md with image link fix (#30833)
* BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806)
* Update license-expiration.md (#30839)
* Explore rewrite (#30804)
* Prometheus: Set type of labels to string (#30831)
* GrafanaUI: Add a way to persistently close InfoBox (#30716)
* Fix typo in transformer registry (#30712)
* Elasticsearch: Display errors with text responses (#30122)
* CDN: Fixes cdn path when Grafana is under sub path (#30822)
* TraceViewer: Fix lazy loading (#30700)
* FormField: migrated sass styling to emotion (#30392)
* AlertingNG: change API permissions (#30781)
* Variables: Clears drop down state when leaving dashboard (#30810)
* Grafana-UI: Add story/docs for ErrorBoundary (#30304)
* Add missing callback dependency (#30797)
* PanelLibrary: Adds library panel meta information to dashboard json (#30770)
* Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343)
* Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771)
* GraphNG: improve behavior when switching between solid/dash/dots (#30796)
* Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778)
* Add width for Variable Editors (#30791)
* Chore: Remove warning when calling resource (#30752)
* Auth: Use SigV4 lib from grafana-aws-sdk (#30713)
* Panels: Fixes so panels are refreshed when scrolling past them fast (#30784)
* GraphNG: add bar alignment option (#30499)
* Expressions: Measure total transformation requests and elapsed time (#30514)
* Menu: Mark menu components as internal (#30740)
* TableInputCSV: migrated styles from sass to emotion (#30554)
* CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777)
* Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772)
* CDN: Adds support for serving assets over a CDN (#30691)
* PanelEdit: Trigger refresh when changing data source (#30744)
* Chore: remove __debug_bin (#30725)
* BarChart: add alpha bar chart panel (#30323)
* Docs: Time series panel (#30690)
* Backend Plugins: Convert test data source to use SDK contracts (#29916)
* Docs: Update whats-new-in-v7-4.md (#30747)
* Add link to Elasticsearch docs. (#30748)
* Mobile: Fixes issue scrolling on mobile in chrome (#30746)
* TagsInput: Make placeholder configurable (#30718)
* Docs: Add config settings for fonts in reporting (#30421)
* Add menu.yaml to .gitignore (#30743)
* bump cypress to 6.3.0 (#30644)
* Datasource: Use json-iterator configuration compatible with standard library (#30732)
* AlertingNG: Update UX to use new PageToolbar component (#30680)
* Docs: Add usage insights export feature (#30376)
* skip symlinks to directories when generating plugin manifest (#30721)
* PluginCiE2E: Upgrade base images (#30696)
* Variables: Fixes so text format will show All instead of custom all (#30730)
* PanelLibrary: better handling of deleted panels (#30709)
* Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724)
* Added 'curated dashboards' information and broke down, rearranged topics. (#30659)
* Transform: improve the 'outer join' performance/behavior (#30407)
* Add alt text to plugin logos (#30710)
* Deleted menu.yaml file (#30717)
* Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000)
* Added entry for web server. (#30715)
* DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706)
* Use connected GraphNG in Explore (#30707)
* Fix documentation for streaming data sources (#30704)
* PanelLibrary: changes casing of responses and adds meta property (#30668)
* Influx: Show all datapoints for dynamically windowed flux query (#30688)
* Trace: trace to logs design update (#30637)
* DeployImage: Switch base images to Debian (#30684)
* Chore: remove CSP debug logging line (#30689)
* Docs: 7.4 documentation for expressions (#30524)
* PanelEdit: Get rid of last remaining usage of navbar-button (#30682)
* Grafana-UI: Fix setting default value for MultiSelect (#30671)
* CustomScrollbar: migrated styles from sass to emotion (#30506)
* DashboardSettings & PanelEdit: Use new PageToolbar (#30675)
* Explore: Fix jumpy live tailing (#30650)
* ci(npm-publish): add missing github package token to env vars (#30665)
* PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588)
* AlertingNG: pause/unpause definitions via the API (#30627)
* Docs: Refer to product docs in whats new for alerting templating feature (#30652)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666)
* Variables: Fixes display value when using capture groups in regex (#30636)
* Docs: Update _index.md (#30655)
* Docs: Auditing updates (#30433)
* Docs: add hidden_users configuration field (#30435)
* Docs: Define TLS/SSL terminology (#30533)
* Docs: Fix expressions enabled description (#30589)
* Docs: Update ES screenshots (#30598)
* Licensing Docs: Adding license restrictions docs (#30216)
* Update documentation-style-guide.md (#30611)
* Docs: Update queries.md (#30616)
* chore(grafana-ui): bump storybook to 6.1.15 (#30642)
* DashboardSettings: fixes vertical scrolling (#30640)
* Usage Stats: Remove unused method for getting user stats (#30074)
* Grafana/UI: Unit picker should not set a category as unit (#30638)
* Graph: Fixes auto decimals issue in legend and tooltip (#30628)
* AlertingNG: List saved Alert definitions in Alert Rule list (#30603)
* chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605)
* Grafana/UI: Add disable prop to Segment (#30539)
* Variables: Fixes so queries work for numbers values too (#30602)
* Admin: Fixes so form values are filled in from backend (#30544)
* Docs: Add new override info and add whats new 7.4 links (#30615)
* TestData: Improve what's new in v7.4 (#30612)
* Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502)
* NodeGraph: Add docs (#30504)
* Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517)
* TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570)
* Update styling.md guide (#30594)
* TestData: Adding what's new in v7.4 to the devenv dashboards (#30568)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583)
* Chore(deps): Bump github.com/prometheus/client_golang (#30585)
* Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587)
* Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584)
* Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572)
* RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474)
* Add documentation for Exemplars (#30317)
* OldGraph: Fix height issue in Firefox (#30565)
* XY Chart: fix editor error with empty frame (no fields) (#30573)
* ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510)
* XY Chart: share legend config with timeseries (#30559)
* configuration.md: Document Content Security Policy options (#30413)
* DataFrame: cache frame/field index in field state (#30529)
* List + before -; rm old Git ref; reformat. (#30543)
* Expressions: Add option to disable feature (#30541)
* Explore: Fix loading visualisation on the top of the new time series panel (#30553)
* Prometheus: Fix show query instead of Value if no __name__ and metric (#30511)
* Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519)
* Postgres: Convert tests to stdlib (#30536)
* Storybook: Migrate card story to use controls (#30535)
* AlertingNG: Enable UI to Save Alert Definitions (#30394)
* Postgres: Be consistent about TLS/SSL terminology (#30532)
* Loki: Append refId to logs uid (#30418)
* Postgres: Fix indentation (#30531)
* GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527)
* updates for e2e docker image (#30465)
* GraphNG: uPlot 1.6.2 (#30521)
* Docs: Update whats-new-in-v7-4.md (#30520)
* Prettier: ignore build and devenv dirs (#30501)
* Chore: Upgrade grabpl version (#30486)
* Explore: Update styling of buttons (#30493)
* Cloud Monitoring: Fix legend naming with display name override (#30440)
* GraphNG: Disable Plot logging by default (#30390)
* Admin: Fixes so whole org drop down is visible when adding users to org (#30481)
* Docs: include Makefile option for local assets (#30455)
* Footer: Fixes layout issue in footer (#30443)
* TimeSeriesPanel: Fixed default value for gradientMode (#30484)
* Docs: fix typo in what's new doc (#30489)
* Chore: adds wait to e2e test (#30488)
* chore: update packages dependent on dot-prop to fix security vulnerability (#30432)
* Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480)
* Chore: fix spelling mistake (#30473)
* Chore: Restrict internal imports from other packages (#30453)
* Docs: What's new fixes and improvements (#30469)
* Timeseries: only migrage point size when configured (#30461)
* Alerting: Hides threshold handle for percentual thresholds (#30431)
* Graph: Fixes so only users with correct permissions can add annotations (#30419)
* Chore: update latest version to 7.4.0-beta1 (#30452)
* Docs: Add whats new 7.4 links (#30463)
* Update whats-new-in-v7-4.md (#30460)
* docs: 7.4 what's new (Add expressions note) (#30446)
* Chore: Upgrade build pipeline tool (#30456)
* PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441)
* Expressions: Fix button icon (#30444)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449)
* Docs: Fix img link for alert notification template (#30436)
* grafana/ui: Fix internal import from grafana/data (#30439)
* prevent field config from being overwritten (#30437)
* PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389)
* Dashboard: Remove template variables option from ShareModal (#30395)
* Added doc content for variables inspector code change by Hugo (#30408)
* Docs: update license expiration behavior for reporting (#30420)
* Chore: use old version format in package.json (#30430)
* Chore: upgrade NPM security vulnerabilities (#30397)
* 'Release: Updated versions in package to 7.5.0-pre.0' (#30428)
* contribute: Add backend and configuration guidelines for PRs (#30426)
* Chore: Update what's new URL (#30424)
- Update to version 7.4.5
- CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809)
- CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813)
- CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2021-1148
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grafana", title: "Title of the patch", }, { category: "description", text: "This update for grafana fixes the following issues:\n\n- CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803)\n- Update to version 7.5.7:\n * Updated relref to 'Configuring exemplars' section (#34240) (#34243)\n * Added exemplar topic (#34147) (#34226)\n * Quota: Do not count folders towards dashboard quota (#32519) (#34025)\n * Instructions to separate emails with semicolons (#32499) (#34138)\n * Docs: Remove documentation of v8 generic OAuth feature (#34018)\n * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975)\n * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935)\n * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936)\n * Stop hoisting @icons/material (#33922)\n * Chore: fix react-color version in yarn.lock (#33914)\n * 'Release: Updated versions in package to 7.5.6' (#33909)\n * Loki: fix label browser crashing when + typed (#33900) (#33901)\n * Document `hide_version` flag (#33670) (#33881)\n * Add isolation level db configuration parameter (#33830) (#33878)\n * Sanitize PromLink button (#33874) (#33876)\n * Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872)\n * Docs feedback: /administration/provisioning.md (#33804) (#33842)\n * Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851)\n * Docs: Update _index.md (#33797) (#33799)\n * Docs: Update installation.md (#33656) (#33703)\n * GraphNG: uPlot 1.6.9 (#33598) (#33612)\n * dont consider invalid email address a failed email (#33671) (#33681)\n * InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625)\n * add template for dashboard url parameters (#33549) (#33588)\n * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586)\n * Update team.md (#33454) (#33536)\n * Removed duplicate file 'dashboard_folder_permissions.md (#33497)\n * Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495)\n * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492)\n * Documentation: Update developer-guide.md (#33478) (#33490)\n * add closed parenthesis to fix a hyperlink (#33471) (#33481)\n\n- Update to version 7.5.5:\n * 'Release: Updated versions in package to 7.5.5' (#33469)\n * GraphNG: Fix exemplars window position (#33427) (#33462)\n * Remove field limitation from slack notification (#33113) (#33455)\n * Prometheus: Support POST in template variables (#33321) (#33441)\n * Instrumentation: Add success rate metrics for email notifications (#33359) (#33409)\n * Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406)\n * Docs: Removed type from find annotations example. (#33399) (#33403)\n * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255)\n * Updated label for add panel. (#33285) (#33286)\n * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248)\n * Docs: Sync latest master docs with 7.5.x (#33156)\n * Docs: Update getting-started-influxdb.md (#33234) (#33241)\n * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239)\n * Minor Changes in Auditing.md (#31435) (#33238)\n * Docs: Add license check endpoint doc (#32987) (#33236)\n * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219)\n * Docs: InfluxDB doc improvements (#32815) (#33185)\n * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031)\n * update cla (#33181)\n * Fix inefficient regular expression (#33155) (#33159)\n * Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136)\n * Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128)\n * Update team.md (#33060) (#33084)\n * GE issue 1268 (#33049) (#33081)\n * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079)\n * Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061)\n * Docs: Replace next with latest in aliases (#33054) (#33059)\n * Added missing link item. (#33052) (#33055)\n * Backport 33034 (#33038)\n * Docs: Backport 32916 to v7.5x (#33008)\n * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998)\n * Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996)\n * Docs: Sync release branch with latest docs (#32986)\n\n- Update to version 7.5.4:\n * 'Release: Updated versions in package to 7.5.4' (#32971)\n * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967)\n * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968)\n * fix sqlite3 tx retry condition operator precedence (#32897) (#32952)\n * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947)\n * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945)\n * GraphNG: uPlot 1.6.8 (#32859) (#32863)\n * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844)\n * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804)\n * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758)\n * TablePanel: Makes sorting case-insensitive (#32435) (#32752)\n\n- Update to version 7.5.3:\n * 'Release: Updated versions in package to 7.5.3' (#32745)\n * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741)\n * Loki: Remove empty annotations tags (#32359) (#32490)\n * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739)\n * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726)\n * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714)\n * Variables: Confirms selection before opening new picker (#32586) (#32710)\n * CloudWarch: Fix service quotas link (#32686) (#32689)\n * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598)\n * chore: bump execa to v2.1.0 (#32543) (#32592)\n * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558)\n * Fix broken gtime tests (#32582) (#32587)\n * resolve conflicts (#32567)\n * gtime: Make ParseInterval deterministic (#32539) (#32560)\n * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535)\n * TextboxVariable: Limits the length of the preview value (#32472) (#32530)\n * AdHocVariable: Adds default data source (#32470) (#32476)\n * Variables: Fixes Unsupported data format error for null values (#32480) (#32487)\n * Prometheus: align exemplars check to latest api change (#32513) (#32515)\n * 'Release: Updated versions in package to 7.5.2' (#32502)\n * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488)\n * Set spanNulls to default (#32471) (#32486)\n * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442)\n * API: Return 409 on datasource version conflict (#32425) (#32433)\n * API: Return 400 on invalid Annotation requests (#32429) (#32431)\n * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424)\n * Table: Fixes so links work for image cells (#32370) (#32410)\n * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394)\n * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395)\n * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397)\n * 'Release: Updated versions in package to 7.5.1' (#32362)\n * MSSQL: Upgrade go-mssqldb (#32347) (#32361)\n * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348)\n * 'Release: Updated versions in package to 7.5.0' (#32308)\n * Loki: Fix text search in Label browser (#32293) (#32306)\n * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299)\n * PieChartV2: Add migration from old piechart (#32259) (#32291)\n * LibraryPanels: Adds Type and Description to DB (#32258) (#32288)\n * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284)\n * Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281)\n * LibraryPanels: Changes to non readonly reducer (#32193) (#32200)\n * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262)\n * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102)\n * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247)\n * Logs: If log message missing, use empty string (#32080) (#32243)\n * CloudWatch: Use latest version of aws sdk (#32217) (#32223)\n * Release: Updated versions in package to 7.5.0-beta.2 (#32158)\n * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154)\n * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151)\n * Fix loading timezone info on windows (#32029) (#32149)\n * SQLStore: Close session in withDbSession (#31775) (#32108)\n * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148)\n * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125)\n * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144)\n * Backport 32005 to v7.5.x #32128 (#32130)\n * Loki: Label browser UI updates (#31737) (#32119)\n * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929)\n * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103)\n * LibraryPanels: Improves the Get All experience (#32028) (#32093)\n * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032)\n * Exemplars: always query exemplars (#31673) (#32024)\n * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055)\n * Chore: Collect elasticsearch version usage stats (#31787) (#32063)\n * Chore: Tidy up Go deps (#32053)\n * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066)\n * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060)\n * [v7.5.x] Auth: Allow soft token revocation (#32037)\n * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036)\n * Make master green (#32011) (#32015)\n * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982)\n * Variables: Fixes filtering in picker with null items (#31979) (#31995)\n * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003)\n * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987)\n * Loki: Fix type errors in language_provider (#31902) (#31945)\n * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977)\n * Cloudwatch: use shared library for aws auth (#29550) (#31946)\n * Tooltip: partial perf improvement (#31774) (#31837) (#31957)\n * Backport 31913 to v7.5.x (#31955)\n * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938)\n * Variables: Do not reset description on variable type change (#31933) (#31939)\n * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894)\n * Elasticseach: Support histogram fields (#29079) (#31914)\n * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896)\n * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891)\n * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801)\n * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882)\n * Run go mod tidy to update go.mod and go.sum (#31859)\n * Grafana/ui: display all selected levels for Cascader (#31729) (#31862)\n * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861)\n * Cloudwatch: ListMetrics API page limit (#31788) (#31851)\n * Remove invalid attribute (#31848) (#31850)\n * CloudWatch: Restrict auth provider and assume role usage according to… (#31845)\n * CloudWatch: Add support for EC2 IAM role (#31804) (#31841)\n * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819)\n * Variables: Improves inspection performance and unknown filtering (#31811) (#31813)\n * Change piechart plugin state to beta (#31797) (#31798)\n * ReduceTransform: Include series with numeric string names (#31763) (#31794)\n * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769)\n * Fix escaping in ANSI and dynamic button removal (#31731) (#31767)\n * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718)\n * log skipped, performed and duration for migrations (#31722) (#31754)\n * Search: Make items more compact (#31734) (#31750)\n * loki_datasource: add documentation to label_format and line_format (#31710) (#31746)\n * Tempo: Convert tempo to backend data source2 (#31733)\n * Elasticsearch: Fix script fields in query editor (#31681) (#31727)\n * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717)\n * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675)\n * Tempo: set authentication header properly (#31699) (#31701)\n * Tempo: convert to backend data source (#31618) (#31695)\n * Update package.json (#31672)\n * Release: Bump version to 7.5.0-beta.1 (#31664)\n * Fix whatsNewUrl version to 7.5 (#31666)\n * Chore: add alias for what's new 7.5 (#31669)\n * Docs: Update doc for PostgreSQL authentication (#31434)\n * Docs: document report template variables (#31637)\n * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633)\n * Color: Fixes issue where colors where reset to gray when switch panels (#31611)\n * Live: Use pure WebSocket transport (#31630)\n * Docs: Fix broken image link (#31661)\n * Docs: Add Whats new in 7.5 (#31659)\n * Docs: Fix links for 7.5 (#31658)\n * Update enterprise-configuration.md (#31656)\n * Explore/Logs: Escaping of incorrectly escaped log lines (#31352)\n * Tracing: Small improvements to trace types (#31646)\n * Update _index.md (#31645)\n * AlertingNG: code refactoring (#30787)\n * Remove pkill gpg-agent (#31169)\n * Remove format for plugin routes (#31633)\n * Library Panels: Change unsaved change detection logic (#31477)\n * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624)\n * add new metrics and dimensions (#31595)\n * fix devenv dashboard content typo (#31583)\n * DashList: Sort starred and searched dashboard alphabetically (#31605)\n * Docs: Update whats-new-in-v7-4.md (#31612)\n * SSE: Add 'Classic Condition' on backend (#31511)\n * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259)\n * Alerting: PagerDuty: adding current state to the payload (#29270)\n * devenv: Fix typo (#31589)\n * Loki: Label browser (#30351)\n * LibraryPanels: No save modal when user is on same dashboard (#31606)\n * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603)\n * Update node-graph.md (#31571)\n * test: pass Cypress options objects into selector wrappers (#31567)\n * Loki: Add support for alerting (#31424)\n * Tracing: Specify type of the data frame that is expected for TraceView (#31465)\n * LibraryPanels: Adds version column (#31590)\n * PieChart: Add color changing options to pie chart (#31588)\n * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558)\n * Bring back correct legend sizing afer PlotLegend refactor (#31582)\n * Alerting: Fix bug in Discord for when name for metric value is absent (#31257)\n * LibraryPanels: Deletes library panels during folder deletion (#31572)\n * chore: bump lodash to 4.17.21 (#31549)\n * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518)\n * TestData: Fixes never ending annotations scenario (#31573)\n * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498)\n * propagate plugin unavailable message to UI (#31560)\n * ConfirmButton: updates story from knobs to controls (#31476)\n * Loki: Refactor line limit to use grafana/ui component (#31509)\n * LibraryPanels: Adds folder checks and permissions (#31473)\n * Add guide on custom option editors (#31254)\n * PieChart: Update text color and minor changes (#31546)\n * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036)\n * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210)\n * PieChart: Improve piechart legend and options (#31446)\n * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538)\n * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539)\n * Add multiselect options ui (#31501)\n * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516)\n * Variables: Fixes error with: cannot read property length of undefined (#31458)\n * Explore: Show ANSI colored logs in logs context (#31510)\n * LogsPanel: Show all received logs (#31505)\n * AddPanel: Design polish (#31484)\n * TimeSeriesPanel: Remove unnecessary margin from legend (#31467)\n * influxdb: flux: handle is-hidden (#31324)\n * Graph: Fix tooltip not showing when close to the edge of viewport (#31493)\n * FolderPicker: Remove useNewForms from FolderPicker (#31485)\n * Add reportVariables feature toggle (#31469)\n * Grafana datasource: support multiple targets (#31495)\n * Update license-restrictions.md (#31488)\n * Docs: Derived fields links in logs detail view (#31482)\n * Docs: Add new data source links to Enterprise page (#31480)\n * Convert annotations to dataframes (#31400)\n * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475)\n * GrafanaUI: Fixes typescript error for missing css prop (#31479)\n * Login: handle custom token creation error messages (#31283)\n * Library Panels: Don't list current panel in available panels list (#31472)\n * DashboardSettings: Migrate Link Settings to React (#31150)\n * Frontend changes for library panels feature (#30653)\n * Alerting notifier SensuGo: improvements in default message (#31428)\n * AppPlugins: Options to disable showing config page in nav (#31354)\n * add aws config (#31464)\n * Heatmap: Fix missing/wrong value in heatmap legend (#31430)\n * Chore: Fixes small typos (#31461)\n * Graphite/SSE: update graphite to work with server side expressions (#31455)\n * update the lastest version to 7.4.3 (#31457)\n * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454)\n * AWS: Add aws plugin configuration (#31312)\n * Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452)\n * Remove UserSyncInfo.tsx (#31450)\n * Elasticsearch: Add word highlighting to search results (#30293)\n * Chore: Fix eslint react hook warnings in grafana-ui (#31092)\n * CloudWatch: Make it possible to specify custom api endpoint (#31402)\n * Chore: fixed incorrect naming for disable settings (#31448)\n * TraceViewer: Fix show log marker in spanbar (#30742)\n * LibraryPanels: Adds permissions to getAllHandler (#31416)\n * NamedColorsPalette: updates story from knobs to controls (#31443)\n * 'Release: Updated versions in package to 7.4.3' (#31444)\n * ColorPicker: updates story from knobs to controls (#31429)\n * Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431)\n * ClipboardButton: updates story from knobs to controls (#31422)\n * we should never log unhashed tokens (#31432)\n * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407)\n * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322)\n * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353)\n * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362)\n * TraceViewer: Fix trace to logs icon to show in right pane (#31414)\n * add hg team as migrations code owners (#31420)\n * Remove tidy-check script (#31423)\n * InfluxDB: handle columns named 'table' (#30985)\n * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401)\n * Devenv: Add gdev-influxdb2 data source (#31250)\n * Update grabpl from 0.5.38 to 0.5.42 version (#31419)\n * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421)\n * remove squadcast details from docs (#31413)\n * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297)\n * Logging: add frontend logging helpers to @grafana/runtime package (#30482)\n * CallToActionCard: updates story from knobs to controls (#31393)\n * Add eu-south-1 cloudwatch region, closes #31197 (#31198)\n * Chore: Upgrade eslint packages (#31408)\n * Cascader: updates story from knobs to controls (#31399)\n * addressed issues 28763 and 30314. (#31404)\n * Added section Query a time series database by id (#31337)\n * Prometheus: Change default httpMethod for new instances to POST (#31292)\n * Data source list: Use Card component (#31326)\n * Chore: Remove gotest.tools dependency (#31391)\n * Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388)\n * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387)\n * AdHocVariables: Fixes crash when values are stored as numbers (#31382)\n * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379)\n * Chore: Fix strict errors, down to 416 (#31365)\n * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378)\n * StoryBook: Introduces Grafana Controls (#31351)\n * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313)\n * Theming: Support for runtime theme switching and hooks for custom themes (#31301)\n * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282)\n * Zipkin: Show success on test data source (#30829)\n * Update grot template (needs more info) (#31350)\n * DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347)\n * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332)\n * Grafana/UI: Add basic legend to the PieChart (#31278)\n * SAML: single logout only enabled in enterprise (#31325)\n * QueryEditor: handle query.hide changes in angular based query-editors (#31336)\n * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334)\n * LibraryPanels: Syncs panel title with name (#31311)\n * Chore: Upgrade golangci-lint (#31330)\n * Add info to docs about concurrent session limits (#31333)\n * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316)\n * BarGuage: updates story from knobs to controls (#31223)\n * Docs: Clarifies how to add Key/Value pairs (#31303)\n * Usagestats: Exclude folders from total dashboard count (#31320)\n * ButtonCascader: updates story from knobs to controls (#31288)\n * test: allow check for Table as well as Graph for Explore e2e flow (#31290)\n * Grafana-UI: Update tooltip type (#31310)\n * fix 7.4.2 release note (#31299)\n * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285)\n * Chore: reduce strict errors for variables (#31241)\n * update latest release version (#31296)\n * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291)\n * Correct name of Discord notifier tests (#31277)\n * Docs: Clarifies custom date formats for variables (#31271)\n * BigValue: updates story from knobs to controls (#31240)\n * Docs: Annotations update (#31194)\n * Introduce functions for interacting with library panels API (#30993)\n * Search: display sort metadata (#31167)\n * Folders: Editors should be able to edit name and delete folders (#31242)\n * Make Datetime local (No date if today) working (#31274)\n * UsageStats: Purpose named variables (#31264)\n * Snapshots: Disallow anonymous user to create snapshots (#31263)\n * only update usagestats every 30min (#31131)\n * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701)\n * Grafana-UI: Add id to Select to make it easier to test (#31230)\n * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055)\n * UI/Card: Fix handling of 'onClick' callback (#31225)\n * Loki: Add line limit for annotations (#31183)\n * Remove deprecated and breaking loki config field (#31227)\n * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236)\n * LibraryPanels: Disconnect before connect during dashboard save (#31235)\n * Disable Change Password for OAuth users (#27886)\n * TagsInput: Design update and component refactor (#31163)\n * Variables: Adds back default option for data source variable (#31208)\n * IPv6: Support host address configured with enclosing square brackets (#31226)\n * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179)\n * GraphNG: refactor core to class component (#30941)\n * Remove last synchronisation field from LDAP debug view (#30984)\n * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975)\n * Graph: Make axes unit option work even when field option unit is set (#31205)\n * AlertingNG: Test definition (#30886)\n * Docs: Update Influx config options (#31146)\n * WIP: Skip this call when we skip migrations (#31216)\n * use 0.1.0 (#31215)\n * DataSourceSrv: Filter out non queryable data sources by default (#31144)\n * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193)\n * Chore: report eslint no-explicit-any errors to metrics (#31182)\n * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211)\n * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773)\n * Alerting: Fix modal text for deleting obsolete notifier (#31171)\n * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204)\n * Variables: Fixes missing empty elements from regex filters (#31156)\n * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126)\n * Fixed the typo. (#31189)\n * Docs: Rewrite preferences docs (#31154)\n * Explore/Refactor: Simplify URL handling (#29173)\n * DashboardLinks: Fixes links always cause full page reload (#31178)\n * Replace PR with Commit truncated hash when build fails (#31177)\n * Alert: update story to use controls (#31145)\n * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132)\n * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172)\n * Update prometheus.md (#31173)\n * Variables: Extend option pickers to accept custom onChange callback (#30913)\n * Prometheus: Multiply exemplars timestamp to follow api change (#31143)\n * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160)\n * Add author name and pr number in drone pipeline notifications (#31124)\n * Prometheus: Add documentation for ad-hoc filters (#31122)\n * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135)\n * Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079)\n * Chore: Update latest.json (#31139)\n * Docs: add 7.4.1 relese notes link (#31137)\n * PieChart: Progress on new core pie chart (#28020)\n * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133)\n * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989)\n * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121)\n * MuxWriter: Handle error for already closed file (#31119)\n * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115)\n * Search: add sort information in dashboard results (#30609)\n * area/grafana/e2e: ginstall should pull version specified (#31056)\n * Exemplars: Change CTA style (#30880)\n * Influx: Make max series limit configurable and show the limiting message if applied (#31025)\n * Docs: request security (#30937)\n * update configurePanel for 7.4.0 changes (#31093)\n * Elasticsearch: fix log row context erroring out (#31088)\n * Prometheus: Fix issues with ad-hoc filters (#30931)\n * LogsPanel: Add deduplication option for logs (#31019)\n * Drone: Make sure CDN upload is ok before pushing docker images (#31075)\n * PluginManager: Remove some global state (#31081)\n * test: update addDashboard flow for v7.4.0 changes (#31059)\n * Transformations: Fixed typo in FilterByValue transformer description. (#31078)\n * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074)\n * Usage stats: Adds source/distributor setting (#31039)\n * CDN: Add CDN upload step to enterprise and release pipelines (#31058)\n * Chore: Replace native select with grafana ui select (#31030)\n * Docs: Update json-model.md (#31066)\n * Docs: Update whats-new-in-v7-4.md (#31069)\n * Added hyperlinks to Graphite documentation (#31064)\n * DashboardSettings: Update to new form styles (#31022)\n * CDN: Fixing drone CI config (#31052)\n * convert path to posix by default (#31045)\n * DashboardLinks: Fixes crash when link has no title (#31008)\n * Alerting: Fixes so notification channels are properly deleted (#31040)\n * Explore: Remove emotion error when displaying logs (#31026)\n * Elasticsearch: Fix alias field value not being shown in query editor (#30992)\n * CDN: Adds uppload to CDN step to drone CI (#30879)\n * Improved glossary (#31004)\n * BarGauge: Improvements to value sizing and table inner width calculations (#30990)\n * Drone: Fix deployment image (#31027)\n * ColorPicker: migrated styles from sass to emotion (#30909)\n * Dashboard: Migrate general settings to react (#30914)\n * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018)\n * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966)\n * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017)\n * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013)\n * Graph: Fixes so graph is shown for non numeric time values (#30972)\n * CloudMonitoring: Prevent resource type variable function from crashing (#30901)\n * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971)\n * Build: Releases e2e and e2e-selectors too (#31006)\n * TextPanel: Fixes so panel title is updated when variables change (#30884)\n * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000)\n * instrumentation: make the first database histogram bucket smaller (#30995)\n * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt… (#30988)\n * StatPanel: Fixes issue formatting date values using unit option (#30979)\n * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973)\n * Units: Fixes formatting of duration units (#30982)\n * Elasticsearch: Show Size setting for raw_data metric (#30980)\n * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935)\n * make sure service and slo display name is passed to segment comp (#30900)\n * assign changes in cloud datasources to the new cloud datasources team (#30645)\n * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927)\n * Theme: Use higher order theme color variables rather then is light/dark logic (#30939)\n * Docs: Add alias for what's new in 7.4 (#30945)\n * e2e: extends selector factory to plugins (#30932)\n * Chore: Upgrade docker build image (#30820)\n * Docs: updated developer guide (#29978)\n * Alerts: Update Alert storybook to show more states (#30908)\n * Variables: Adds queryparam formatting option (#30858)\n * Chore: pad unknown values with undefined (#30808)\n * Transformers: add search to transform selection (#30854)\n * Exemplars: change api to reflect latest changes (#30910)\n * docs: use selinux relabelling on docker containers (#27685)\n * Docs: Fix bad image path for alert notification template (#30911)\n * Make value mappings correctly interpret numeric-like strings (#30893)\n * Chore: Update latest.json (#30905)\n * Docs: Update whats-new-in-v7-4.md (#30882)\n * Dashboard: Ignore changes to dashboard when the user session expires (#30897)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902)\n * test: add support for timeout to be passed in for addDatasource (#30736)\n * increase page size and make sure the cache supports query params (#30892)\n * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891)\n * OAuth: custom username docs (#28400)\n * Panels: Remove value mapping of values that have been formatted #26763 (#30868)\n * Alerting: Fixes alert panel header icon not showing (#30840)\n * AlertingNG: Edit Alert Definition (#30676)\n * Logging: sourcemap support for frontend stacktraces (#30590)\n * Added 'Restart Grafana' topic. (#30844)\n * Docs: Org, Team, and User Admin (#30756)\n * bump grabpl version to 0.5.36 (#30874)\n * Plugins: Requests validator (#30445)\n * Docs: Update whats-new-in-v7-4.md (#30876)\n * Docs: Add server view folder (#30849)\n * Fixed image name and path (#30871)\n * Grafana-ui: fixes closing modals with escape key (#30745)\n * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827)\n * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861)\n * Chart/Tooltip: refactored style declaration (#30824)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853)\n * Grafana-ui: fixes no data message in Table component (#30821)\n * grafana/ui: Update pagination component for large number of pages (#30151)\n * Alerting: Customise OK notification priorities for Pushover notifier (#30169)\n * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569)\n * Chore: Remove panelTime.html, closes #30097 (#30842)\n * Docs: Time series panel, bar alignment docs (#30780)\n * Chore: add more docs annotations (#30847)\n * Transforms: allow boolean in field calculations (#30802)\n * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825)\n * Update prometheus.md with image link fix (#30833)\n * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806)\n * Update license-expiration.md (#30839)\n * Explore rewrite (#30804)\n * Prometheus: Set type of labels to string (#30831)\n * GrafanaUI: Add a way to persistently close InfoBox (#30716)\n * Fix typo in transformer registry (#30712)\n * Elasticsearch: Display errors with text responses (#30122)\n * CDN: Fixes cdn path when Grafana is under sub path (#30822)\n * TraceViewer: Fix lazy loading (#30700)\n * FormField: migrated sass styling to emotion (#30392)\n * AlertingNG: change API permissions (#30781)\n * Variables: Clears drop down state when leaving dashboard (#30810)\n * Grafana-UI: Add story/docs for ErrorBoundary (#30304)\n * Add missing callback dependency (#30797)\n * PanelLibrary: Adds library panel meta information to dashboard json (#30770)\n * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343)\n * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771)\n * GraphNG: improve behavior when switching between solid/dash/dots (#30796)\n * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778)\n * Add width for Variable Editors (#30791)\n * Chore: Remove warning when calling resource (#30752)\n * Auth: Use SigV4 lib from grafana-aws-sdk (#30713)\n * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784)\n * GraphNG: add bar alignment option (#30499)\n * Expressions: Measure total transformation requests and elapsed time (#30514)\n * Menu: Mark menu components as internal (#30740)\n * TableInputCSV: migrated styles from sass to emotion (#30554)\n * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777)\n * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772)\n * CDN: Adds support for serving assets over a CDN (#30691)\n * PanelEdit: Trigger refresh when changing data source (#30744)\n * Chore: remove __debug_bin (#30725)\n * BarChart: add alpha bar chart panel (#30323)\n * Docs: Time series panel (#30690)\n * Backend Plugins: Convert test data source to use SDK contracts (#29916)\n * Docs: Update whats-new-in-v7-4.md (#30747)\n * Add link to Elasticsearch docs. (#30748)\n * Mobile: Fixes issue scrolling on mobile in chrome (#30746)\n * TagsInput: Make placeholder configurable (#30718)\n * Docs: Add config settings for fonts in reporting (#30421)\n * Add menu.yaml to .gitignore (#30743)\n * bump cypress to 6.3.0 (#30644)\n * Datasource: Use json-iterator configuration compatible with standard library (#30732)\n * AlertingNG: Update UX to use new PageToolbar component (#30680)\n * Docs: Add usage insights export feature (#30376)\n * skip symlinks to directories when generating plugin manifest (#30721)\n * PluginCiE2E: Upgrade base images (#30696)\n * Variables: Fixes so text format will show All instead of custom all (#30730)\n * PanelLibrary: better handling of deleted panels (#30709)\n * Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724)\n * Added 'curated dashboards' information and broke down, rearranged topics. (#30659)\n * Transform: improve the 'outer join' performance/behavior (#30407)\n * Add alt text to plugin logos (#30710)\n * Deleted menu.yaml file (#30717)\n * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000)\n * Added entry for web server. (#30715)\n * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706)\n * Use connected GraphNG in Explore (#30707)\n * Fix documentation for streaming data sources (#30704)\n * PanelLibrary: changes casing of responses and adds meta property (#30668)\n * Influx: Show all datapoints for dynamically windowed flux query (#30688)\n * Trace: trace to logs design update (#30637)\n * DeployImage: Switch base images to Debian (#30684)\n * Chore: remove CSP debug logging line (#30689)\n * Docs: 7.4 documentation for expressions (#30524)\n * PanelEdit: Get rid of last remaining usage of navbar-button (#30682)\n * Grafana-UI: Fix setting default value for MultiSelect (#30671)\n * CustomScrollbar: migrated styles from sass to emotion (#30506)\n * DashboardSettings & PanelEdit: Use new PageToolbar (#30675)\n * Explore: Fix jumpy live tailing (#30650)\n * ci(npm-publish): add missing github package token to env vars (#30665)\n * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588)\n * AlertingNG: pause/unpause definitions via the API (#30627)\n * Docs: Refer to product docs in whats new for alerting templating feature (#30652)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666)\n * Variables: Fixes display value when using capture groups in regex (#30636)\n * Docs: Update _index.md (#30655)\n * Docs: Auditing updates (#30433)\n * Docs: add hidden_users configuration field (#30435)\n * Docs: Define TLS/SSL terminology (#30533)\n * Docs: Fix expressions enabled description (#30589)\n * Docs: Update ES screenshots (#30598)\n * Licensing Docs: Adding license restrictions docs (#30216)\n * Update documentation-style-guide.md (#30611)\n * Docs: Update queries.md (#30616)\n * chore(grafana-ui): bump storybook to 6.1.15 (#30642)\n * DashboardSettings: fixes vertical scrolling (#30640)\n * Usage Stats: Remove unused method for getting user stats (#30074)\n * Grafana/UI: Unit picker should not set a category as unit (#30638)\n * Graph: Fixes auto decimals issue in legend and tooltip (#30628)\n * AlertingNG: List saved Alert definitions in Alert Rule list (#30603)\n * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605)\n * Grafana/UI: Add disable prop to Segment (#30539)\n * Variables: Fixes so queries work for numbers values too (#30602)\n * Admin: Fixes so form values are filled in from backend (#30544)\n * Docs: Add new override info and add whats new 7.4 links (#30615)\n * TestData: Improve what's new in v7.4 (#30612)\n * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502)\n * NodeGraph: Add docs (#30504)\n * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517)\n * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570)\n * Update styling.md guide (#30594)\n * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583)\n * Chore(deps): Bump github.com/prometheus/client_golang (#30585)\n * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587)\n * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584)\n * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572)\n * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474)\n * Add documentation for Exemplars (#30317)\n * OldGraph: Fix height issue in Firefox (#30565)\n * XY Chart: fix editor error with empty frame (no fields) (#30573)\n * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510)\n * XY Chart: share legend config with timeseries (#30559)\n * configuration.md: Document Content Security Policy options (#30413)\n * DataFrame: cache frame/field index in field state (#30529)\n * List + before -; rm old Git ref; reformat. (#30543)\n * Expressions: Add option to disable feature (#30541)\n * Explore: Fix loading visualisation on the top of the new time series panel (#30553)\n * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511)\n * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519)\n * Postgres: Convert tests to stdlib (#30536)\n * Storybook: Migrate card story to use controls (#30535)\n * AlertingNG: Enable UI to Save Alert Definitions (#30394)\n * Postgres: Be consistent about TLS/SSL terminology (#30532)\n * Loki: Append refId to logs uid (#30418)\n * Postgres: Fix indentation (#30531)\n * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527)\n * updates for e2e docker image (#30465)\n * GraphNG: uPlot 1.6.2 (#30521)\n * Docs: Update whats-new-in-v7-4.md (#30520)\n * Prettier: ignore build and devenv dirs (#30501)\n * Chore: Upgrade grabpl version (#30486)\n * Explore: Update styling of buttons (#30493)\n * Cloud Monitoring: Fix legend naming with display name override (#30440)\n * GraphNG: Disable Plot logging by default (#30390)\n * Admin: Fixes so whole org drop down is visible when adding users to org (#30481)\n * Docs: include Makefile option for local assets (#30455)\n * Footer: Fixes layout issue in footer (#30443)\n * TimeSeriesPanel: Fixed default value for gradientMode (#30484)\n * Docs: fix typo in what's new doc (#30489)\n * Chore: adds wait to e2e test (#30488)\n * chore: update packages dependent on dot-prop to fix security vulnerability (#30432)\n * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480)\n * Chore: fix spelling mistake (#30473)\n * Chore: Restrict internal imports from other packages (#30453)\n * Docs: What's new fixes and improvements (#30469)\n * Timeseries: only migrage point size when configured (#30461)\n * Alerting: Hides threshold handle for percentual thresholds (#30431)\n * Graph: Fixes so only users with correct permissions can add annotations (#30419)\n * Chore: update latest version to 7.4.0-beta1 (#30452)\n * Docs: Add whats new 7.4 links (#30463)\n * Update whats-new-in-v7-4.md (#30460)\n * docs: 7.4 what's new (Add expressions note) (#30446)\n * Chore: Upgrade build pipeline tool (#30456)\n * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441)\n * Expressions: Fix button icon (#30444)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449)\n * Docs: Fix img link for alert notification template (#30436)\n * grafana/ui: Fix internal import from grafana/data (#30439)\n * prevent field config from being overwritten (#30437)\n * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389)\n * Dashboard: Remove template variables option from ShareModal (#30395)\n * Added doc content for variables inspector code change by Hugo (#30408)\n * Docs: update license expiration behavior for reporting (#30420)\n * Chore: use old version format in package.json (#30430)\n * Chore: upgrade NPM security vulnerabilities (#30397)\n * 'Release: Updated versions in package to 7.5.0-pre.0' (#30428)\n * contribute: Add backend and configuration guidelines for PRs (#30426)\n * Chore: Update what's new URL (#30424)\n- Update to version 7.4.5\n- CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809)\n- CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813)\n- CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-1148", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1148-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:1148-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7FZP3KR7QVZ36DM2NRRT76CHYDLB44JX/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:1148-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7FZP3KR7QVZ36DM2NRRT76CHYDLB44JX/", }, { category: "self", summary: "SUSE Bug 1183803", url: "https://bugzilla.suse.com/1183803", }, { category: "self", summary: "SUSE Bug 1183809", url: "https://bugzilla.suse.com/1183809", }, { category: "self", summary: "SUSE Bug 1183811", url: "https://bugzilla.suse.com/1183811", }, { category: "self", summary: "SUSE Bug 1183813", url: "https://bugzilla.suse.com/1183813", }, { category: "self", summary: "SUSE Bug 1184371", url: "https://bugzilla.suse.com/1184371", }, { category: "self", summary: "SUSE CVE CVE-2021-27358 page", url: "https://www.suse.com/security/cve/CVE-2021-27358/", }, { category: "self", summary: "SUSE CVE CVE-2021-27962 page", url: "https://www.suse.com/security/cve/CVE-2021-27962/", }, { category: "self", summary: "SUSE CVE CVE-2021-28146 page", url: "https://www.suse.com/security/cve/CVE-2021-28146/", }, { category: "self", summary: "SUSE CVE CVE-2021-28147 page", url: "https://www.suse.com/security/cve/CVE-2021-28147/", }, { category: "self", summary: "SUSE CVE CVE-2021-28148 page", url: "https://www.suse.com/security/cve/CVE-2021-28148/", }, ], title: "Security update for grafana", tracking: { current_release_date: "2021-08-13T11:17:54Z", generator: { date: "2021-08-13T11:17:54Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:1148-1", initial_release_date: "2021-08-13T11:17:54Z", revision_history: [ { date: "2021-08-13T11:17:54Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-7.5.7-lp152.2.16.1.x86_64", product: { name: "grafana-7.5.7-lp152.2.16.1.x86_64", product_id: "grafana-7.5.7-lp152.2.16.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-lp152.2.16.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", }, product_reference: "grafana-7.5.7-lp152.2.16.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, ], }, vulnerabilities: [ { cve: "CVE-2021-27358", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27358", }, ], notes: [ { category: "general", text: "The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27358", url: "https://www.suse.com/security/cve/CVE-2021-27358", }, { category: "external", summary: "SUSE Bug 1183803 for CVE-2021-27358", url: "https://bugzilla.suse.com/1183803", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-13T11:17:54Z", details: "important", }, ], title: "CVE-2021-27358", }, { cve: "CVE-2021-27962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27962", }, ], notes: [ { category: "general", text: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27962", url: "https://www.suse.com/security/cve/CVE-2021-27962", }, { category: "external", summary: "SUSE Bug 1184371 for CVE-2021-27962", url: "https://bugzilla.suse.com/1184371", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-13T11:17:54Z", details: "moderate", }, ], title: "CVE-2021-27962", }, { cve: "CVE-2021-28146", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28146", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28146", url: "https://www.suse.com/security/cve/CVE-2021-28146", }, { category: "external", summary: "SUSE Bug 1183811 for CVE-2021-28146", url: "https://bugzilla.suse.com/1183811", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-13T11:17:54Z", details: "moderate", }, ], title: "CVE-2021-28146", }, { cve: "CVE-2021-28147", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28147", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28147", url: "https://www.suse.com/security/cve/CVE-2021-28147", }, { category: "external", summary: "SUSE Bug 1183809 for CVE-2021-28147", url: "https://bugzilla.suse.com/1183809", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-13T11:17:54Z", details: "moderate", }, ], title: "CVE-2021-28147", }, { cve: "CVE-2021-28148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28148", }, ], notes: [ { category: "general", text: "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28148", url: "https://www.suse.com/security/cve/CVE-2021-28148", }, { category: "external", summary: "SUSE Bug 1183813 for CVE-2021-28148", url: "https://bugzilla.suse.com/1183813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:grafana-7.5.7-lp152.2.16.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-13T11:17:54Z", details: "important", }, ], title: "CVE-2021-28148", }, ], }
opensuse-su-2021:2675-1
Vulnerability from csaf_opensuse
Published
2021-08-12 10:05
Modified
2021-08-12 10:05
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
ansible:
- The support level for ansible is l2, not l3
dracut-saltboot:
- Force installation of libexpat.so.1 (bsc#1188846)
- Use kernel parameters from PXE formula also for local boot
golang-github-prometheus-prometheus:
- Provide and reload firewalld configuration only for:
+ openSUSE Leap 15.0, 15.1, 15.2
+ SUSE Linux Enterprise 15, 15 SP1, 15 SP2
- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)
+ Bugfix:
* SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242)
* UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659
* TSDB: Do not panic when writing very large records to the WAL. #8790
* TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723
* Scaleway Discovery: Fix nil pointer dereference. #8737
* Consul Discovery: Restart no longer required after config update with no targets. #8766
+ Features:
* Promtool: Retroactive rule evaluation functionality.
* Configuration: Environment variable expansion for external labels.
Behind '--enable-feature=expand-external-labels' flag.
* Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for
small Prometheus instances.
* UI: Add a dark theme.
* AWS Lightsail Discovery: Add AWS Lightsail Discovery.
* Docker Discovery: Add Docker Service Discovery.
* OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.
* Remote Write: Send exemplars via remote write. Experimental and disabled by default.
+ Enhancements:
* Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.
* Scaleway Discovery: Read Scaleway secret from a file.
* Scrape: Add configurable limits for label size and count.
* UI: Add 16w and 26w time range steps.
* Templating: Enable parsing strings in humanize functions.
- Update package with changes from `server:monitoring` (bsc#1175478)
Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's
`firewalld` package does not contain 'prometheus' configuration yet.
mgr-cfg:
- No visible impact for the user
mgr-custom-info:
- No visible impact for the user
mgr-osad:
- No visible impact for the user
mgr-push:
- No visible impact for the user
mgr-virtualization:
- No visible impact for the user
rhnlib:
- No visible impact for the user
spacecmd:
- Make spacecmd aware of retracted patches/packages
- Enhance help for installation types when creating distributions (bsc#1186581)
- Parse empty argument when nothing in between the separator
spacewalk-client-tools:
- Update translation strings
spacewalk-koan:
- Fix for spacewalk-koan tests after switching to the new
Docker images
spacewalk-oscap:
- No visible impact for the user
suseRegisterInfo:
- No visible impact for the user
uyuni-common-libs:
- Handle broken RPM packages to prevent exceptions
causing fails on repository synchronization (bsc#1186650)
- Maintainer field in debian packages are only recommended (bsc#1186508)
Patchnames
openSUSE-SLE-15.3-2021-2675
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\nansible:\n\n- The support level for ansible is l2, not l3\n\ndracut-saltboot:\n\n- Force installation of libexpat.so.1 (bsc#1188846)\n- Use kernel parameters from PXE formula also for local boot\n\ngolang-github-prometheus-prometheus:\n\n- Provide and reload firewalld configuration only for:\n + openSUSE Leap 15.0, 15.1, 15.2\n + SUSE Linux Enterprise 15, 15 SP1, 15 SP2\n- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)\n + Bugfix:\n * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242)\n * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659\n * TSDB: Do not panic when writing very large records to the WAL. #8790\n * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723\n * Scaleway Discovery: Fix nil pointer dereference. #8737\n * Consul Discovery: Restart no longer required after config update with no targets. #8766\n + Features:\n * Promtool: Retroactive rule evaluation functionality.\n * Configuration: Environment variable expansion for external labels. \n Behind '--enable-feature=expand-external-labels' flag.\n * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for \n small Prometheus instances.\n * UI: Add a dark theme.\n * AWS Lightsail Discovery: Add AWS Lightsail Discovery.\n * Docker Discovery: Add Docker Service Discovery.\n * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.\n * Remote Write: Send exemplars via remote write. Experimental and disabled by default.\n + Enhancements:\n * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.\n * Scaleway Discovery: Read Scaleway secret from a file.\n * Scrape: Add configurable limits for label size and count.\n * UI: Add 16w and 26w time range steps.\n * Templating: Enable parsing strings in humanize functions.\n- Update package with changes from `server:monitoring` (bsc#1175478)\n Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's\n `firewalld` package does not contain 'prometheus' configuration yet.\n\nmgr-cfg:\n\n- No visible impact for the user\n\nmgr-custom-info:\n\n- No visible impact for the user\n\nmgr-osad:\n\n- No visible impact for the user\n\nmgr-push:\n\n- No visible impact for the user\n\nmgr-virtualization:\n\n- No visible impact for the user\n\nrhnlib:\n\n- No visible impact for the user\n\nspacecmd:\n\n- Make spacecmd aware of retracted patches/packages\n- Enhance help for installation types when creating distributions (bsc#1186581)\n- Parse empty argument when nothing in between the separator\n\nspacewalk-client-tools:\n\n- Update translation strings\n\nspacewalk-koan:\n\n- Fix for spacewalk-koan tests after switching to the new\n Docker images\n\nspacewalk-oscap:\n\n- No visible impact for the user\n\nsuseRegisterInfo:\n\n- No visible impact for the user\n\nuyuni-common-libs:\n\n- Handle broken RPM packages to prevent exceptions\n causing fails on repository synchronization (bsc#1186650)\n- Maintainer field in debian packages are only recommended (bsc#1186508)\n\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-SLE-15.3-2021-2675", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2675-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:2675-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X43KWNU2XMSBJQO437DI7TR5WXTEXGK5/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:2675-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X43KWNU2XMSBJQO437DI7TR5WXTEXGK5/", }, { category: "self", summary: "SUSE Bug 1175478", url: "https://bugzilla.suse.com/1175478", }, { category: "self", summary: "SUSE Bug 1186242", url: "https://bugzilla.suse.com/1186242", }, { category: "self", summary: "SUSE Bug 1186508", url: "https://bugzilla.suse.com/1186508", }, { category: "self", summary: "SUSE Bug 1186581", url: "https://bugzilla.suse.com/1186581", }, { category: "self", summary: "SUSE Bug 1186650", url: "https://bugzilla.suse.com/1186650", }, { category: "self", summary: "SUSE Bug 1188846", url: "https://bugzilla.suse.com/1188846", }, { category: "self", summary: "SUSE CVE CVE-2021-27962 page", url: "https://www.suse.com/security/cve/CVE-2021-27962/", }, { category: "self", summary: "SUSE CVE CVE-2021-28146 page", url: "https://www.suse.com/security/cve/CVE-2021-28146/", }, { category: "self", summary: "SUSE CVE CVE-2021-28147 page", url: "https://www.suse.com/security/cve/CVE-2021-28147/", }, { category: "self", summary: "SUSE CVE CVE-2021-28148 page", url: "https://www.suse.com/security/cve/CVE-2021-28148/", }, { category: "self", summary: "SUSE CVE CVE-2021-29622 page", url: "https://www.suse.com/security/cve/CVE-2021-29622/", }, ], title: "Security update for SUSE Manager Client Tools", tracking: { current_release_date: "2021-08-12T10:05:26Z", generator: { date: "2021-08-12T10:05:26Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:2675-1", initial_release_date: "2021-08-12T10:05:26Z", revision_history: [ { date: "2021-08-12T10:05:26Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", product_id: "python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", product: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", product_id: "python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ansible-2.9.21-1.5.1.noarch", product: { name: "ansible-2.9.21-1.5.1.noarch", product_id: "ansible-2.9.21-1.5.1.noarch", }, }, { category: "product_version", name: "ansible-doc-2.9.21-1.5.1.noarch", product: { name: "ansible-doc-2.9.21-1.5.1.noarch", product_id: "ansible-doc-2.9.21-1.5.1.noarch", }, }, { category: "product_version", name: "ansible-test-2.9.21-1.5.1.noarch", product: { name: "ansible-test-2.9.21-1.5.1.noarch", product_id: "ansible-test-2.9.21-1.5.1.noarch", }, }, { category: "product_version", name: "dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", product: { name: "dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", product_id: "dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-4.2.3-1.18.1.noarch", product: { name: "mgr-cfg-4.2.3-1.18.1.noarch", product_id: "mgr-cfg-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-actions-4.2.3-1.18.1.noarch", product: { name: "mgr-cfg-actions-4.2.3-1.18.1.noarch", product_id: "mgr-cfg-actions-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-client-4.2.3-1.18.1.noarch", product: { name: "mgr-cfg-client-4.2.3-1.18.1.noarch", product_id: "mgr-cfg-client-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-management-4.2.3-1.18.1.noarch", product: { name: "mgr-cfg-management-4.2.3-1.18.1.noarch", product_id: "mgr-cfg-management-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "mgr-custom-info-4.2.2-1.12.1.noarch", product: { name: "mgr-custom-info-4.2.2-1.12.1.noarch", product_id: "mgr-custom-info-4.2.2-1.12.1.noarch", }, }, { category: "product_version", name: "mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product: { name: "mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product_id: "mgr-osa-dispatcher-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "mgr-osad-4.2.6-1.30.1.noarch", product: { name: "mgr-osad-4.2.6-1.30.1.noarch", product_id: "mgr-osad-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "mgr-push-4.2.3-1.12.1.noarch", product: { name: "mgr-push-4.2.3-1.12.1.noarch", product_id: "mgr-push-4.2.3-1.12.1.noarch", }, }, { category: "product_version", name: "mgr-virtualization-host-4.2.2-1.20.1.noarch", product: { name: "mgr-virtualization-host-4.2.2-1.20.1.noarch", product_id: "mgr-virtualization-host-4.2.2-1.20.1.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-4.2.3-1.18.1.noarch", product: { name: "python2-mgr-cfg-4.2.3-1.18.1.noarch", product_id: "python2-mgr-cfg-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", product: { name: "python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", product_id: "python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-client-4.2.3-1.18.1.noarch", product: { name: "python2-mgr-cfg-client-4.2.3-1.18.1.noarch", product_id: "python2-mgr-cfg-client-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-management-4.2.3-1.18.1.noarch", product: { name: "python2-mgr-cfg-management-4.2.3-1.18.1.noarch", product_id: "python2-mgr-cfg-management-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python2-mgr-osa-common-4.2.6-1.30.1.noarch", product: { name: "python2-mgr-osa-common-4.2.6-1.30.1.noarch", product_id: "python2-mgr-osa-common-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product: { name: "python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product_id: "python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python2-mgr-osad-4.2.6-1.30.1.noarch", product: { name: "python2-mgr-osad-4.2.6-1.30.1.noarch", product_id: "python2-mgr-osad-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python2-mgr-push-4.2.3-1.12.1.noarch", product: { name: "python2-mgr-push-4.2.3-1.12.1.noarch", product_id: "python2-mgr-push-4.2.3-1.12.1.noarch", }, }, { category: "product_version", name: "python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", product: { name: "python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", product_id: "python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", }, }, { category: "product_version", name: "python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", product: { name: "python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", product_id: "python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", }, }, { category: "product_version", name: "python2-rhnlib-4.2.4-3.28.1.noarch", product: { name: "python2-rhnlib-4.2.4-3.28.1.noarch", product_id: "python2-rhnlib-4.2.4-3.28.1.noarch", }, }, { category: "product_version", name: "python2-spacewalk-check-4.2.12-3.44.1.noarch", product: { name: "python2-spacewalk-check-4.2.12-3.44.1.noarch", product_id: "python2-spacewalk-check-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", product: { name: "python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", product_id: "python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", product: { name: "python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", product_id: "python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python2-spacewalk-koan-4.2.4-3.21.1.noarch", product: { name: "python2-spacewalk-koan-4.2.4-3.21.1.noarch", product_id: "python2-spacewalk-koan-4.2.4-3.21.1.noarch", }, }, { category: "product_version", name: "python2-spacewalk-oscap-4.2.2-3.12.1.noarch", product: { name: "python2-spacewalk-oscap-4.2.2-3.12.1.noarch", product_id: "python2-spacewalk-oscap-4.2.2-3.12.1.noarch", }, }, { category: "product_version", name: "python2-suseRegisterInfo-4.2.4-3.15.1.noarch", product: { name: "python2-suseRegisterInfo-4.2.4-3.15.1.noarch", product_id: "python2-suseRegisterInfo-4.2.4-3.15.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-4.2.3-1.18.1.noarch", product: { name: "python3-mgr-cfg-4.2.3-1.18.1.noarch", product_id: "python3-mgr-cfg-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", product: { name: "python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", product_id: "python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-client-4.2.3-1.18.1.noarch", product: { name: "python3-mgr-cfg-client-4.2.3-1.18.1.noarch", product_id: "python3-mgr-cfg-client-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-management-4.2.3-1.18.1.noarch", product: { name: "python3-mgr-cfg-management-4.2.3-1.18.1.noarch", product_id: "python3-mgr-cfg-management-4.2.3-1.18.1.noarch", }, }, { category: "product_version", name: "python3-mgr-osa-common-4.2.6-1.30.1.noarch", product: { name: "python3-mgr-osa-common-4.2.6-1.30.1.noarch", product_id: "python3-mgr-osa-common-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product: { name: "python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", product_id: "python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python3-mgr-osad-4.2.6-1.30.1.noarch", product: { name: "python3-mgr-osad-4.2.6-1.30.1.noarch", product_id: "python3-mgr-osad-4.2.6-1.30.1.noarch", }, }, { category: "product_version", name: "python3-mgr-push-4.2.3-1.12.1.noarch", product: { name: "python3-mgr-push-4.2.3-1.12.1.noarch", product_id: "python3-mgr-push-4.2.3-1.12.1.noarch", }, }, { category: "product_version", name: "python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", product: { name: "python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", product_id: "python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", }, }, { category: "product_version", name: "python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", product: { name: "python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", product_id: "python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", }, }, { category: "product_version", name: "python3-rhnlib-4.2.4-3.28.1.noarch", product: { name: "python3-rhnlib-4.2.4-3.28.1.noarch", product_id: "python3-rhnlib-4.2.4-3.28.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-check-4.2.12-3.44.1.noarch", product: { name: "python3-spacewalk-check-4.2.12-3.44.1.noarch", product_id: "python3-spacewalk-check-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", product: { name: "python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", product_id: "python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", product: { name: "python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", product_id: "python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-koan-4.2.4-3.21.1.noarch", product: { name: "python3-spacewalk-koan-4.2.4-3.21.1.noarch", product_id: "python3-spacewalk-koan-4.2.4-3.21.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-oscap-4.2.2-3.12.1.noarch", product: { name: "python3-spacewalk-oscap-4.2.2-3.12.1.noarch", product_id: "python3-spacewalk-oscap-4.2.2-3.12.1.noarch", }, }, { category: "product_version", name: "python3-suseRegisterInfo-4.2.4-3.15.1.noarch", product: { name: "python3-suseRegisterInfo-4.2.4-3.15.1.noarch", product_id: "python3-suseRegisterInfo-4.2.4-3.15.1.noarch", }, }, { category: "product_version", name: "spacecmd-4.2.11-3.62.1.noarch", product: { name: "spacecmd-4.2.11-3.62.1.noarch", product_id: "spacecmd-4.2.11-3.62.1.noarch", }, }, { category: "product_version", name: "spacewalk-check-4.2.12-3.44.1.noarch", product: { name: "spacewalk-check-4.2.12-3.44.1.noarch", product_id: "spacewalk-check-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "spacewalk-client-setup-4.2.12-3.44.1.noarch", product: { name: "spacewalk-client-setup-4.2.12-3.44.1.noarch", product_id: "spacewalk-client-setup-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "spacewalk-client-tools-4.2.12-3.44.1.noarch", product: { name: "spacewalk-client-tools-4.2.12-3.44.1.noarch", product_id: "spacewalk-client-tools-4.2.12-3.44.1.noarch", }, }, { category: "product_version", name: "spacewalk-koan-4.2.4-3.21.1.noarch", product: { name: "spacewalk-koan-4.2.4-3.21.1.noarch", product_id: "spacewalk-koan-4.2.4-3.21.1.noarch", }, }, { category: "product_version", name: "spacewalk-oscap-4.2.2-3.12.1.noarch", product: { name: "spacewalk-oscap-4.2.2-3.12.1.noarch", product_id: "spacewalk-oscap-4.2.2-3.12.1.noarch", }, }, { category: "product_version", name: "suseRegisterInfo-4.2.4-3.15.1.noarch", product: { name: "suseRegisterInfo-4.2.4-3.15.1.noarch", product_id: "suseRegisterInfo-4.2.4-3.15.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", product_id: "python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", product: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", product_id: "python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.1.s390x", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.s390x", product_id: "python2-uyuni-common-libs-4.2.5-1.15.1.s390x", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.5-1.15.1.s390x", product: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.s390x", product_id: "python3-uyuni-common-libs-4.2.5-1.15.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", product: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", product_id: "python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", product: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", product_id: "python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-2.9.21-1.5.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", }, product_reference: "ansible-2.9.21-1.5.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "ansible-doc-2.9.21-1.5.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", }, product_reference: "ansible-doc-2.9.21-1.5.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "ansible-test-2.9.21-1.5.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", }, product_reference: "ansible-test-2.9.21-1.5.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", }, product_reference: "dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", }, product_reference: "mgr-cfg-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-actions-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", }, product_reference: "mgr-cfg-actions-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-client-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", }, product_reference: "mgr-cfg-client-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-management-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", }, product_reference: "mgr-cfg-management-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "mgr-custom-info-4.2.2-1.12.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", }, product_reference: "mgr-custom-info-4.2.2-1.12.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "mgr-osa-dispatcher-4.2.6-1.30.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", }, product_reference: "mgr-osa-dispatcher-4.2.6-1.30.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "mgr-osad-4.2.6-1.30.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", }, product_reference: "mgr-osad-4.2.6-1.30.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "mgr-push-4.2.3-1.12.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", }, product_reference: "mgr-push-4.2.3-1.12.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "mgr-virtualization-host-4.2.2-1.20.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", }, product_reference: "mgr-virtualization-host-4.2.2-1.20.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", }, product_reference: "python2-mgr-cfg-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-actions-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", }, product_reference: "python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-client-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", }, product_reference: "python2-mgr-cfg-client-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-management-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", }, product_reference: "python2-mgr-cfg-management-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-osa-common-4.2.6-1.30.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", }, product_reference: "python2-mgr-osa-common-4.2.6-1.30.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", }, product_reference: "python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-osad-4.2.6-1.30.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", }, product_reference: "python2-mgr-osad-4.2.6-1.30.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-push-4.2.3-1.12.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", }, product_reference: "python2-mgr-push-4.2.3-1.12.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-virtualization-common-4.2.2-1.20.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", }, product_reference: "python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-virtualization-host-4.2.2-1.20.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", }, product_reference: "python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-rhnlib-4.2.4-3.28.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", }, product_reference: "python2-rhnlib-4.2.4-3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-check-4.2.12-3.44.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", }, product_reference: "python2-spacewalk-check-4.2.12-3.44.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-client-setup-4.2.12-3.44.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", }, product_reference: "python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-client-tools-4.2.12-3.44.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", }, product_reference: "python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-koan-4.2.4-3.21.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", }, product_reference: "python2-spacewalk-koan-4.2.4-3.21.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-oscap-4.2.2-3.12.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", }, product_reference: "python2-spacewalk-oscap-4.2.2-3.12.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-suseRegisterInfo-4.2.4-3.15.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", }, product_reference: "python2-suseRegisterInfo-4.2.4-3.15.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", }, product_reference: "python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", }, product_reference: "python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", }, product_reference: "python2-uyuni-common-libs-4.2.5-1.15.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.2.5-1.15.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", }, product_reference: "python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", }, product_reference: "python3-mgr-cfg-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-actions-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", }, product_reference: "python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-client-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", }, product_reference: "python3-mgr-cfg-client-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-management-4.2.3-1.18.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", }, product_reference: "python3-mgr-cfg-management-4.2.3-1.18.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osa-common-4.2.6-1.30.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", }, product_reference: "python3-mgr-osa-common-4.2.6-1.30.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", }, product_reference: "python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osad-4.2.6-1.30.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", }, product_reference: "python3-mgr-osad-4.2.6-1.30.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-push-4.2.3-1.12.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", }, product_reference: "python3-mgr-push-4.2.3-1.12.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-virtualization-common-4.2.2-1.20.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", }, product_reference: "python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-virtualization-host-4.2.2-1.20.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", }, product_reference: "python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-rhnlib-4.2.4-3.28.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", }, product_reference: "python3-rhnlib-4.2.4-3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-check-4.2.12-3.44.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", }, product_reference: "python3-spacewalk-check-4.2.12-3.44.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-setup-4.2.12-3.44.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", }, product_reference: "python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.2.12-3.44.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", }, product_reference: "python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-koan-4.2.4-3.21.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", }, product_reference: "python3-spacewalk-koan-4.2.4-3.21.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-oscap-4.2.2-3.12.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", }, product_reference: "python3-spacewalk-oscap-4.2.2-3.12.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-suseRegisterInfo-4.2.4-3.15.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", }, product_reference: "python3-suseRegisterInfo-4.2.4-3.15.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", }, product_reference: "python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", }, product_reference: "python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", }, product_reference: "python3-uyuni-common-libs-4.2.5-1.15.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.5-1.15.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", }, product_reference: "python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.2.11-3.62.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", }, product_reference: "spacecmd-4.2.11-3.62.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-check-4.2.12-3.44.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", }, product_reference: "spacewalk-check-4.2.12-3.44.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-setup-4.2.12-3.44.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", }, product_reference: "spacewalk-client-setup-4.2.12-3.44.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.2.12-3.44.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", }, product_reference: "spacewalk-client-tools-4.2.12-3.44.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-koan-4.2.4-3.21.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", }, product_reference: "spacewalk-koan-4.2.4-3.21.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-oscap-4.2.2-3.12.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", }, product_reference: "spacewalk-oscap-4.2.2-3.12.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "suseRegisterInfo-4.2.4-3.15.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", }, product_reference: "suseRegisterInfo-4.2.4-3.15.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-27962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27962", }, ], notes: [ { category: "general", text: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-27962", url: "https://www.suse.com/security/cve/CVE-2021-27962", }, { category: "external", summary: "SUSE Bug 1184371 for CVE-2021-27962", url: "https://bugzilla.suse.com/1184371", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:05:26Z", details: "moderate", }, ], title: "CVE-2021-27962", }, { cve: "CVE-2021-28146", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28146", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-28146", url: "https://www.suse.com/security/cve/CVE-2021-28146", }, { category: "external", summary: "SUSE Bug 1183811 for CVE-2021-28146", url: "https://bugzilla.suse.com/1183811", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:05:26Z", details: "moderate", }, ], title: "CVE-2021-28146", }, { cve: "CVE-2021-28147", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28147", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-28147", url: "https://www.suse.com/security/cve/CVE-2021-28147", }, { category: "external", summary: "SUSE Bug 1183809 for CVE-2021-28147", url: "https://bugzilla.suse.com/1183809", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:05:26Z", details: "moderate", }, ], title: "CVE-2021-28147", }, { cve: "CVE-2021-28148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28148", }, ], notes: [ { category: "general", text: "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-28148", url: "https://www.suse.com/security/cve/CVE-2021-28148", }, { category: "external", summary: "SUSE Bug 1183813 for CVE-2021-28148", url: "https://bugzilla.suse.com/1183813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:05:26Z", details: "important", }, ], title: "CVE-2021-28148", }, { cve: "CVE-2021-29622", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-29622", }, ], notes: [ { category: "general", text: "Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-29622", url: "https://www.suse.com/security/cve/CVE-2021-29622", }, { category: "external", summary: "SUSE Bug 1186242 for CVE-2021-29622", url: "https://bugzilla.suse.com/1186242", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:ansible-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-doc-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:ansible-test-2.9.21-1.5.1.noarch", "openSUSE Leap 15.3:dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1.noarch", "openSUSE Leap 15.3:mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:mgr-custom-info-4.2.2-1.12.1.noarch", "openSUSE Leap 15.3:mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python2-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python2-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python2-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python2-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python2-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:python3-mgr-cfg-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-actions-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-client-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-cfg-management-4.2.3-1.18.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-common-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osa-dispatcher-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-osad-4.2.6-1.30.1.noarch", "openSUSE Leap 15.3:python3-mgr-push-4.2.3-1.12.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-common-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-mgr-virtualization-host-4.2.2-1.20.1.noarch", "openSUSE Leap 15.3:python3-rhnlib-4.2.4-3.28.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:python3-spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:python3-suseRegisterInfo-4.2.4-3.15.1.noarch", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.aarch64", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.ppc64le", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.s390x", "openSUSE Leap 15.3:python3-uyuni-common-libs-4.2.5-1.15.1.x86_64", "openSUSE Leap 15.3:spacecmd-4.2.11-3.62.1.noarch", "openSUSE Leap 15.3:spacewalk-check-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-setup-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-client-tools-4.2.12-3.44.1.noarch", "openSUSE Leap 15.3:spacewalk-koan-4.2.4-3.21.1.noarch", "openSUSE Leap 15.3:spacewalk-oscap-4.2.2-3.12.1.noarch", "openSUSE Leap 15.3:suseRegisterInfo-4.2.4-3.15.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:05:26Z", details: "moderate", }, ], title: "CVE-2021-29622", }, ], }
opensuse-su-2024:10818-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
grafana-7.5.7-1.2 on GA media
Notes
Title of the patch
grafana-7.5.7-1.2 on GA media
Description of the patch
These are all security issues fixed in the grafana-7.5.7-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10818
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "grafana-7.5.7-1.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the grafana-7.5.7-1.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10818", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10818-1.json", }, { category: "self", summary: "SUSE CVE CVE-2018-19039 page", url: "https://www.suse.com/security/cve/CVE-2018-19039/", }, { category: "self", summary: "SUSE CVE CVE-2019-15043 page", url: "https://www.suse.com/security/cve/CVE-2019-15043/", }, { category: "self", summary: "SUSE CVE CVE-2020-12245 page", url: "https://www.suse.com/security/cve/CVE-2020-12245/", }, { category: "self", summary: "SUSE CVE CVE-2020-13379 page", url: "https://www.suse.com/security/cve/CVE-2020-13379/", }, { category: "self", summary: "SUSE CVE CVE-2021-27962 page", url: "https://www.suse.com/security/cve/CVE-2021-27962/", }, { category: "self", summary: "SUSE CVE CVE-2021-28146 page", url: "https://www.suse.com/security/cve/CVE-2021-28146/", }, { category: "self", summary: "SUSE CVE CVE-2021-28148 page", url: "https://www.suse.com/security/cve/CVE-2021-28148/", }, ], title: "grafana-7.5.7-1.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10818-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-7.5.7-1.2.aarch64", product: { name: "grafana-7.5.7-1.2.aarch64", product_id: "grafana-7.5.7-1.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-7.5.7-1.2.ppc64le", product: { name: "grafana-7.5.7-1.2.ppc64le", product_id: "grafana-7.5.7-1.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-7.5.7-1.2.s390x", product: { name: "grafana-7.5.7-1.2.s390x", product_id: "grafana-7.5.7-1.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grafana-7.5.7-1.2.x86_64", product: { name: "grafana-7.5.7-1.2.x86_64", product_id: "grafana-7.5.7-1.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", }, product_reference: "grafana-7.5.7-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", }, product_reference: "grafana-7.5.7-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", }, product_reference: "grafana-7.5.7-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", }, product_reference: "grafana-7.5.7-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2018-19039", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-19039", }, ], notes: [ { category: "general", text: "Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-19039", url: "https://www.suse.com/security/cve/CVE-2018-19039", }, { category: "external", summary: "SUSE Bug 1115960 for CVE-2018-19039", url: "https://bugzilla.suse.com/1115960", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-19039", }, { cve: "CVE-2019-15043", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-15043", }, ], notes: [ { category: "general", text: "In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-15043", url: "https://www.suse.com/security/cve/CVE-2019-15043", }, { category: "external", summary: "SUSE Bug 1148383 for CVE-2019-15043", url: "https://bugzilla.suse.com/1148383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-15043", }, { cve: "CVE-2020-12245", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-12245", }, ], notes: [ { category: "general", text: "Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-12245", url: "https://www.suse.com/security/cve/CVE-2020-12245", }, { category: "external", summary: "SUSE Bug 1170557 for CVE-2020-12245", url: "https://bugzilla.suse.com/1170557", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-12245", }, { cve: "CVE-2020-13379", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13379", }, ], notes: [ { category: "general", text: "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-13379", url: "https://www.suse.com/security/cve/CVE-2020-13379", }, { category: "external", summary: "SUSE Bug 1172409 for CVE-2020-13379", url: "https://bugzilla.suse.com/1172409", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-13379", }, { cve: "CVE-2021-27962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27962", }, ], notes: [ { category: "general", text: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27962", url: "https://www.suse.com/security/cve/CVE-2021-27962", }, { category: "external", summary: "SUSE Bug 1184371 for CVE-2021-27962", url: "https://bugzilla.suse.com/1184371", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-27962", }, { cve: "CVE-2021-28146", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28146", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28146", url: "https://www.suse.com/security/cve/CVE-2021-28146", }, { category: "external", summary: "SUSE Bug 1183811 for CVE-2021-28146", url: "https://bugzilla.suse.com/1183811", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-28146", }, { cve: "CVE-2021-28148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28148", }, ], notes: [ { category: "general", text: "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28148", url: "https://www.suse.com/security/cve/CVE-2021-28148", }, { category: "external", summary: "SUSE Bug 1183813 for CVE-2021-28148", url: "https://bugzilla.suse.com/1183813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:grafana-7.5.7-1.2.aarch64", "openSUSE Tumbleweed:grafana-7.5.7-1.2.ppc64le", "openSUSE Tumbleweed:grafana-7.5.7-1.2.s390x", "openSUSE Tumbleweed:grafana-7.5.7-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-28148", }, ], }
opensuse-su-2021:1162-1
Vulnerability from csaf_opensuse
Published
2021-08-17 10:06
Modified
2021-08-17 10:06
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
ansible:
- The support level for ansible is l2, not l3
dracut-saltboot:
- Force installation of libexpat.so.1 (bsc#1188846)
- Use kernel parameters from PXE formula also for local boot
golang-github-prometheus-prometheus:
- Provide and reload firewalld configuration only for:
+ openSUSE Leap 15.0, 15.1, 15.2
+ SUSE Linux Enterprise 15, 15 SP1, 15 SP2
- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)
+ Bugfix:
* SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242)
* UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659
* TSDB: Do not panic when writing very large records to the WAL. #8790
* TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723
* Scaleway Discovery: Fix nil pointer dereference. #8737
* Consul Discovery: Restart no longer required after config update with no targets. #8766
+ Features:
* Promtool: Retroactive rule evaluation functionality.
* Configuration: Environment variable expansion for external labels.
Behind '--enable-feature=expand-external-labels' flag.
* Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for
small Prometheus instances.
* UI: Add a dark theme.
* AWS Lightsail Discovery: Add AWS Lightsail Discovery.
* Docker Discovery: Add Docker Service Discovery.
* OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.
* Remote Write: Send exemplars via remote write. Experimental and disabled by default.
+ Enhancements:
* Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.
* Scaleway Discovery: Read Scaleway secret from a file.
* Scrape: Add configurable limits for label size and count.
* UI: Add 16w and 26w time range steps.
* Templating: Enable parsing strings in humanize functions.
- Update package with changes from `server:monitoring` (bsc#1175478)
Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's
`firewalld` package does not contain 'prometheus' configuration yet.
mgr-cfg:
- No visible impact for the user
mgr-custom-info:
- No visible impact for the user
mgr-osad:
- No visible impact for the user
mgr-push:
- No visible impact for the user
mgr-virtualization:
- No visible impact for the user
rhnlib:
- No visible impact for the user
spacecmd:
- Make spacecmd aware of retracted patches/packages
- Enhance help for installation types when creating distributions (bsc#1186581)
- Parse empty argument when nothing in between the separator
spacewalk-client-tools:
- Update translation strings
spacewalk-koan:
- Fix for spacewalk-koan tests after switching to the new
Docker images
spacewalk-oscap:
- No visible impact for the user
suseRegisterInfo:
- No visible impact for the user
uyuni-common-libs:
- Handle broken RPM packages to prevent exceptions
causing fails on repository synchronization (bsc#1186650)
- Maintainer field in debian packages are only recommended (bsc#1186508)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2021-1162
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\nansible:\n\n- The support level for ansible is l2, not l3\n\ndracut-saltboot:\n\n- Force installation of libexpat.so.1 (bsc#1188846)\n- Use kernel parameters from PXE formula also for local boot\n\ngolang-github-prometheus-prometheus:\n\n- Provide and reload firewalld configuration only for:\n + openSUSE Leap 15.0, 15.1, 15.2\n + SUSE Linux Enterprise 15, 15 SP1, 15 SP2\n- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)\n + Bugfix:\n * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242)\n * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659\n * TSDB: Do not panic when writing very large records to the WAL. #8790\n * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723\n * Scaleway Discovery: Fix nil pointer dereference. #8737\n * Consul Discovery: Restart no longer required after config update with no targets. #8766\n + Features:\n * Promtool: Retroactive rule evaluation functionality.\n * Configuration: Environment variable expansion for external labels. \n Behind '--enable-feature=expand-external-labels' flag.\n * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for \n small Prometheus instances.\n * UI: Add a dark theme.\n * AWS Lightsail Discovery: Add AWS Lightsail Discovery.\n * Docker Discovery: Add Docker Service Discovery.\n * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.\n * Remote Write: Send exemplars via remote write. Experimental and disabled by default.\n + Enhancements:\n * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.\n * Scaleway Discovery: Read Scaleway secret from a file.\n * Scrape: Add configurable limits for label size and count.\n * UI: Add 16w and 26w time range steps.\n * Templating: Enable parsing strings in humanize functions.\n- Update package with changes from `server:monitoring` (bsc#1175478)\n Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's\n `firewalld` package does not contain 'prometheus' configuration yet.\n\nmgr-cfg:\n\n- No visible impact for the user\n\nmgr-custom-info:\n\n- No visible impact for the user\n\nmgr-osad:\n\n- No visible impact for the user\n\nmgr-push:\n\n- No visible impact for the user\n\nmgr-virtualization:\n\n- No visible impact for the user\n\nrhnlib:\n\n- No visible impact for the user\n\nspacecmd:\n\n- Make spacecmd aware of retracted patches/packages\n- Enhance help for installation types when creating distributions (bsc#1186581)\n- Parse empty argument when nothing in between the separator\n\nspacewalk-client-tools:\n\n- Update translation strings\n\nspacewalk-koan:\n\n- Fix for spacewalk-koan tests after switching to the new\n Docker images\n\nspacewalk-oscap:\n\n- No visible impact for the user\n\nsuseRegisterInfo:\n\n- No visible impact for the user\n\nuyuni-common-libs:\n\n- Handle broken RPM packages to prevent exceptions\n causing fails on repository synchronization (bsc#1186650)\n- Maintainer field in debian packages are only recommended (bsc#1186508)\n\n\nThis update was imported from the SUSE:SLE-15:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-1162", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1162-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:1162-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2SW3762PL7VO3NVHZJOSVYMKION77NYI/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:1162-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2SW3762PL7VO3NVHZJOSVYMKION77NYI/", }, { category: "self", summary: "SUSE Bug 1175478", url: "https://bugzilla.suse.com/1175478", }, { category: "self", summary: "SUSE Bug 1186242", url: "https://bugzilla.suse.com/1186242", }, { category: "self", summary: "SUSE Bug 1186508", url: "https://bugzilla.suse.com/1186508", }, { category: "self", summary: "SUSE Bug 1186581", url: "https://bugzilla.suse.com/1186581", }, { category: "self", summary: "SUSE Bug 1186650", url: "https://bugzilla.suse.com/1186650", }, { category: "self", summary: "SUSE Bug 1188846", url: "https://bugzilla.suse.com/1188846", }, { category: "self", summary: "SUSE CVE CVE-2021-27962 page", url: "https://www.suse.com/security/cve/CVE-2021-27962/", }, { category: "self", summary: "SUSE CVE CVE-2021-28146 page", url: "https://www.suse.com/security/cve/CVE-2021-28146/", }, { category: "self", summary: "SUSE CVE CVE-2021-28147 page", url: "https://www.suse.com/security/cve/CVE-2021-28147/", }, { category: "self", summary: "SUSE CVE CVE-2021-28148 page", url: "https://www.suse.com/security/cve/CVE-2021-28148/", }, { category: "self", summary: "SUSE CVE CVE-2021-29622 page", url: "https://www.suse.com/security/cve/CVE-2021-29622/", }, ], title: "Security update for SUSE Manager Client Tools", tracking: { current_release_date: "2021-08-17T10:06:47Z", generator: { date: "2021-08-17T10:06:47Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:1162-1", initial_release_date: "2021-08-17T10:06:47Z", revision_history: [ { date: "2021-08-17T10:06:47Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ansible-2.9.21-lp152.2.7.1.noarch", product: { name: "ansible-2.9.21-lp152.2.7.1.noarch", product_id: "ansible-2.9.21-lp152.2.7.1.noarch", }, }, { category: "product_version", name: "ansible-doc-2.9.21-lp152.2.7.1.noarch", product: { name: "ansible-doc-2.9.21-lp152.2.7.1.noarch", product_id: "ansible-doc-2.9.21-lp152.2.7.1.noarch", }, }, { category: "product_version", name: "ansible-test-2.9.21-lp152.2.7.1.noarch", product: { name: "ansible-test-2.9.21-lp152.2.7.1.noarch", product_id: "ansible-test-2.9.21-lp152.2.7.1.noarch", }, }, { category: "product_version", name: "dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", product: { name: "dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", product_id: "dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", product: { name: "golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", product_id: "golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ansible-2.9.21-lp152.2.7.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", }, product_reference: "ansible-2.9.21-lp152.2.7.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "ansible-doc-2.9.21-lp152.2.7.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", }, product_reference: "ansible-doc-2.9.21-lp152.2.7.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "ansible-test-2.9.21-lp152.2.7.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", }, product_reference: "ansible-test-2.9.21-lp152.2.7.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", }, product_reference: "dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", }, product_reference: "golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, ], }, vulnerabilities: [ { cve: "CVE-2021-27962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27962", }, ], notes: [ { category: "general", text: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27962", url: "https://www.suse.com/security/cve/CVE-2021-27962", }, { category: "external", summary: "SUSE Bug 1184371 for CVE-2021-27962", url: "https://bugzilla.suse.com/1184371", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-17T10:06:47Z", details: "moderate", }, ], title: "CVE-2021-27962", }, { cve: "CVE-2021-28146", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28146", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28146", url: "https://www.suse.com/security/cve/CVE-2021-28146", }, { category: "external", summary: "SUSE Bug 1183811 for CVE-2021-28146", url: "https://bugzilla.suse.com/1183811", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-17T10:06:47Z", details: "moderate", }, ], title: "CVE-2021-28146", }, { cve: "CVE-2021-28147", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28147", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28147", url: "https://www.suse.com/security/cve/CVE-2021-28147", }, { category: "external", summary: "SUSE Bug 1183809 for CVE-2021-28147", url: "https://bugzilla.suse.com/1183809", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-17T10:06:47Z", details: "moderate", }, ], title: "CVE-2021-28147", }, { cve: "CVE-2021-28148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28148", }, ], notes: [ { category: "general", text: "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28148", url: "https://www.suse.com/security/cve/CVE-2021-28148", }, { category: "external", summary: "SUSE Bug 1183813 for CVE-2021-28148", url: "https://bugzilla.suse.com/1183813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-17T10:06:47Z", details: "important", }, ], title: "CVE-2021-28148", }, { cve: "CVE-2021-29622", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-29622", }, ], notes: [ { category: "general", text: "Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-29622", url: "https://www.suse.com/security/cve/CVE-2021-29622", }, { category: "external", summary: "SUSE Bug 1186242 for CVE-2021-29622", url: "https://bugzilla.suse.com/1186242", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.2:ansible-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-doc-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:ansible-test-2.9.21-lp152.2.7.1.noarch", "openSUSE Leap 15.2:dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1.noarch", "openSUSE Leap 15.2:golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-17T10:06:47Z", details: "moderate", }, ], title: "CVE-2021-29622", }, ], }
opensuse-su-2021:2662-1
Vulnerability from csaf_opensuse
Published
2021-08-12 10:02
Modified
2021-08-12 10:02
Summary
Security update for grafana
Notes
Title of the patch
Security update for grafana
Description of the patch
This update for grafana fixes the following issues:
- CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803)
- Update to version 7.5.7:
* Updated relref to 'Configuring exemplars' section (#34240) (#34243)
* Added exemplar topic (#34147) (#34226)
* Quota: Do not count folders towards dashboard quota (#32519) (#34025)
* Instructions to separate emails with semicolons (#32499) (#34138)
* Docs: Remove documentation of v8 generic OAuth feature (#34018)
* Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975)
* [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935)
* ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936)
* Stop hoisting @icons/material (#33922)
* Chore: fix react-color version in yarn.lock (#33914)
* 'Release: Updated versions in package to 7.5.6' (#33909)
* Loki: fix label browser crashing when + typed (#33900) (#33901)
* Document `hide_version` flag (#33670) (#33881)
* Add isolation level db configuration parameter (#33830) (#33878)
* Sanitize PromLink button (#33874) (#33876)
* Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872)
* Docs feedback: /administration/provisioning.md (#33804) (#33842)
* Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851)
* Docs: Update _index.md (#33797) (#33799)
* Docs: Update installation.md (#33656) (#33703)
* GraphNG: uPlot 1.6.9 (#33598) (#33612)
* dont consider invalid email address a failed email (#33671) (#33681)
* InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625)
* add template for dashboard url parameters (#33549) (#33588)
* Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586)
* Update team.md (#33454) (#33536)
* Removed duplicate file 'dashboard_folder_permissions.md (#33497)
* Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495)
* ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492)
* Documentation: Update developer-guide.md (#33478) (#33490)
* add closed parenthesis to fix a hyperlink (#33471) (#33481)
- Update to version 7.5.5:
* 'Release: Updated versions in package to 7.5.5' (#33469)
* GraphNG: Fix exemplars window position (#33427) (#33462)
* Remove field limitation from slack notification (#33113) (#33455)
* Prometheus: Support POST in template variables (#33321) (#33441)
* Instrumentation: Add success rate metrics for email notifications (#33359) (#33409)
* Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406)
* Docs: Removed type from find annotations example. (#33399) (#33403)
* [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255)
* Updated label for add panel. (#33285) (#33286)
* Bug: Add git to Dockerfile.ubuntu (#33247) (#33248)
* Docs: Sync latest master docs with 7.5.x (#33156)
* Docs: Update getting-started-influxdb.md (#33234) (#33241)
* Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239)
* Minor Changes in Auditing.md (#31435) (#33238)
* Docs: Add license check endpoint doc (#32987) (#33236)
* Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219)
* Docs: InfluxDB doc improvements (#32815) (#33185)
* [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031)
* update cla (#33181)
* Fix inefficient regular expression (#33155) (#33159)
* Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136)
* Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128)
* Update team.md (#33060) (#33084)
* GE issue 1268 (#33049) (#33081)
* Fixed some formatting issues for PRs from yesterday. (#33078) (#33079)
* Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061)
* Docs: Replace next with latest in aliases (#33054) (#33059)
* Added missing link item. (#33052) (#33055)
* Backport 33034 (#33038)
* Docs: Backport 32916 to v7.5x (#33008)
* ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998)
* Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996)
* Docs: Sync release branch with latest docs (#32986)
- Update to version 7.5.4:
* 'Release: Updated versions in package to 7.5.4' (#32971)
* fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967)
* Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968)
* fix sqlite3 tx retry condition operator precedence (#32897) (#32952)
* AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947)
* Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945)
* GraphNG: uPlot 1.6.8 (#32859) (#32863)
* Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844)
* Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804)
* [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758)
* TablePanel: Makes sorting case-insensitive (#32435) (#32752)
- Update to version 7.5.3:
* 'Release: Updated versions in package to 7.5.3' (#32745)
* FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741)
* Loki: Remove empty annotations tags (#32359) (#32490)
* SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739)
* Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726)
* Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714)
* Variables: Confirms selection before opening new picker (#32586) (#32710)
* CloudWarch: Fix service quotas link (#32686) (#32689)
* Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598)
* chore: bump execa to v2.1.0 (#32543) (#32592)
* Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558)
* Fix broken gtime tests (#32582) (#32587)
* resolve conflicts (#32567)
* gtime: Make ParseInterval deterministic (#32539) (#32560)
* Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535)
* TextboxVariable: Limits the length of the preview value (#32472) (#32530)
* AdHocVariable: Adds default data source (#32470) (#32476)
* Variables: Fixes Unsupported data format error for null values (#32480) (#32487)
* Prometheus: align exemplars check to latest api change (#32513) (#32515)
* 'Release: Updated versions in package to 7.5.2' (#32502)
* SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488)
* Set spanNulls to default (#32471) (#32486)
* Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442)
* API: Return 409 on datasource version conflict (#32425) (#32433)
* API: Return 400 on invalid Annotation requests (#32429) (#32431)
* Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424)
* Table: Fixes so links work for image cells (#32370) (#32410)
* Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394)
* DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395)
* API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397)
* 'Release: Updated versions in package to 7.5.1' (#32362)
* MSSQL: Upgrade go-mssqldb (#32347) (#32361)
* GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348)
* 'Release: Updated versions in package to 7.5.0' (#32308)
* Loki: Fix text search in Label browser (#32293) (#32306)
* Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299)
* PieChartV2: Add migration from old piechart (#32259) (#32291)
* LibraryPanels: Adds Type and Description to DB (#32258) (#32288)
* LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284)
* Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281)
* LibraryPanels: Changes to non readonly reducer (#32193) (#32200)
* Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262)
* SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102)
* DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247)
* Logs: If log message missing, use empty string (#32080) (#32243)
* CloudWatch: Use latest version of aws sdk (#32217) (#32223)
* Release: Updated versions in package to 7.5.0-beta.2 (#32158)
* HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154)
* GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151)
* Fix loading timezone info on windows (#32029) (#32149)
* SQLStore: Close session in withDbSession (#31775) (#32108)
* Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148)
* GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125)
* MixedDataSource: Name is updated when data source variable changes (#32090) (#32144)
* Backport 32005 to v7.5.x #32128 (#32130)
* Loki: Label browser UI updates (#31737) (#32119)
* ValueMappings: Fixes value 0 not being mapped (#31924) (#31929)
* GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103)
* LibraryPanels: Improves the Get All experience (#32028) (#32093)
* Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032)
* Exemplars: always query exemplars (#31673) (#32024)
* [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055)
* Chore: Collect elasticsearch version usage stats (#31787) (#32063)
* Chore: Tidy up Go deps (#32053)
* GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066)
* Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060)
* [v7.5.x] Auth: Allow soft token revocation (#32037)
* Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036)
* Make master green (#32011) (#32015)
* Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982)
* Variables: Fixes filtering in picker with null items (#31979) (#31995)
* TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003)
* Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987)
* Loki: Fix type errors in language_provider (#31902) (#31945)
* PanelInspect: Interpolates variables in CSV file name (#31936) (#31977)
* Cloudwatch: use shared library for aws auth (#29550) (#31946)
* Tooltip: partial perf improvement (#31774) (#31837) (#31957)
* Backport 31913 to v7.5.x (#31955)
* Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938)
* Variables: Do not reset description on variable type change (#31933) (#31939)
* [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894)
* Elasticseach: Support histogram fields (#29079) (#31914)
* Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896)
* Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891)
* Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801)
* [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882)
* Run go mod tidy to update go.mod and go.sum (#31859)
* Grafana/ui: display all selected levels for Cascader (#31729) (#31862)
* CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861)
* Cloudwatch: ListMetrics API page limit (#31788) (#31851)
* Remove invalid attribute (#31848) (#31850)
* CloudWatch: Restrict auth provider and assume role usage according to… (#31845)
* CloudWatch: Add support for EC2 IAM role (#31804) (#31841)
* Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819)
* Variables: Improves inspection performance and unknown filtering (#31811) (#31813)
* Change piechart plugin state to beta (#31797) (#31798)
* ReduceTransform: Include series with numeric string names (#31763) (#31794)
* Annotations: Make the annotation clean up batch size configurable (#31487) (#31769)
* Fix escaping in ANSI and dynamic button removal (#31731) (#31767)
* DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718)
* log skipped, performed and duration for migrations (#31722) (#31754)
* Search: Make items more compact (#31734) (#31750)
* loki_datasource: add documentation to label_format and line_format (#31710) (#31746)
* Tempo: Convert tempo to backend data source2 (#31733)
* Elasticsearch: Fix script fields in query editor (#31681) (#31727)
* Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717)
* Admin: Keeps expired api keys visible in table after delete (#31636) (#31675)
* Tempo: set authentication header properly (#31699) (#31701)
* Tempo: convert to backend data source (#31618) (#31695)
* Update package.json (#31672)
* Release: Bump version to 7.5.0-beta.1 (#31664)
* Fix whatsNewUrl version to 7.5 (#31666)
* Chore: add alias for what's new 7.5 (#31669)
* Docs: Update doc for PostgreSQL authentication (#31434)
* Docs: document report template variables (#31637)
* AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633)
* Color: Fixes issue where colors where reset to gray when switch panels (#31611)
* Live: Use pure WebSocket transport (#31630)
* Docs: Fix broken image link (#31661)
* Docs: Add Whats new in 7.5 (#31659)
* Docs: Fix links for 7.5 (#31658)
* Update enterprise-configuration.md (#31656)
* Explore/Logs: Escaping of incorrectly escaped log lines (#31352)
* Tracing: Small improvements to trace types (#31646)
* Update _index.md (#31645)
* AlertingNG: code refactoring (#30787)
* Remove pkill gpg-agent (#31169)
* Remove format for plugin routes (#31633)
* Library Panels: Change unsaved change detection logic (#31477)
* CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624)
* add new metrics and dimensions (#31595)
* fix devenv dashboard content typo (#31583)
* DashList: Sort starred and searched dashboard alphabetically (#31605)
* Docs: Update whats-new-in-v7-4.md (#31612)
* SSE: Add 'Classic Condition' on backend (#31511)
* InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259)
* Alerting: PagerDuty: adding current state to the payload (#29270)
* devenv: Fix typo (#31589)
* Loki: Label browser (#30351)
* LibraryPanels: No save modal when user is on same dashboard (#31606)
* Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603)
* Update node-graph.md (#31571)
* test: pass Cypress options objects into selector wrappers (#31567)
* Loki: Add support for alerting (#31424)
* Tracing: Specify type of the data frame that is expected for TraceView (#31465)
* LibraryPanels: Adds version column (#31590)
* PieChart: Add color changing options to pie chart (#31588)
* Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558)
* Bring back correct legend sizing afer PlotLegend refactor (#31582)
* Alerting: Fix bug in Discord for when name for metric value is absent (#31257)
* LibraryPanels: Deletes library panels during folder deletion (#31572)
* chore: bump lodash to 4.17.21 (#31549)
* Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518)
* TestData: Fixes never ending annotations scenario (#31573)
* CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498)
* propagate plugin unavailable message to UI (#31560)
* ConfirmButton: updates story from knobs to controls (#31476)
* Loki: Refactor line limit to use grafana/ui component (#31509)
* LibraryPanels: Adds folder checks and permissions (#31473)
* Add guide on custom option editors (#31254)
* PieChart: Update text color and minor changes (#31546)
* Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036)
* Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210)
* PieChart: Improve piechart legend and options (#31446)
* Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538)
* Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539)
* Add multiselect options ui (#31501)
* Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516)
* Variables: Fixes error with: cannot read property length of undefined (#31458)
* Explore: Show ANSI colored logs in logs context (#31510)
* LogsPanel: Show all received logs (#31505)
* AddPanel: Design polish (#31484)
* TimeSeriesPanel: Remove unnecessary margin from legend (#31467)
* influxdb: flux: handle is-hidden (#31324)
* Graph: Fix tooltip not showing when close to the edge of viewport (#31493)
* FolderPicker: Remove useNewForms from FolderPicker (#31485)
* Add reportVariables feature toggle (#31469)
* Grafana datasource: support multiple targets (#31495)
* Update license-restrictions.md (#31488)
* Docs: Derived fields links in logs detail view (#31482)
* Docs: Add new data source links to Enterprise page (#31480)
* Convert annotations to dataframes (#31400)
* ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475)
* GrafanaUI: Fixes typescript error for missing css prop (#31479)
* Login: handle custom token creation error messages (#31283)
* Library Panels: Don't list current panel in available panels list (#31472)
* DashboardSettings: Migrate Link Settings to React (#31150)
* Frontend changes for library panels feature (#30653)
* Alerting notifier SensuGo: improvements in default message (#31428)
* AppPlugins: Options to disable showing config page in nav (#31354)
* add aws config (#31464)
* Heatmap: Fix missing/wrong value in heatmap legend (#31430)
* Chore: Fixes small typos (#31461)
* Graphite/SSE: update graphite to work with server side expressions (#31455)
* update the lastest version to 7.4.3 (#31457)
* ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454)
* AWS: Add aws plugin configuration (#31312)
* Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452)
* Remove UserSyncInfo.tsx (#31450)
* Elasticsearch: Add word highlighting to search results (#30293)
* Chore: Fix eslint react hook warnings in grafana-ui (#31092)
* CloudWatch: Make it possible to specify custom api endpoint (#31402)
* Chore: fixed incorrect naming for disable settings (#31448)
* TraceViewer: Fix show log marker in spanbar (#30742)
* LibraryPanels: Adds permissions to getAllHandler (#31416)
* NamedColorsPalette: updates story from knobs to controls (#31443)
* 'Release: Updated versions in package to 7.4.3' (#31444)
* ColorPicker: updates story from knobs to controls (#31429)
* Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431)
* ClipboardButton: updates story from knobs to controls (#31422)
* we should never log unhashed tokens (#31432)
* CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407)
* Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322)
* Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353)
* CloudWatch: Added AWS Ground Station metrics and dimensions (#31362)
* TraceViewer: Fix trace to logs icon to show in right pane (#31414)
* add hg team as migrations code owners (#31420)
* Remove tidy-check script (#31423)
* InfluxDB: handle columns named 'table' (#30985)
* Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401)
* Devenv: Add gdev-influxdb2 data source (#31250)
* Update grabpl from 0.5.38 to 0.5.42 version (#31419)
* Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421)
* remove squadcast details from docs (#31413)
* Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297)
* Logging: add frontend logging helpers to @grafana/runtime package (#30482)
* CallToActionCard: updates story from knobs to controls (#31393)
* Add eu-south-1 cloudwatch region, closes #31197 (#31198)
* Chore: Upgrade eslint packages (#31408)
* Cascader: updates story from knobs to controls (#31399)
* addressed issues 28763 and 30314. (#31404)
* Added section Query a time series database by id (#31337)
* Prometheus: Change default httpMethod for new instances to POST (#31292)
* Data source list: Use Card component (#31326)
* Chore: Remove gotest.tools dependency (#31391)
* Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388)
* Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387)
* AdHocVariables: Fixes crash when values are stored as numbers (#31382)
* Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379)
* Chore: Fix strict errors, down to 416 (#31365)
* Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378)
* StoryBook: Introduces Grafana Controls (#31351)
* ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313)
* Theming: Support for runtime theme switching and hooks for custom themes (#31301)
* Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282)
* Zipkin: Show success on test data source (#30829)
* Update grot template (needs more info) (#31350)
* DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347)
* TimeSeriesPanel: Fixes overlapping time axis ticks (#31332)
* Grafana/UI: Add basic legend to the PieChart (#31278)
* SAML: single logout only enabled in enterprise (#31325)
* QueryEditor: handle query.hide changes in angular based query-editors (#31336)
* DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334)
* LibraryPanels: Syncs panel title with name (#31311)
* Chore: Upgrade golangci-lint (#31330)
* Add info to docs about concurrent session limits (#31333)
* Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316)
* BarGuage: updates story from knobs to controls (#31223)
* Docs: Clarifies how to add Key/Value pairs (#31303)
* Usagestats: Exclude folders from total dashboard count (#31320)
* ButtonCascader: updates story from knobs to controls (#31288)
* test: allow check for Table as well as Graph for Explore e2e flow (#31290)
* Grafana-UI: Update tooltip type (#31310)
* fix 7.4.2 release note (#31299)
* Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285)
* Chore: reduce strict errors for variables (#31241)
* update latest release version (#31296)
* ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291)
* Correct name of Discord notifier tests (#31277)
* Docs: Clarifies custom date formats for variables (#31271)
* BigValue: updates story from knobs to controls (#31240)
* Docs: Annotations update (#31194)
* Introduce functions for interacting with library panels API (#30993)
* Search: display sort metadata (#31167)
* Folders: Editors should be able to edit name and delete folders (#31242)
* Make Datetime local (No date if today) working (#31274)
* UsageStats: Purpose named variables (#31264)
* Snapshots: Disallow anonymous user to create snapshots (#31263)
* only update usagestats every 30min (#31131)
* Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701)
* Grafana-UI: Add id to Select to make it easier to test (#31230)
* Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055)
* UI/Card: Fix handling of 'onClick' callback (#31225)
* Loki: Add line limit for annotations (#31183)
* Remove deprecated and breaking loki config field (#31227)
* SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236)
* LibraryPanels: Disconnect before connect during dashboard save (#31235)
* Disable Change Password for OAuth users (#27886)
* TagsInput: Design update and component refactor (#31163)
* Variables: Adds back default option for data source variable (#31208)
* IPv6: Support host address configured with enclosing square brackets (#31226)
* Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179)
* GraphNG: refactor core to class component (#30941)
* Remove last synchronisation field from LDAP debug view (#30984)
* Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975)
* Graph: Make axes unit option work even when field option unit is set (#31205)
* AlertingNG: Test definition (#30886)
* Docs: Update Influx config options (#31146)
* WIP: Skip this call when we skip migrations (#31216)
* use 0.1.0 (#31215)
* DataSourceSrv: Filter out non queryable data sources by default (#31144)
* QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193)
* Chore: report eslint no-explicit-any errors to metrics (#31182)
* Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211)
* Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773)
* Alerting: Fix modal text for deleting obsolete notifier (#31171)
* Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204)
* Variables: Fixes missing empty elements from regex filters (#31156)
* StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126)
* Fixed the typo. (#31189)
* Docs: Rewrite preferences docs (#31154)
* Explore/Refactor: Simplify URL handling (#29173)
* DashboardLinks: Fixes links always cause full page reload (#31178)
* Replace PR with Commit truncated hash when build fails (#31177)
* Alert: update story to use controls (#31145)
* Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132)
* CloudWatch: Ensure empty query row errors are not passed to the panel (#31172)
* Update prometheus.md (#31173)
* Variables: Extend option pickers to accept custom onChange callback (#30913)
* Prometheus: Multiply exemplars timestamp to follow api change (#31143)
* DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160)
* Add author name and pr number in drone pipeline notifications (#31124)
* Prometheus: Add documentation for ad-hoc filters (#31122)
* DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135)
* Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079)
* Chore: Update latest.json (#31139)
* Docs: add 7.4.1 relese notes link (#31137)
* PieChart: Progress on new core pie chart (#28020)
* ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133)
* Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989)
* Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121)
* MuxWriter: Handle error for already closed file (#31119)
* Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115)
* Search: add sort information in dashboard results (#30609)
* area/grafana/e2e: ginstall should pull version specified (#31056)
* Exemplars: Change CTA style (#30880)
* Influx: Make max series limit configurable and show the limiting message if applied (#31025)
* Docs: request security (#30937)
* update configurePanel for 7.4.0 changes (#31093)
* Elasticsearch: fix log row context erroring out (#31088)
* Prometheus: Fix issues with ad-hoc filters (#30931)
* LogsPanel: Add deduplication option for logs (#31019)
* Drone: Make sure CDN upload is ok before pushing docker images (#31075)
* PluginManager: Remove some global state (#31081)
* test: update addDashboard flow for v7.4.0 changes (#31059)
* Transformations: Fixed typo in FilterByValue transformer description. (#31078)
* Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074)
* Usage stats: Adds source/distributor setting (#31039)
* CDN: Add CDN upload step to enterprise and release pipelines (#31058)
* Chore: Replace native select with grafana ui select (#31030)
* Docs: Update json-model.md (#31066)
* Docs: Update whats-new-in-v7-4.md (#31069)
* Added hyperlinks to Graphite documentation (#31064)
* DashboardSettings: Update to new form styles (#31022)
* CDN: Fixing drone CI config (#31052)
* convert path to posix by default (#31045)
* DashboardLinks: Fixes crash when link has no title (#31008)
* Alerting: Fixes so notification channels are properly deleted (#31040)
* Explore: Remove emotion error when displaying logs (#31026)
* Elasticsearch: Fix alias field value not being shown in query editor (#30992)
* CDN: Adds uppload to CDN step to drone CI (#30879)
* Improved glossary (#31004)
* BarGauge: Improvements to value sizing and table inner width calculations (#30990)
* Drone: Fix deployment image (#31027)
* ColorPicker: migrated styles from sass to emotion (#30909)
* Dashboard: Migrate general settings to react (#30914)
* Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018)
* Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966)
* Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017)
* Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013)
* Graph: Fixes so graph is shown for non numeric time values (#30972)
* CloudMonitoring: Prevent resource type variable function from crashing (#30901)
* Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971)
* Build: Releases e2e and e2e-selectors too (#31006)
* TextPanel: Fixes so panel title is updated when variables change (#30884)
* Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000)
* instrumentation: make the first database histogram bucket smaller (#30995)
* Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt… (#30988)
* StatPanel: Fixes issue formatting date values using unit option (#30979)
* Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973)
* Units: Fixes formatting of duration units (#30982)
* Elasticsearch: Show Size setting for raw_data metric (#30980)
* Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935)
* make sure service and slo display name is passed to segment comp (#30900)
* assign changes in cloud datasources to the new cloud datasources team (#30645)
* Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927)
* Theme: Use higher order theme color variables rather then is light/dark logic (#30939)
* Docs: Add alias for what's new in 7.4 (#30945)
* e2e: extends selector factory to plugins (#30932)
* Chore: Upgrade docker build image (#30820)
* Docs: updated developer guide (#29978)
* Alerts: Update Alert storybook to show more states (#30908)
* Variables: Adds queryparam formatting option (#30858)
* Chore: pad unknown values with undefined (#30808)
* Transformers: add search to transform selection (#30854)
* Exemplars: change api to reflect latest changes (#30910)
* docs: use selinux relabelling on docker containers (#27685)
* Docs: Fix bad image path for alert notification template (#30911)
* Make value mappings correctly interpret numeric-like strings (#30893)
* Chore: Update latest.json (#30905)
* Docs: Update whats-new-in-v7-4.md (#30882)
* Dashboard: Ignore changes to dashboard when the user session expires (#30897)
* ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902)
* test: add support for timeout to be passed in for addDatasource (#30736)
* increase page size and make sure the cache supports query params (#30892)
* DataSourceSettings: Adds info box and link to Grafana Cloud (#30891)
* OAuth: custom username docs (#28400)
* Panels: Remove value mapping of values that have been formatted #26763 (#30868)
* Alerting: Fixes alert panel header icon not showing (#30840)
* AlertingNG: Edit Alert Definition (#30676)
* Logging: sourcemap support for frontend stacktraces (#30590)
* Added 'Restart Grafana' topic. (#30844)
* Docs: Org, Team, and User Admin (#30756)
* bump grabpl version to 0.5.36 (#30874)
* Plugins: Requests validator (#30445)
* Docs: Update whats-new-in-v7-4.md (#30876)
* Docs: Add server view folder (#30849)
* Fixed image name and path (#30871)
* Grafana-ui: fixes closing modals with escape key (#30745)
* InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827)
* TestData: Fixes issue with for ever loading state when all queries are hidden (#30861)
* Chart/Tooltip: refactored style declaration (#30824)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853)
* Grafana-ui: fixes no data message in Table component (#30821)
* grafana/ui: Update pagination component for large number of pages (#30151)
* Alerting: Customise OK notification priorities for Pushover notifier (#30169)
* DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569)
* Chore: Remove panelTime.html, closes #30097 (#30842)
* Docs: Time series panel, bar alignment docs (#30780)
* Chore: add more docs annotations (#30847)
* Transforms: allow boolean in field calculations (#30802)
* Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825)
* Update prometheus.md with image link fix (#30833)
* BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806)
* Update license-expiration.md (#30839)
* Explore rewrite (#30804)
* Prometheus: Set type of labels to string (#30831)
* GrafanaUI: Add a way to persistently close InfoBox (#30716)
* Fix typo in transformer registry (#30712)
* Elasticsearch: Display errors with text responses (#30122)
* CDN: Fixes cdn path when Grafana is under sub path (#30822)
* TraceViewer: Fix lazy loading (#30700)
* FormField: migrated sass styling to emotion (#30392)
* AlertingNG: change API permissions (#30781)
* Variables: Clears drop down state when leaving dashboard (#30810)
* Grafana-UI: Add story/docs for ErrorBoundary (#30304)
* Add missing callback dependency (#30797)
* PanelLibrary: Adds library panel meta information to dashboard json (#30770)
* Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343)
* Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771)
* GraphNG: improve behavior when switching between solid/dash/dots (#30796)
* Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778)
* Add width for Variable Editors (#30791)
* Chore: Remove warning when calling resource (#30752)
* Auth: Use SigV4 lib from grafana-aws-sdk (#30713)
* Panels: Fixes so panels are refreshed when scrolling past them fast (#30784)
* GraphNG: add bar alignment option (#30499)
* Expressions: Measure total transformation requests and elapsed time (#30514)
* Menu: Mark menu components as internal (#30740)
* TableInputCSV: migrated styles from sass to emotion (#30554)
* CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777)
* Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772)
* CDN: Adds support for serving assets over a CDN (#30691)
* PanelEdit: Trigger refresh when changing data source (#30744)
* Chore: remove __debug_bin (#30725)
* BarChart: add alpha bar chart panel (#30323)
* Docs: Time series panel (#30690)
* Backend Plugins: Convert test data source to use SDK contracts (#29916)
* Docs: Update whats-new-in-v7-4.md (#30747)
* Add link to Elasticsearch docs. (#30748)
* Mobile: Fixes issue scrolling on mobile in chrome (#30746)
* TagsInput: Make placeholder configurable (#30718)
* Docs: Add config settings for fonts in reporting (#30421)
* Add menu.yaml to .gitignore (#30743)
* bump cypress to 6.3.0 (#30644)
* Datasource: Use json-iterator configuration compatible with standard library (#30732)
* AlertingNG: Update UX to use new PageToolbar component (#30680)
* Docs: Add usage insights export feature (#30376)
* skip symlinks to directories when generating plugin manifest (#30721)
* PluginCiE2E: Upgrade base images (#30696)
* Variables: Fixes so text format will show All instead of custom all (#30730)
* PanelLibrary: better handling of deleted panels (#30709)
* Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724)
* Added 'curated dashboards' information and broke down, rearranged topics. (#30659)
* Transform: improve the 'outer join' performance/behavior (#30407)
* Add alt text to plugin logos (#30710)
* Deleted menu.yaml file (#30717)
* Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000)
* Added entry for web server. (#30715)
* DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706)
* Use connected GraphNG in Explore (#30707)
* Fix documentation for streaming data sources (#30704)
* PanelLibrary: changes casing of responses and adds meta property (#30668)
* Influx: Show all datapoints for dynamically windowed flux query (#30688)
* Trace: trace to logs design update (#30637)
* DeployImage: Switch base images to Debian (#30684)
* Chore: remove CSP debug logging line (#30689)
* Docs: 7.4 documentation for expressions (#30524)
* PanelEdit: Get rid of last remaining usage of navbar-button (#30682)
* Grafana-UI: Fix setting default value for MultiSelect (#30671)
* CustomScrollbar: migrated styles from sass to emotion (#30506)
* DashboardSettings & PanelEdit: Use new PageToolbar (#30675)
* Explore: Fix jumpy live tailing (#30650)
* ci(npm-publish): add missing github package token to env vars (#30665)
* PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588)
* AlertingNG: pause/unpause definitions via the API (#30627)
* Docs: Refer to product docs in whats new for alerting templating feature (#30652)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666)
* Variables: Fixes display value when using capture groups in regex (#30636)
* Docs: Update _index.md (#30655)
* Docs: Auditing updates (#30433)
* Docs: add hidden_users configuration field (#30435)
* Docs: Define TLS/SSL terminology (#30533)
* Docs: Fix expressions enabled description (#30589)
* Docs: Update ES screenshots (#30598)
* Licensing Docs: Adding license restrictions docs (#30216)
* Update documentation-style-guide.md (#30611)
* Docs: Update queries.md (#30616)
* chore(grafana-ui): bump storybook to 6.1.15 (#30642)
* DashboardSettings: fixes vertical scrolling (#30640)
* Usage Stats: Remove unused method for getting user stats (#30074)
* Grafana/UI: Unit picker should not set a category as unit (#30638)
* Graph: Fixes auto decimals issue in legend and tooltip (#30628)
* AlertingNG: List saved Alert definitions in Alert Rule list (#30603)
* chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605)
* Grafana/UI: Add disable prop to Segment (#30539)
* Variables: Fixes so queries work for numbers values too (#30602)
* Admin: Fixes so form values are filled in from backend (#30544)
* Docs: Add new override info and add whats new 7.4 links (#30615)
* TestData: Improve what's new in v7.4 (#30612)
* Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502)
* NodeGraph: Add docs (#30504)
* Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517)
* TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570)
* Update styling.md guide (#30594)
* TestData: Adding what's new in v7.4 to the devenv dashboards (#30568)
* Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583)
* Chore(deps): Bump github.com/prometheus/client_golang (#30585)
* Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587)
* Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584)
* Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572)
* RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474)
* Add documentation for Exemplars (#30317)
* OldGraph: Fix height issue in Firefox (#30565)
* XY Chart: fix editor error with empty frame (no fields) (#30573)
* ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510)
* XY Chart: share legend config with timeseries (#30559)
* configuration.md: Document Content Security Policy options (#30413)
* DataFrame: cache frame/field index in field state (#30529)
* List + before -; rm old Git ref; reformat. (#30543)
* Expressions: Add option to disable feature (#30541)
* Explore: Fix loading visualisation on the top of the new time series panel (#30553)
* Prometheus: Fix show query instead of Value if no __name__ and metric (#30511)
* Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519)
* Postgres: Convert tests to stdlib (#30536)
* Storybook: Migrate card story to use controls (#30535)
* AlertingNG: Enable UI to Save Alert Definitions (#30394)
* Postgres: Be consistent about TLS/SSL terminology (#30532)
* Loki: Append refId to logs uid (#30418)
* Postgres: Fix indentation (#30531)
* GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527)
* updates for e2e docker image (#30465)
* GraphNG: uPlot 1.6.2 (#30521)
* Docs: Update whats-new-in-v7-4.md (#30520)
* Prettier: ignore build and devenv dirs (#30501)
* Chore: Upgrade grabpl version (#30486)
* Explore: Update styling of buttons (#30493)
* Cloud Monitoring: Fix legend naming with display name override (#30440)
* GraphNG: Disable Plot logging by default (#30390)
* Admin: Fixes so whole org drop down is visible when adding users to org (#30481)
* Docs: include Makefile option for local assets (#30455)
* Footer: Fixes layout issue in footer (#30443)
* TimeSeriesPanel: Fixed default value for gradientMode (#30484)
* Docs: fix typo in what's new doc (#30489)
* Chore: adds wait to e2e test (#30488)
* chore: update packages dependent on dot-prop to fix security vulnerability (#30432)
* Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480)
* Chore: fix spelling mistake (#30473)
* Chore: Restrict internal imports from other packages (#30453)
* Docs: What's new fixes and improvements (#30469)
* Timeseries: only migrage point size when configured (#30461)
* Alerting: Hides threshold handle for percentual thresholds (#30431)
* Graph: Fixes so only users with correct permissions can add annotations (#30419)
* Chore: update latest version to 7.4.0-beta1 (#30452)
* Docs: Add whats new 7.4 links (#30463)
* Update whats-new-in-v7-4.md (#30460)
* docs: 7.4 what's new (Add expressions note) (#30446)
* Chore: Upgrade build pipeline tool (#30456)
* PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441)
* Expressions: Fix button icon (#30444)
* ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449)
* Docs: Fix img link for alert notification template (#30436)
* grafana/ui: Fix internal import from grafana/data (#30439)
* prevent field config from being overwritten (#30437)
* PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389)
* Dashboard: Remove template variables option from ShareModal (#30395)
* Added doc content for variables inspector code change by Hugo (#30408)
* Docs: update license expiration behavior for reporting (#30420)
* Chore: use old version format in package.json (#30430)
* Chore: upgrade NPM security vulnerabilities (#30397)
* 'Release: Updated versions in package to 7.5.0-pre.0' (#30428)
* contribute: Add backend and configuration guidelines for PRs (#30426)
* Chore: Update what's new URL (#30424)
- Update to version 7.4.5
- CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809)
- CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813)
- CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371)
Patchnames
openSUSE-SLE-15.3-2021-2662
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grafana", title: "Title of the patch", }, { category: "description", text: "This update for grafana fixes the following issues:\n\n- CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803)\n- Update to version 7.5.7:\n * Updated relref to 'Configuring exemplars' section (#34240) (#34243)\n * Added exemplar topic (#34147) (#34226)\n * Quota: Do not count folders towards dashboard quota (#32519) (#34025)\n * Instructions to separate emails with semicolons (#32499) (#34138)\n * Docs: Remove documentation of v8 generic OAuth feature (#34018)\n * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975)\n * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935)\n * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936)\n * Stop hoisting @icons/material (#33922)\n * Chore: fix react-color version in yarn.lock (#33914)\n * 'Release: Updated versions in package to 7.5.6' (#33909)\n * Loki: fix label browser crashing when + typed (#33900) (#33901)\n * Document `hide_version` flag (#33670) (#33881)\n * Add isolation level db configuration parameter (#33830) (#33878)\n * Sanitize PromLink button (#33874) (#33876)\n * Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872)\n * Docs feedback: /administration/provisioning.md (#33804) (#33842)\n * Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851)\n * Docs: Update _index.md (#33797) (#33799)\n * Docs: Update installation.md (#33656) (#33703)\n * GraphNG: uPlot 1.6.9 (#33598) (#33612)\n * dont consider invalid email address a failed email (#33671) (#33681)\n * InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625)\n * add template for dashboard url parameters (#33549) (#33588)\n * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586)\n * Update team.md (#33454) (#33536)\n * Removed duplicate file 'dashboard_folder_permissions.md (#33497)\n * Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495)\n * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492)\n * Documentation: Update developer-guide.md (#33478) (#33490)\n * add closed parenthesis to fix a hyperlink (#33471) (#33481)\n\n- Update to version 7.5.5:\n * 'Release: Updated versions in package to 7.5.5' (#33469)\n * GraphNG: Fix exemplars window position (#33427) (#33462)\n * Remove field limitation from slack notification (#33113) (#33455)\n * Prometheus: Support POST in template variables (#33321) (#33441)\n * Instrumentation: Add success rate metrics for email notifications (#33359) (#33409)\n * Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406)\n * Docs: Removed type from find annotations example. (#33399) (#33403)\n * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255)\n * Updated label for add panel. (#33285) (#33286)\n * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248)\n * Docs: Sync latest master docs with 7.5.x (#33156)\n * Docs: Update getting-started-influxdb.md (#33234) (#33241)\n * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239)\n * Minor Changes in Auditing.md (#31435) (#33238)\n * Docs: Add license check endpoint doc (#32987) (#33236)\n * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219)\n * Docs: InfluxDB doc improvements (#32815) (#33185)\n * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031)\n * update cla (#33181)\n * Fix inefficient regular expression (#33155) (#33159)\n * Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136)\n * Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128)\n * Update team.md (#33060) (#33084)\n * GE issue 1268 (#33049) (#33081)\n * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079)\n * Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061)\n * Docs: Replace next with latest in aliases (#33054) (#33059)\n * Added missing link item. (#33052) (#33055)\n * Backport 33034 (#33038)\n * Docs: Backport 32916 to v7.5x (#33008)\n * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998)\n * Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996)\n * Docs: Sync release branch with latest docs (#32986)\n\n- Update to version 7.5.4:\n * 'Release: Updated versions in package to 7.5.4' (#32971)\n * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967)\n * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968)\n * fix sqlite3 tx retry condition operator precedence (#32897) (#32952)\n * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947)\n * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945)\n * GraphNG: uPlot 1.6.8 (#32859) (#32863)\n * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844)\n * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804)\n * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758)\n * TablePanel: Makes sorting case-insensitive (#32435) (#32752)\n\n- Update to version 7.5.3:\n * 'Release: Updated versions in package to 7.5.3' (#32745)\n * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741)\n * Loki: Remove empty annotations tags (#32359) (#32490)\n * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739)\n * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726)\n * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714)\n * Variables: Confirms selection before opening new picker (#32586) (#32710)\n * CloudWarch: Fix service quotas link (#32686) (#32689)\n * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598)\n * chore: bump execa to v2.1.0 (#32543) (#32592)\n * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558)\n * Fix broken gtime tests (#32582) (#32587)\n * resolve conflicts (#32567)\n * gtime: Make ParseInterval deterministic (#32539) (#32560)\n * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535)\n * TextboxVariable: Limits the length of the preview value (#32472) (#32530)\n * AdHocVariable: Adds default data source (#32470) (#32476)\n * Variables: Fixes Unsupported data format error for null values (#32480) (#32487)\n * Prometheus: align exemplars check to latest api change (#32513) (#32515)\n * 'Release: Updated versions in package to 7.5.2' (#32502)\n * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488)\n * Set spanNulls to default (#32471) (#32486)\n * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442)\n * API: Return 409 on datasource version conflict (#32425) (#32433)\n * API: Return 400 on invalid Annotation requests (#32429) (#32431)\n * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424)\n * Table: Fixes so links work for image cells (#32370) (#32410)\n * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394)\n * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395)\n * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397)\n * 'Release: Updated versions in package to 7.5.1' (#32362)\n * MSSQL: Upgrade go-mssqldb (#32347) (#32361)\n * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348)\n * 'Release: Updated versions in package to 7.5.0' (#32308)\n * Loki: Fix text search in Label browser (#32293) (#32306)\n * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299)\n * PieChartV2: Add migration from old piechart (#32259) (#32291)\n * LibraryPanels: Adds Type and Description to DB (#32258) (#32288)\n * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284)\n * Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281)\n * LibraryPanels: Changes to non readonly reducer (#32193) (#32200)\n * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262)\n * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102)\n * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247)\n * Logs: If log message missing, use empty string (#32080) (#32243)\n * CloudWatch: Use latest version of aws sdk (#32217) (#32223)\n * Release: Updated versions in package to 7.5.0-beta.2 (#32158)\n * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154)\n * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151)\n * Fix loading timezone info on windows (#32029) (#32149)\n * SQLStore: Close session in withDbSession (#31775) (#32108)\n * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148)\n * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125)\n * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144)\n * Backport 32005 to v7.5.x #32128 (#32130)\n * Loki: Label browser UI updates (#31737) (#32119)\n * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929)\n * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103)\n * LibraryPanels: Improves the Get All experience (#32028) (#32093)\n * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032)\n * Exemplars: always query exemplars (#31673) (#32024)\n * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055)\n * Chore: Collect elasticsearch version usage stats (#31787) (#32063)\n * Chore: Tidy up Go deps (#32053)\n * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066)\n * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060)\n * [v7.5.x] Auth: Allow soft token revocation (#32037)\n * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036)\n * Make master green (#32011) (#32015)\n * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982)\n * Variables: Fixes filtering in picker with null items (#31979) (#31995)\n * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003)\n * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987)\n * Loki: Fix type errors in language_provider (#31902) (#31945)\n * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977)\n * Cloudwatch: use shared library for aws auth (#29550) (#31946)\n * Tooltip: partial perf improvement (#31774) (#31837) (#31957)\n * Backport 31913 to v7.5.x (#31955)\n * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938)\n * Variables: Do not reset description on variable type change (#31933) (#31939)\n * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894)\n * Elasticseach: Support histogram fields (#29079) (#31914)\n * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896)\n * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891)\n * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801)\n * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882)\n * Run go mod tidy to update go.mod and go.sum (#31859)\n * Grafana/ui: display all selected levels for Cascader (#31729) (#31862)\n * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861)\n * Cloudwatch: ListMetrics API page limit (#31788) (#31851)\n * Remove invalid attribute (#31848) (#31850)\n * CloudWatch: Restrict auth provider and assume role usage according to… (#31845)\n * CloudWatch: Add support for EC2 IAM role (#31804) (#31841)\n * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819)\n * Variables: Improves inspection performance and unknown filtering (#31811) (#31813)\n * Change piechart plugin state to beta (#31797) (#31798)\n * ReduceTransform: Include series with numeric string names (#31763) (#31794)\n * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769)\n * Fix escaping in ANSI and dynamic button removal (#31731) (#31767)\n * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718)\n * log skipped, performed and duration for migrations (#31722) (#31754)\n * Search: Make items more compact (#31734) (#31750)\n * loki_datasource: add documentation to label_format and line_format (#31710) (#31746)\n * Tempo: Convert tempo to backend data source2 (#31733)\n * Elasticsearch: Fix script fields in query editor (#31681) (#31727)\n * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717)\n * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675)\n * Tempo: set authentication header properly (#31699) (#31701)\n * Tempo: convert to backend data source (#31618) (#31695)\n * Update package.json (#31672)\n * Release: Bump version to 7.5.0-beta.1 (#31664)\n * Fix whatsNewUrl version to 7.5 (#31666)\n * Chore: add alias for what's new 7.5 (#31669)\n * Docs: Update doc for PostgreSQL authentication (#31434)\n * Docs: document report template variables (#31637)\n * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633)\n * Color: Fixes issue where colors where reset to gray when switch panels (#31611)\n * Live: Use pure WebSocket transport (#31630)\n * Docs: Fix broken image link (#31661)\n * Docs: Add Whats new in 7.5 (#31659)\n * Docs: Fix links for 7.5 (#31658)\n * Update enterprise-configuration.md (#31656)\n * Explore/Logs: Escaping of incorrectly escaped log lines (#31352)\n * Tracing: Small improvements to trace types (#31646)\n * Update _index.md (#31645)\n * AlertingNG: code refactoring (#30787)\n * Remove pkill gpg-agent (#31169)\n * Remove format for plugin routes (#31633)\n * Library Panels: Change unsaved change detection logic (#31477)\n * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624)\n * add new metrics and dimensions (#31595)\n * fix devenv dashboard content typo (#31583)\n * DashList: Sort starred and searched dashboard alphabetically (#31605)\n * Docs: Update whats-new-in-v7-4.md (#31612)\n * SSE: Add 'Classic Condition' on backend (#31511)\n * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259)\n * Alerting: PagerDuty: adding current state to the payload (#29270)\n * devenv: Fix typo (#31589)\n * Loki: Label browser (#30351)\n * LibraryPanels: No save modal when user is on same dashboard (#31606)\n * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603)\n * Update node-graph.md (#31571)\n * test: pass Cypress options objects into selector wrappers (#31567)\n * Loki: Add support for alerting (#31424)\n * Tracing: Specify type of the data frame that is expected for TraceView (#31465)\n * LibraryPanels: Adds version column (#31590)\n * PieChart: Add color changing options to pie chart (#31588)\n * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558)\n * Bring back correct legend sizing afer PlotLegend refactor (#31582)\n * Alerting: Fix bug in Discord for when name for metric value is absent (#31257)\n * LibraryPanels: Deletes library panels during folder deletion (#31572)\n * chore: bump lodash to 4.17.21 (#31549)\n * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518)\n * TestData: Fixes never ending annotations scenario (#31573)\n * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498)\n * propagate plugin unavailable message to UI (#31560)\n * ConfirmButton: updates story from knobs to controls (#31476)\n * Loki: Refactor line limit to use grafana/ui component (#31509)\n * LibraryPanels: Adds folder checks and permissions (#31473)\n * Add guide on custom option editors (#31254)\n * PieChart: Update text color and minor changes (#31546)\n * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036)\n * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210)\n * PieChart: Improve piechart legend and options (#31446)\n * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538)\n * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539)\n * Add multiselect options ui (#31501)\n * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516)\n * Variables: Fixes error with: cannot read property length of undefined (#31458)\n * Explore: Show ANSI colored logs in logs context (#31510)\n * LogsPanel: Show all received logs (#31505)\n * AddPanel: Design polish (#31484)\n * TimeSeriesPanel: Remove unnecessary margin from legend (#31467)\n * influxdb: flux: handle is-hidden (#31324)\n * Graph: Fix tooltip not showing when close to the edge of viewport (#31493)\n * FolderPicker: Remove useNewForms from FolderPicker (#31485)\n * Add reportVariables feature toggle (#31469)\n * Grafana datasource: support multiple targets (#31495)\n * Update license-restrictions.md (#31488)\n * Docs: Derived fields links in logs detail view (#31482)\n * Docs: Add new data source links to Enterprise page (#31480)\n * Convert annotations to dataframes (#31400)\n * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475)\n * GrafanaUI: Fixes typescript error for missing css prop (#31479)\n * Login: handle custom token creation error messages (#31283)\n * Library Panels: Don't list current panel in available panels list (#31472)\n * DashboardSettings: Migrate Link Settings to React (#31150)\n * Frontend changes for library panels feature (#30653)\n * Alerting notifier SensuGo: improvements in default message (#31428)\n * AppPlugins: Options to disable showing config page in nav (#31354)\n * add aws config (#31464)\n * Heatmap: Fix missing/wrong value in heatmap legend (#31430)\n * Chore: Fixes small typos (#31461)\n * Graphite/SSE: update graphite to work with server side expressions (#31455)\n * update the lastest version to 7.4.3 (#31457)\n * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454)\n * AWS: Add aws plugin configuration (#31312)\n * Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452)\n * Remove UserSyncInfo.tsx (#31450)\n * Elasticsearch: Add word highlighting to search results (#30293)\n * Chore: Fix eslint react hook warnings in grafana-ui (#31092)\n * CloudWatch: Make it possible to specify custom api endpoint (#31402)\n * Chore: fixed incorrect naming for disable settings (#31448)\n * TraceViewer: Fix show log marker in spanbar (#30742)\n * LibraryPanels: Adds permissions to getAllHandler (#31416)\n * NamedColorsPalette: updates story from knobs to controls (#31443)\n * 'Release: Updated versions in package to 7.4.3' (#31444)\n * ColorPicker: updates story from knobs to controls (#31429)\n * Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431)\n * ClipboardButton: updates story from knobs to controls (#31422)\n * we should never log unhashed tokens (#31432)\n * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407)\n * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322)\n * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353)\n * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362)\n * TraceViewer: Fix trace to logs icon to show in right pane (#31414)\n * add hg team as migrations code owners (#31420)\n * Remove tidy-check script (#31423)\n * InfluxDB: handle columns named 'table' (#30985)\n * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401)\n * Devenv: Add gdev-influxdb2 data source (#31250)\n * Update grabpl from 0.5.38 to 0.5.42 version (#31419)\n * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421)\n * remove squadcast details from docs (#31413)\n * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297)\n * Logging: add frontend logging helpers to @grafana/runtime package (#30482)\n * CallToActionCard: updates story from knobs to controls (#31393)\n * Add eu-south-1 cloudwatch region, closes #31197 (#31198)\n * Chore: Upgrade eslint packages (#31408)\n * Cascader: updates story from knobs to controls (#31399)\n * addressed issues 28763 and 30314. (#31404)\n * Added section Query a time series database by id (#31337)\n * Prometheus: Change default httpMethod for new instances to POST (#31292)\n * Data source list: Use Card component (#31326)\n * Chore: Remove gotest.tools dependency (#31391)\n * Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388)\n * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387)\n * AdHocVariables: Fixes crash when values are stored as numbers (#31382)\n * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379)\n * Chore: Fix strict errors, down to 416 (#31365)\n * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378)\n * StoryBook: Introduces Grafana Controls (#31351)\n * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313)\n * Theming: Support for runtime theme switching and hooks for custom themes (#31301)\n * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282)\n * Zipkin: Show success on test data source (#30829)\n * Update grot template (needs more info) (#31350)\n * DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347)\n * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332)\n * Grafana/UI: Add basic legend to the PieChart (#31278)\n * SAML: single logout only enabled in enterprise (#31325)\n * QueryEditor: handle query.hide changes in angular based query-editors (#31336)\n * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334)\n * LibraryPanels: Syncs panel title with name (#31311)\n * Chore: Upgrade golangci-lint (#31330)\n * Add info to docs about concurrent session limits (#31333)\n * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316)\n * BarGuage: updates story from knobs to controls (#31223)\n * Docs: Clarifies how to add Key/Value pairs (#31303)\n * Usagestats: Exclude folders from total dashboard count (#31320)\n * ButtonCascader: updates story from knobs to controls (#31288)\n * test: allow check for Table as well as Graph for Explore e2e flow (#31290)\n * Grafana-UI: Update tooltip type (#31310)\n * fix 7.4.2 release note (#31299)\n * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285)\n * Chore: reduce strict errors for variables (#31241)\n * update latest release version (#31296)\n * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291)\n * Correct name of Discord notifier tests (#31277)\n * Docs: Clarifies custom date formats for variables (#31271)\n * BigValue: updates story from knobs to controls (#31240)\n * Docs: Annotations update (#31194)\n * Introduce functions for interacting with library panels API (#30993)\n * Search: display sort metadata (#31167)\n * Folders: Editors should be able to edit name and delete folders (#31242)\n * Make Datetime local (No date if today) working (#31274)\n * UsageStats: Purpose named variables (#31264)\n * Snapshots: Disallow anonymous user to create snapshots (#31263)\n * only update usagestats every 30min (#31131)\n * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701)\n * Grafana-UI: Add id to Select to make it easier to test (#31230)\n * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055)\n * UI/Card: Fix handling of 'onClick' callback (#31225)\n * Loki: Add line limit for annotations (#31183)\n * Remove deprecated and breaking loki config field (#31227)\n * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236)\n * LibraryPanels: Disconnect before connect during dashboard save (#31235)\n * Disable Change Password for OAuth users (#27886)\n * TagsInput: Design update and component refactor (#31163)\n * Variables: Adds back default option for data source variable (#31208)\n * IPv6: Support host address configured with enclosing square brackets (#31226)\n * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179)\n * GraphNG: refactor core to class component (#30941)\n * Remove last synchronisation field from LDAP debug view (#30984)\n * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975)\n * Graph: Make axes unit option work even when field option unit is set (#31205)\n * AlertingNG: Test definition (#30886)\n * Docs: Update Influx config options (#31146)\n * WIP: Skip this call when we skip migrations (#31216)\n * use 0.1.0 (#31215)\n * DataSourceSrv: Filter out non queryable data sources by default (#31144)\n * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193)\n * Chore: report eslint no-explicit-any errors to metrics (#31182)\n * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211)\n * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773)\n * Alerting: Fix modal text for deleting obsolete notifier (#31171)\n * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204)\n * Variables: Fixes missing empty elements from regex filters (#31156)\n * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126)\n * Fixed the typo. (#31189)\n * Docs: Rewrite preferences docs (#31154)\n * Explore/Refactor: Simplify URL handling (#29173)\n * DashboardLinks: Fixes links always cause full page reload (#31178)\n * Replace PR with Commit truncated hash when build fails (#31177)\n * Alert: update story to use controls (#31145)\n * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132)\n * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172)\n * Update prometheus.md (#31173)\n * Variables: Extend option pickers to accept custom onChange callback (#30913)\n * Prometheus: Multiply exemplars timestamp to follow api change (#31143)\n * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160)\n * Add author name and pr number in drone pipeline notifications (#31124)\n * Prometheus: Add documentation for ad-hoc filters (#31122)\n * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135)\n * Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079)\n * Chore: Update latest.json (#31139)\n * Docs: add 7.4.1 relese notes link (#31137)\n * PieChart: Progress on new core pie chart (#28020)\n * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133)\n * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989)\n * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121)\n * MuxWriter: Handle error for already closed file (#31119)\n * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115)\n * Search: add sort information in dashboard results (#30609)\n * area/grafana/e2e: ginstall should pull version specified (#31056)\n * Exemplars: Change CTA style (#30880)\n * Influx: Make max series limit configurable and show the limiting message if applied (#31025)\n * Docs: request security (#30937)\n * update configurePanel for 7.4.0 changes (#31093)\n * Elasticsearch: fix log row context erroring out (#31088)\n * Prometheus: Fix issues with ad-hoc filters (#30931)\n * LogsPanel: Add deduplication option for logs (#31019)\n * Drone: Make sure CDN upload is ok before pushing docker images (#31075)\n * PluginManager: Remove some global state (#31081)\n * test: update addDashboard flow for v7.4.0 changes (#31059)\n * Transformations: Fixed typo in FilterByValue transformer description. (#31078)\n * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074)\n * Usage stats: Adds source/distributor setting (#31039)\n * CDN: Add CDN upload step to enterprise and release pipelines (#31058)\n * Chore: Replace native select with grafana ui select (#31030)\n * Docs: Update json-model.md (#31066)\n * Docs: Update whats-new-in-v7-4.md (#31069)\n * Added hyperlinks to Graphite documentation (#31064)\n * DashboardSettings: Update to new form styles (#31022)\n * CDN: Fixing drone CI config (#31052)\n * convert path to posix by default (#31045)\n * DashboardLinks: Fixes crash when link has no title (#31008)\n * Alerting: Fixes so notification channels are properly deleted (#31040)\n * Explore: Remove emotion error when displaying logs (#31026)\n * Elasticsearch: Fix alias field value not being shown in query editor (#30992)\n * CDN: Adds uppload to CDN step to drone CI (#30879)\n * Improved glossary (#31004)\n * BarGauge: Improvements to value sizing and table inner width calculations (#30990)\n * Drone: Fix deployment image (#31027)\n * ColorPicker: migrated styles from sass to emotion (#30909)\n * Dashboard: Migrate general settings to react (#30914)\n * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018)\n * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966)\n * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017)\n * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013)\n * Graph: Fixes so graph is shown for non numeric time values (#30972)\n * CloudMonitoring: Prevent resource type variable function from crashing (#30901)\n * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971)\n * Build: Releases e2e and e2e-selectors too (#31006)\n * TextPanel: Fixes so panel title is updated when variables change (#30884)\n * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000)\n * instrumentation: make the first database histogram bucket smaller (#30995)\n * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt… (#30988)\n * StatPanel: Fixes issue formatting date values using unit option (#30979)\n * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973)\n * Units: Fixes formatting of duration units (#30982)\n * Elasticsearch: Show Size setting for raw_data metric (#30980)\n * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935)\n * make sure service and slo display name is passed to segment comp (#30900)\n * assign changes in cloud datasources to the new cloud datasources team (#30645)\n * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927)\n * Theme: Use higher order theme color variables rather then is light/dark logic (#30939)\n * Docs: Add alias for what's new in 7.4 (#30945)\n * e2e: extends selector factory to plugins (#30932)\n * Chore: Upgrade docker build image (#30820)\n * Docs: updated developer guide (#29978)\n * Alerts: Update Alert storybook to show more states (#30908)\n * Variables: Adds queryparam formatting option (#30858)\n * Chore: pad unknown values with undefined (#30808)\n * Transformers: add search to transform selection (#30854)\n * Exemplars: change api to reflect latest changes (#30910)\n * docs: use selinux relabelling on docker containers (#27685)\n * Docs: Fix bad image path for alert notification template (#30911)\n * Make value mappings correctly interpret numeric-like strings (#30893)\n * Chore: Update latest.json (#30905)\n * Docs: Update whats-new-in-v7-4.md (#30882)\n * Dashboard: Ignore changes to dashboard when the user session expires (#30897)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902)\n * test: add support for timeout to be passed in for addDatasource (#30736)\n * increase page size and make sure the cache supports query params (#30892)\n * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891)\n * OAuth: custom username docs (#28400)\n * Panels: Remove value mapping of values that have been formatted #26763 (#30868)\n * Alerting: Fixes alert panel header icon not showing (#30840)\n * AlertingNG: Edit Alert Definition (#30676)\n * Logging: sourcemap support for frontend stacktraces (#30590)\n * Added 'Restart Grafana' topic. (#30844)\n * Docs: Org, Team, and User Admin (#30756)\n * bump grabpl version to 0.5.36 (#30874)\n * Plugins: Requests validator (#30445)\n * Docs: Update whats-new-in-v7-4.md (#30876)\n * Docs: Add server view folder (#30849)\n * Fixed image name and path (#30871)\n * Grafana-ui: fixes closing modals with escape key (#30745)\n * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827)\n * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861)\n * Chart/Tooltip: refactored style declaration (#30824)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853)\n * Grafana-ui: fixes no data message in Table component (#30821)\n * grafana/ui: Update pagination component for large number of pages (#30151)\n * Alerting: Customise OK notification priorities for Pushover notifier (#30169)\n * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569)\n * Chore: Remove panelTime.html, closes #30097 (#30842)\n * Docs: Time series panel, bar alignment docs (#30780)\n * Chore: add more docs annotations (#30847)\n * Transforms: allow boolean in field calculations (#30802)\n * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825)\n * Update prometheus.md with image link fix (#30833)\n * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806)\n * Update license-expiration.md (#30839)\n * Explore rewrite (#30804)\n * Prometheus: Set type of labels to string (#30831)\n * GrafanaUI: Add a way to persistently close InfoBox (#30716)\n * Fix typo in transformer registry (#30712)\n * Elasticsearch: Display errors with text responses (#30122)\n * CDN: Fixes cdn path when Grafana is under sub path (#30822)\n * TraceViewer: Fix lazy loading (#30700)\n * FormField: migrated sass styling to emotion (#30392)\n * AlertingNG: change API permissions (#30781)\n * Variables: Clears drop down state when leaving dashboard (#30810)\n * Grafana-UI: Add story/docs for ErrorBoundary (#30304)\n * Add missing callback dependency (#30797)\n * PanelLibrary: Adds library panel meta information to dashboard json (#30770)\n * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343)\n * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771)\n * GraphNG: improve behavior when switching between solid/dash/dots (#30796)\n * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778)\n * Add width for Variable Editors (#30791)\n * Chore: Remove warning when calling resource (#30752)\n * Auth: Use SigV4 lib from grafana-aws-sdk (#30713)\n * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784)\n * GraphNG: add bar alignment option (#30499)\n * Expressions: Measure total transformation requests and elapsed time (#30514)\n * Menu: Mark menu components as internal (#30740)\n * TableInputCSV: migrated styles from sass to emotion (#30554)\n * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777)\n * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772)\n * CDN: Adds support for serving assets over a CDN (#30691)\n * PanelEdit: Trigger refresh when changing data source (#30744)\n * Chore: remove __debug_bin (#30725)\n * BarChart: add alpha bar chart panel (#30323)\n * Docs: Time series panel (#30690)\n * Backend Plugins: Convert test data source to use SDK contracts (#29916)\n * Docs: Update whats-new-in-v7-4.md (#30747)\n * Add link to Elasticsearch docs. (#30748)\n * Mobile: Fixes issue scrolling on mobile in chrome (#30746)\n * TagsInput: Make placeholder configurable (#30718)\n * Docs: Add config settings for fonts in reporting (#30421)\n * Add menu.yaml to .gitignore (#30743)\n * bump cypress to 6.3.0 (#30644)\n * Datasource: Use json-iterator configuration compatible with standard library (#30732)\n * AlertingNG: Update UX to use new PageToolbar component (#30680)\n * Docs: Add usage insights export feature (#30376)\n * skip symlinks to directories when generating plugin manifest (#30721)\n * PluginCiE2E: Upgrade base images (#30696)\n * Variables: Fixes so text format will show All instead of custom all (#30730)\n * PanelLibrary: better handling of deleted panels (#30709)\n * Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724)\n * Added 'curated dashboards' information and broke down, rearranged topics. (#30659)\n * Transform: improve the 'outer join' performance/behavior (#30407)\n * Add alt text to plugin logos (#30710)\n * Deleted menu.yaml file (#30717)\n * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000)\n * Added entry for web server. (#30715)\n * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706)\n * Use connected GraphNG in Explore (#30707)\n * Fix documentation for streaming data sources (#30704)\n * PanelLibrary: changes casing of responses and adds meta property (#30668)\n * Influx: Show all datapoints for dynamically windowed flux query (#30688)\n * Trace: trace to logs design update (#30637)\n * DeployImage: Switch base images to Debian (#30684)\n * Chore: remove CSP debug logging line (#30689)\n * Docs: 7.4 documentation for expressions (#30524)\n * PanelEdit: Get rid of last remaining usage of navbar-button (#30682)\n * Grafana-UI: Fix setting default value for MultiSelect (#30671)\n * CustomScrollbar: migrated styles from sass to emotion (#30506)\n * DashboardSettings & PanelEdit: Use new PageToolbar (#30675)\n * Explore: Fix jumpy live tailing (#30650)\n * ci(npm-publish): add missing github package token to env vars (#30665)\n * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588)\n * AlertingNG: pause/unpause definitions via the API (#30627)\n * Docs: Refer to product docs in whats new for alerting templating feature (#30652)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666)\n * Variables: Fixes display value when using capture groups in regex (#30636)\n * Docs: Update _index.md (#30655)\n * Docs: Auditing updates (#30433)\n * Docs: add hidden_users configuration field (#30435)\n * Docs: Define TLS/SSL terminology (#30533)\n * Docs: Fix expressions enabled description (#30589)\n * Docs: Update ES screenshots (#30598)\n * Licensing Docs: Adding license restrictions docs (#30216)\n * Update documentation-style-guide.md (#30611)\n * Docs: Update queries.md (#30616)\n * chore(grafana-ui): bump storybook to 6.1.15 (#30642)\n * DashboardSettings: fixes vertical scrolling (#30640)\n * Usage Stats: Remove unused method for getting user stats (#30074)\n * Grafana/UI: Unit picker should not set a category as unit (#30638)\n * Graph: Fixes auto decimals issue in legend and tooltip (#30628)\n * AlertingNG: List saved Alert definitions in Alert Rule list (#30603)\n * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605)\n * Grafana/UI: Add disable prop to Segment (#30539)\n * Variables: Fixes so queries work for numbers values too (#30602)\n * Admin: Fixes so form values are filled in from backend (#30544)\n * Docs: Add new override info and add whats new 7.4 links (#30615)\n * TestData: Improve what's new in v7.4 (#30612)\n * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502)\n * NodeGraph: Add docs (#30504)\n * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517)\n * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570)\n * Update styling.md guide (#30594)\n * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568)\n * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583)\n * Chore(deps): Bump github.com/prometheus/client_golang (#30585)\n * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587)\n * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584)\n * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572)\n * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474)\n * Add documentation for Exemplars (#30317)\n * OldGraph: Fix height issue in Firefox (#30565)\n * XY Chart: fix editor error with empty frame (no fields) (#30573)\n * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510)\n * XY Chart: share legend config with timeseries (#30559)\n * configuration.md: Document Content Security Policy options (#30413)\n * DataFrame: cache frame/field index in field state (#30529)\n * List + before -; rm old Git ref; reformat. (#30543)\n * Expressions: Add option to disable feature (#30541)\n * Explore: Fix loading visualisation on the top of the new time series panel (#30553)\n * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511)\n * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519)\n * Postgres: Convert tests to stdlib (#30536)\n * Storybook: Migrate card story to use controls (#30535)\n * AlertingNG: Enable UI to Save Alert Definitions (#30394)\n * Postgres: Be consistent about TLS/SSL terminology (#30532)\n * Loki: Append refId to logs uid (#30418)\n * Postgres: Fix indentation (#30531)\n * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527)\n * updates for e2e docker image (#30465)\n * GraphNG: uPlot 1.6.2 (#30521)\n * Docs: Update whats-new-in-v7-4.md (#30520)\n * Prettier: ignore build and devenv dirs (#30501)\n * Chore: Upgrade grabpl version (#30486)\n * Explore: Update styling of buttons (#30493)\n * Cloud Monitoring: Fix legend naming with display name override (#30440)\n * GraphNG: Disable Plot logging by default (#30390)\n * Admin: Fixes so whole org drop down is visible when adding users to org (#30481)\n * Docs: include Makefile option for local assets (#30455)\n * Footer: Fixes layout issue in footer (#30443)\n * TimeSeriesPanel: Fixed default value for gradientMode (#30484)\n * Docs: fix typo in what's new doc (#30489)\n * Chore: adds wait to e2e test (#30488)\n * chore: update packages dependent on dot-prop to fix security vulnerability (#30432)\n * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480)\n * Chore: fix spelling mistake (#30473)\n * Chore: Restrict internal imports from other packages (#30453)\n * Docs: What's new fixes and improvements (#30469)\n * Timeseries: only migrage point size when configured (#30461)\n * Alerting: Hides threshold handle for percentual thresholds (#30431)\n * Graph: Fixes so only users with correct permissions can add annotations (#30419)\n * Chore: update latest version to 7.4.0-beta1 (#30452)\n * Docs: Add whats new 7.4 links (#30463)\n * Update whats-new-in-v7-4.md (#30460)\n * docs: 7.4 what's new (Add expressions note) (#30446)\n * Chore: Upgrade build pipeline tool (#30456)\n * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441)\n * Expressions: Fix button icon (#30444)\n * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449)\n * Docs: Fix img link for alert notification template (#30436)\n * grafana/ui: Fix internal import from grafana/data (#30439)\n * prevent field config from being overwritten (#30437)\n * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389)\n * Dashboard: Remove template variables option from ShareModal (#30395)\n * Added doc content for variables inspector code change by Hugo (#30408)\n * Docs: update license expiration behavior for reporting (#30420)\n * Chore: use old version format in package.json (#30430)\n * Chore: upgrade NPM security vulnerabilities (#30397)\n * 'Release: Updated versions in package to 7.5.0-pre.0' (#30428)\n * contribute: Add backend and configuration guidelines for PRs (#30426)\n * Chore: Update what's new URL (#30424)\n- Update to version 7.4.5\n- CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809)\n- CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813)\n- CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371)\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-SLE-15.3-2021-2662", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2662-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:2662-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CQXNKFCX2C74T7LPZZCRD6GK2WWJTT4B/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:2662-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CQXNKFCX2C74T7LPZZCRD6GK2WWJTT4B/", }, { category: "self", summary: "SUSE Bug 1183803", url: "https://bugzilla.suse.com/1183803", }, { category: "self", summary: "SUSE Bug 1183809", url: "https://bugzilla.suse.com/1183809", }, { category: "self", summary: "SUSE Bug 1183811", url: "https://bugzilla.suse.com/1183811", }, { category: "self", summary: "SUSE Bug 1183813", url: "https://bugzilla.suse.com/1183813", }, { category: "self", summary: "SUSE Bug 1184371", url: "https://bugzilla.suse.com/1184371", }, { category: "self", summary: "SUSE CVE CVE-2021-27358 page", url: "https://www.suse.com/security/cve/CVE-2021-27358/", }, { category: "self", summary: "SUSE CVE CVE-2021-27962 page", url: "https://www.suse.com/security/cve/CVE-2021-27962/", }, { category: "self", summary: "SUSE CVE CVE-2021-28146 page", url: "https://www.suse.com/security/cve/CVE-2021-28146/", }, { category: "self", summary: "SUSE CVE CVE-2021-28147 page", url: "https://www.suse.com/security/cve/CVE-2021-28147/", }, { category: "self", summary: "SUSE CVE CVE-2021-28148 page", url: "https://www.suse.com/security/cve/CVE-2021-28148/", }, ], title: "Security update for grafana", tracking: { current_release_date: "2021-08-12T10:02:06Z", generator: { date: "2021-08-12T10:02:06Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:2662-1", initial_release_date: "2021-08-12T10:02:06Z", revision_history: [ { date: "2021-08-12T10:02:06Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-7.5.7-3.12.1.aarch64", product: { name: "grafana-7.5.7-3.12.1.aarch64", product_id: "grafana-7.5.7-3.12.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-7.5.7-3.12.1.ppc64le", product: { name: "grafana-7.5.7-3.12.1.ppc64le", product_id: "grafana-7.5.7-3.12.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-7.5.7-3.12.1.s390x", product: { name: "grafana-7.5.7-3.12.1.s390x", product_id: "grafana-7.5.7-3.12.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grafana-7.5.7-3.12.1.x86_64", product: { name: "grafana-7.5.7-3.12.1.x86_64", product_id: "grafana-7.5.7-3.12.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-3.12.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", }, product_reference: "grafana-7.5.7-3.12.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-3.12.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", }, product_reference: "grafana-7.5.7-3.12.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-3.12.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", }, product_reference: "grafana-7.5.7-3.12.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-7.5.7-3.12.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", }, product_reference: "grafana-7.5.7-3.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-27358", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27358", }, ], notes: [ { category: "general", text: "The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27358", url: "https://www.suse.com/security/cve/CVE-2021-27358", }, { category: "external", summary: "SUSE Bug 1183803 for CVE-2021-27358", url: "https://bugzilla.suse.com/1183803", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:02:06Z", details: "important", }, ], title: "CVE-2021-27358", }, { cve: "CVE-2021-27962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-27962", }, ], notes: [ { category: "general", text: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-27962", url: "https://www.suse.com/security/cve/CVE-2021-27962", }, { category: "external", summary: "SUSE Bug 1184371 for CVE-2021-27962", url: "https://bugzilla.suse.com/1184371", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:02:06Z", details: "moderate", }, ], title: "CVE-2021-27962", }, { cve: "CVE-2021-28146", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28146", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28146", url: "https://www.suse.com/security/cve/CVE-2021-28146", }, { category: "external", summary: "SUSE Bug 1183811 for CVE-2021-28146", url: "https://bugzilla.suse.com/1183811", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:02:06Z", details: "moderate", }, ], title: "CVE-2021-28146", }, { cve: "CVE-2021-28147", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28147", }, ], notes: [ { category: "general", text: "The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28147", url: "https://www.suse.com/security/cve/CVE-2021-28147", }, { category: "external", summary: "SUSE Bug 1183809 for CVE-2021-28147", url: "https://bugzilla.suse.com/1183809", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:02:06Z", details: "moderate", }, ], title: "CVE-2021-28147", }, { cve: "CVE-2021-28148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-28148", }, ], notes: [ { category: "general", text: "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-28148", url: "https://www.suse.com/security/cve/CVE-2021-28148", }, { category: "external", summary: "SUSE Bug 1183813 for CVE-2021-28148", url: "https://bugzilla.suse.com/1183813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.aarch64", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.ppc64le", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.s390x", "openSUSE Leap 15.3:grafana-7.5.7-3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-08-12T10:02:06Z", details: "important", }, ], title: "CVE-2021-28148", }, ], }
ghsa-6858-383c-7xhr
Vulnerability from github
Published
2022-05-24 17:45
Modified
2022-07-13 00:01
Severity ?
Details
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
{ affected: [], aliases: [ "CVE-2021-27962", ], database_specific: { cwe_ids: [ "CWE-732", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2021-03-22T14:15:00Z", severity: "HIGH", }, details: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", id: "GHSA-6858-383c-7xhr", modified: "2022-07-13T00:01:14Z", published: "2022-05-24T17:45:02Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-27962", }, { type: "WEB", url: "https://community.grafana.com", }, { type: "WEB", url: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", }, { type: "WEB", url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { type: "WEB", url: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise", }, { type: "WEB", url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2021/03/19/5", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", type: "CVSS_V3", }, ], }
fkie_cve-2021-27962
Vulnerability from fkie_nvd
Published
2021-03-22 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "9E9735BD-3047-4AB2-96A8-B7C982CF3B60", versionEndExcluding: "7.3.10", versionStartIncluding: "7.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "7CFD90C0-68A4-40F8-82FF-4B161A38C378", versionEndExcluding: "7.4.5", versionStartIncluding: "7.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", }, { lang: "es", value: "Grafana Enterprise versiones 7.2.x y 7.3.x anteriores a 7.3.10 y versiones 7.4.x anteriores a 7.4.5, permite a un editor de tablero omitir una comprobación de permisos relacionada con una fuente de datos a la que no debería poder ser capaz de acceder", }, ], id: "CVE-2021-27962", lastModified: "2024-11-21T05:58:55.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-22T14:15:14.023", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/19/5", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://community.grafana.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/19/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://community.grafana.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2021-27962
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-27962", description: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", id: "GSD-2021-27962", references: [ "https://www.suse.com/security/cve/CVE-2021-27962.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-27962", ], details: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", id: "GSD-2021-27962", modified: "2023-12-13T01:23:35.557153Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27962", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://community.grafana.com/t/release-notes-v6-7-x/27119", refsource: "MISC", url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { name: "https://community.grafana.com", refsource: "MISC", url: "https://community.grafana.com", }, { name: "http://www.openwall.com/lists/oss-security/2021/03/19/5", refsource: "CONFIRM", url: "http://www.openwall.com/lists/oss-security/2021/03/19/5", }, { name: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", refsource: "CONFIRM", url: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", }, { name: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", refsource: "MISC", url: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", }, { name: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", refsource: "MISC", url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", }, ], }, source: { discovery: "INTERNAL", }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*", cpe_name: [], versionEndExcluding: "7.4.5", versionStartIncluding: "7.4.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*", cpe_name: [], versionEndExcluding: "7.3.10", versionStartIncluding: "7.2.0", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27962", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-732", }, ], }, ], }, references: { reference_data: [ { name: "http://www.openwall.com/lists/oss-security/2021/03/19/5", refsource: "CONFIRM", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/03/19/5", }, { name: "https://community.grafana.com", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://community.grafana.com", }, { name: "https://community.grafana.com/t/release-notes-v6-7-x/27119", refsource: "MISC", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://community.grafana.com/t/release-notes-v6-7-x/27119", }, { name: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", refsource: "MISC", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", }, { name: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", refsource: "CONFIRM", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", }, { name: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", refsource: "MISC", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, }, }, lastModifiedDate: "2021-03-29T13:59Z", publishedDate: "2021-03-22T14:15Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.