Vulnerability from csaf_suse
Published
2023-03-20 15:32
Modified
2023-03-20 15:32
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
dracut-saltboot:
- Update to verion 0.1.1674034019.a93ff61
* Install copied wicked config as client.xml (bsc#1205599)
- Update to version 0.1.1673279145.e7616bd
grafana:
- CVE-2022-46146: Fix basic authentication bypass by updating the exporter
toolkit to version 0.7.3 (bsc#1208065,)
- CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293)
- Update to version 8.5.20:
* CVE-2022-23552: Security: SVG: Add dompurify preprocessor step (bsc#1207749)
* CVE-2022-39324: Security: Snapshots: Fix originalUrl spoof security issue
(bsc#1207750)
* Security: Omit error from http response
* Bug fix: Email and username trimming and invitation validation
spacecmd:
- Version 4.3.19-1
* Fix spacecmd not showing any output for softwarechannel_diff
and softwarechannel_errata_diff (bsc#1207352)
* Prevent string api parameters to be parsed as dates if not in
ISO-8601 format (bsc#1205759)
spacewalk-client-tools:
- Version 4.3.15-1
* Update translation strings
supportutils-plugin-salt:
- Update to version 1.2.2
* Remove possible passwords from Salt configuration files (bsc#1201059)
uyuni-proxy-systemd-services:
- Version 4.3.8-1
* Allow using container images from different registry paths
Patchnames
SUSE-2023-812,SUSE-SLE-Manager-Tools-15-2023-812,SUSE-SLE-Manager-Tools-For-Micro-5-2023-812,SUSE-SLE-Module-Basesystem-15-SP4-2023-812,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-812,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-812,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-812,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-812,SUSE-SLE-Product-RT-15-SP3-2023-812,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-812,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-812,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-812,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-812,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-812,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-812,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-812,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-812,SUSE-Storage-7-2023-812,SUSE-Storage-7.1-2023-812,openSUSE-SLE-15.4-2023-812
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\ndracut-saltboot:\n\n- Update to verion 0.1.1674034019.a93ff61\n * Install copied wicked config as client.xml (bsc#1205599)\n- Update to version 0.1.1673279145.e7616bd\n\ngrafana:\n\n- CVE-2022-46146: Fix basic authentication bypass by updating the exporter\n toolkit to version 0.7.3 (bsc#1208065,)\n- CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293)\n- Update to version 8.5.20:\n * CVE-2022-23552: Security: SVG: Add dompurify preprocessor step (bsc#1207749)\n * CVE-2022-39324: Security: Snapshots: Fix originalUrl spoof security issue\n (bsc#1207750)\n * Security: Omit error from http response \n * Bug fix: Email and username trimming and invitation validation\n\nspacecmd:\n\n- Version 4.3.19-1\n * Fix spacecmd not showing any output for softwarechannel_diff\n and softwarechannel_errata_diff (bsc#1207352)\n * Prevent string api parameters to be parsed as dates if not in\n ISO-8601 format (bsc#1205759)\n\nspacewalk-client-tools:\n\n- Version 4.3.15-1\n * Update translation strings\n\nsupportutils-plugin-salt:\n\n- Update to version 1.2.2\n * Remove possible passwords from Salt configuration files (bsc#1201059)\n\nuyuni-proxy-systemd-services:\n\n- Version 4.3.8-1\n * Allow using container images from different registry paths\n\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-812,SUSE-SLE-Manager-Tools-15-2023-812,SUSE-SLE-Manager-Tools-For-Micro-5-2023-812,SUSE-SLE-Module-Basesystem-15-SP4-2023-812,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-812,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-812,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-812,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-812,SUSE-SLE-Product-RT-15-SP3-2023-812,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-812,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-812,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-812,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-812,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-812,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-812,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-812,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-812,SUSE-Storage-7-2023-812,SUSE-Storage-7.1-2023-812,openSUSE-SLE-15.4-2023-812", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0812-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:0812-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20230812-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:0812-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014098.html", }, { category: "self", summary: "SUSE Bug 1201059", url: "https://bugzilla.suse.com/1201059", }, { category: "self", summary: "SUSE Bug 1205599", url: "https://bugzilla.suse.com/1205599", }, { category: "self", summary: "SUSE Bug 1205759", url: "https://bugzilla.suse.com/1205759", }, { category: "self", summary: "SUSE Bug 1207352", url: "https://bugzilla.suse.com/1207352", }, { category: "self", summary: "SUSE Bug 1207749", url: "https://bugzilla.suse.com/1207749", }, { category: "self", summary: "SUSE Bug 1207750", url: "https://bugzilla.suse.com/1207750", }, { category: "self", summary: "SUSE Bug 1208065", url: "https://bugzilla.suse.com/1208065", }, { category: "self", summary: "SUSE Bug 1208293", url: "https://bugzilla.suse.com/1208293", }, { category: "self", summary: "SUSE CVE CVE-2022-23552 page", url: "https://www.suse.com/security/cve/CVE-2022-23552/", }, { category: "self", summary: "SUSE CVE CVE-2022-39324 page", url: "https://www.suse.com/security/cve/CVE-2022-39324/", }, { category: "self", summary: "SUSE CVE CVE-2022-41723 page", url: "https://www.suse.com/security/cve/CVE-2022-41723/", }, { category: "self", summary: "SUSE CVE CVE-2022-46146 page", url: "https://www.suse.com/security/cve/CVE-2022-46146/", }, ], title: "Security update for SUSE Manager Client Tools", tracking: { current_release_date: "2023-03-20T15:32:26Z", generator: { date: "2023-03-20T15:32:26Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:0812-1", initial_release_date: "2023-03-20T15:32:26Z", revision_history: [ { date: "2023-03-20T15:32:26Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-8.5.20-150000.1.42.1.aarch64", product: { name: "grafana-8.5.20-150000.1.42.1.aarch64", product_id: "grafana-8.5.20-150000.1.42.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-8.5.20-150000.1.42.1.i586", product: { name: "grafana-8.5.20-150000.1.42.1.i586", product_id: "grafana-8.5.20-150000.1.42.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", product: { name: "dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", product_id: "dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", product: { name: "python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", product_id: "python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", product: { name: "python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", product_id: "python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", product: { name: "python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", product_id: "python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", }, }, { category: "product_version", name: "spacecmd-4.3.19-150000.3.95.1.noarch", product: { name: "spacecmd-4.3.19-150000.3.95.1.noarch", product_id: "spacecmd-4.3.19-150000.3.95.1.noarch", }, }, { category: "product_version", name: "spacewalk-check-4.3.15-150000.3.77.1.noarch", product: { name: "spacewalk-check-4.3.15-150000.3.77.1.noarch", product_id: "spacewalk-check-4.3.15-150000.3.77.1.noarch", }, }, { category: "product_version", name: "spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", product: { name: "spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", product_id: "spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", }, }, { category: "product_version", name: "spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", product: { name: "spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", product_id: "spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", }, }, { category: "product_version", name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", product: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", product_id: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, }, { category: "product_version", name: "uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", product: { name: "uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", product_id: "uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grafana-8.5.20-150000.1.42.1.ppc64le", product: { name: "grafana-8.5.20-150000.1.42.1.ppc64le", product_id: "grafana-8.5.20-150000.1.42.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-8.5.20-150000.1.42.1.s390x", product: { name: "grafana-8.5.20-150000.1.42.1.s390x", product_id: "grafana-8.5.20-150000.1.42.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grafana-8.5.20-150000.1.42.1.x86_64", product: { name: "grafana-8.5.20-150000.1.42.1.x86_64", product_id: "grafana-8.5.20-150000.1.42.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Client Tools 15", product: { name: "SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15", }, }, { category: "product_name", name: "SUSE Manager Client Tools for SLE Micro 5", product: { name: "SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5", product_identification_helper: { cpe: "cpe:/o:suse:sle-manager-tools-micro:5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP4", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Real Time 15 SP3", product: { name: "SUSE Linux Enterprise Real Time 15 SP3", product_id: "SUSE Linux Enterprise Real Time 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle_rt:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp3", }, }, }, { category: "product_name", name: "SUSE Manager Proxy 4.2", product: { name: "SUSE Manager Proxy 4.2", product_id: "SUSE Manager Proxy 4.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:4.2", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.2", product: { name: "SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.2", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7", product: { name: "SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7", product_identification_helper: { cpe: "cpe:/o:suse:ses:7", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7.1", product: { name: "SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1", product_identification_helper: { cpe: "cpe:/o:suse:ses:7.1", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", }, product_reference: "dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-8.5.20-150000.1.42.1.aarch64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", }, product_reference: "grafana-8.5.20-150000.1.42.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-8.5.20-150000.1.42.1.ppc64le as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", }, product_reference: "grafana-8.5.20-150000.1.42.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-8.5.20-150000.1.42.1.s390x as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", }, product_reference: "grafana-8.5.20-150000.1.42.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-8.5.20-150000.1.42.1.x86_64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", }, product_reference: "grafana-8.5.20-150000.1.42.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-check-4.3.15-150000.3.77.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", }, product_reference: "python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", }, product_reference: "python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", }, product_reference: "python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.3.19-150000.3.95.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", }, product_reference: "spacecmd-4.3.19-150000.3.95.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-check-4.3.15-150000.3.77.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", }, product_reference: "spacewalk-check-4.3.15-150000.3.77.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-setup-4.3.15-150000.3.77.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", }, product_reference: "spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.3.15-150000.3.77.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", }, product_reference: "spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", }, product_reference: "uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", }, product_reference: "dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools for SLE Micro 5", }, { category: "default_component_of", full_product_name: { name: "uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", }, product_reference: "uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools for SLE Micro 5", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP3", product_id: "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 15 SP3", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Manager Proxy 4.2", product_id: "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.2", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.2", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", }, product_reference: "dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.3.19-150000.3.95.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", }, product_reference: "spacecmd-4.3.19-150000.3.95.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, ], }, vulnerabilities: [ { cve: "CVE-2022-23552", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23552", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-23552", url: "https://www.suse.com/security/cve/CVE-2022-23552", }, { category: "external", summary: "SUSE Bug 1207749 for CVE-2022-23552", url: "https://bugzilla.suse.com/1207749", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-20T15:32:26Z", details: "important", }, ], title: "CVE-2022-23552", }, { cve: "CVE-2022-39324", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-39324", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker's injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-39324", url: "https://www.suse.com/security/cve/CVE-2022-39324", }, { category: "external", summary: "SUSE Bug 1207750 for CVE-2022-39324", url: "https://bugzilla.suse.com/1207750", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-20T15:32:26Z", details: "moderate", }, ], title: "CVE-2022-39324", }, { cve: "CVE-2022-41723", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41723", }, ], notes: [ { category: "general", text: "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-41723", url: "https://www.suse.com/security/cve/CVE-2022-41723", }, { category: "external", summary: "SUSE Bug 1208270 for CVE-2022-41723", url: "https://bugzilla.suse.com/1208270", }, { category: "external", summary: "SUSE Bug 1215588 for CVE-2022-41723", url: "https://bugzilla.suse.com/1215588", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-20T15:32:26Z", details: "important", }, ], title: "CVE-2022-41723", }, { cve: "CVE-2022-46146", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-46146", }, ], notes: [ { category: "general", text: "Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-46146", url: "https://www.suse.com/security/cve/CVE-2022-46146", }, { category: "external", summary: "SUSE Bug 1208046 for CVE-2022-46146", url: "https://bugzilla.suse.com/1208046", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Enterprise Storage 7:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Real Time 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.s390x", "SUSE Manager Client Tools 15:grafana-8.5.20-150000.1.42.1.x86_64", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.3.19-150000.3.95.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.3.15-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Client Tools 15:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:uyuni-proxy-systemd-services-4.3.8-150000.1.12.1.noarch", "SUSE Manager Proxy 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "SUSE Manager Server 4.2:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", "openSUSE Leap 15.4:dracut-saltboot-0.1.1674034019.a93ff61-150000.1.47.1.noarch", "openSUSE Leap 15.4:spacecmd-4.3.19-150000.3.95.1.noarch", "openSUSE Leap 15.4:supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch", ], }, ], threats: [ { category: "impact", date: "2023-03-20T15:32:26Z", details: "important", }, ], title: "CVE-2022-46146", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.