Vulnerability from csaf_suse
Published
2023-06-21 11:42
Modified
2023-06-21 11:42
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
grafana:
- Version update from 8.5.22 to 9.5.1 (jsc#PED-3694):
* Security fixes:
- CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645)
- CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests
(bnc#1210907)
- CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596)
- CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597)
- CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501)
- CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539)
- CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535)
- CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185)
- CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
- CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480)
- CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes
('Prototype Pollution') (bsc#1192696)
- CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154)
- CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function
* Important changes:
- Default named retention policies won't be used to query.
Users who have a default named retention policy in their influxdb database, have to rename it to something else.
To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy
from dropdown and save the panel/dashboard.
- Grafana Alerting rules with NoDataState configuration set to Alerting will now respect 'For' duration.
- Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role
manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes
to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it
will default to false.
- The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version
as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all
InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior.
In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4
and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either:
Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json`
or `dashboard.json`
- The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it
caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function
in your tests please update your code accordingly.
- Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this
value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3.
- Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and
`getMappedValue` function from grafana-data. See the documentation for the migration.
This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the
database, or error in querying the database would cause all alert rules to be unscheduled in Grafana.
Following this change scheduled alert rules are not updated unless the query is successful.
- The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds`
- Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0
won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the
database has changed. Although secrets created or modified with previous versions will still be decryptable by
Grafana v9.0.
- If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to
keep envelope encryption disabled once updating to Grafana
- In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being
created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled
to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable).
- As a final attempt to deal with issues related with the aforementioned situations, the
`grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets
encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to
disable envelope encryption and/or roll back to a previous version of Grafana.
Alternatively or complementarily to all the points above, backing up the Grafana database before updating could
be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those
updates/created with after updating to Grafana v9.0).
- In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode
please switch to server access mode on the datasource configuration page.
- Environment variables passed from Grafana to external Azure plugins have been renamed:
`AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`,
`AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`,
`AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`.
There are no known plugins which were relying on these variables. Moving forward plugins should read Azure
settings only via Grafana Azure SDK which properly handles old and new environment variables.
- Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0.
To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+.
- Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally
removed in 9.0. Deprecated queries will no longer be executed.
- grafana/ui: Button now specifies a default type='button'.
The `Button` component provided by @grafana/ui now specifies a default `type='button'` when no type is provided.
In previous versions, if the attribute was not specified for buttons associated with a `<form>` the
default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the
type attribute: `<Button type='submit' />`
- The `Rename by regex` transformation has been improved to allow global patterns of the form
`/<stringToReplace>/g`.
Depending on the regex match used, this may cause some transformations to behave slightly differently. You can
guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would
become `/(.*)/`
- `<Select />` menus will now portal to the document body by default. This is to give more consistent
behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely
remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no
visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}`
this will continue to prevent the menu from portalling.
- Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now
expects the data source UID as a path parameter instead of the data source numeric identifier.
- Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now
expect the data source UID as a path parameter instead of the data source numeric identifier.
- Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect
the data source UID as a path parameter instead of the data
- Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect
the data source UID as a path parameter instead of the data source numeric identifier.
- The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with
`error` and `debug`. The precision of timestamps has been increased.
To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle
`oldlog`.
This option will be removed in a future minor release.
- In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more
efficient format. The query-result is represented by a single dataframe with a 'labels' column, instead of the
separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the
dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or
Transforms were used, adjustments may be necessary. For example, if you used the 'labels to fields'
transformation with the logs data, please switch to the 'extract fields' transformation.
* Deprecations:
- The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use
the `go_sql_stats_*` metrics instead.
- Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when
navigating to Explore using the deprecated format the URLs are automatically converted. If you have
existing links pointing to Explore update them using the format generated by Explore upon navigation.
You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as
an array of strings, for example `&left=['now-1h','now'...]`. The standard explore URLs follow a key/value
pattern, for example `&left={'datasource':'test'...}`. Please be sure to check your dashboards for any
hardcoded links to Explore and update them to the standard URL pattern.
- Chore: Remove deprecated DataSourceAPI methods.
- Data: Remove deprecated types and functions from valueMappings.
- Elasticsearch: Remove browser access mode.
- Elasticsearch: Remove support for versions after their end of the life (<7.10.0).
- Explore: Remove support for legacy, compact format URLs.
- Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels.
- `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will
be removed in a future release. If you need to set a different query editor for Explore, conditionally render
based on `props.app` in your regular query editor.
* Changes:
- User: Fix externalUserId not being populated.
If you used any of these components please use them from grafana/experimental from now on:
- AccessoryButton
- EditorFieldGroup
- EditorHeader
- EditorField
- EditorRow
- EditorList
- EditorRows
- EditorSwitch
- FlexItem
- Stack
- InlineSelect
- InputGroup
- Space
- Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by
setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding
`?__feature.useLegacyHeatmapPanel=true` to any dashboard URL.
- Logger: Enable new logging format by default.
- Loki: Enable new visual query builder by default.
- Plugins: Remove plugin list panel.
- Install wrapper scripts under /usr/sbin
- Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink
for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin)
- Chore: Upgrade typescript to 4.6.4.
Patchnames
SUSE-2023-2575,SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2575,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2575,openSUSE-SLE-15.4-2023-2575,openSUSE-SLE-15.5-2023-2575
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "This update fixes the following issues:\n\ngrafana:\n\n- Version update from 8.5.22 to 9.5.1 (jsc#PED-3694):\n * Security fixes:\n - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645)\n - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests\n (bnc#1210907)\n - CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596)\n - CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597)\n - CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501)\n - CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539)\n - CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535)\n - CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185)\n - CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n - CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480)\n - CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes\n ('Prototype Pollution') (bsc#1192696)\n - CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154)\n - CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function \n * Important changes:\n - Default named retention policies won't be used to query.\n Users who have a default named retention policy in their influxdb database, have to rename it to something else.\n To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy\n from dropdown and save the panel/dashboard.\n - Grafana Alerting rules with NoDataState configuration set to Alerting will now respect 'For' duration.\n - Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role\n manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes\n to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it\n will default to false.\n - The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version\n as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all\n InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. \n In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4\n and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either:\n Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` \n or `dashboard.json`\n - The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it\n caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function\n in your tests please update your code accordingly.\n - Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this\n value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3.\n - Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and\n `getMappedValue` function from grafana-data. See the documentation for the migration.\n This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the\n database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. \n Following this change scheduled alert rules are not updated unless the query is successful.\n - The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds`\n - Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0\n won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the\n database has changed. Although secrets created or modified with previous versions will still be decryptable by\n Grafana v9.0.\n - If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to\n keep envelope encryption disabled once updating to Grafana\n - In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being\n created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled\n to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable).\n - As a final attempt to deal with issues related with the aforementioned situations, the \n `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets\n encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to\n disable envelope encryption and/or roll back to a previous version of Grafana.\n Alternatively or complementarily to all the points above, backing up the Grafana database before updating could\n be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those \n updates/created with after updating to Grafana v9.0).\n - In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode\n please switch to server access mode on the datasource configuration page.\n - Environment variables passed from Grafana to external Azure plugins have been renamed:\n `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`,\n `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`,\n `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`.\n There are no known plugins which were relying on these variables. Moving forward plugins should read Azure\n settings only via Grafana Azure SDK which properly handles old and new environment variables.\n - Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0.\n To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+.\n - Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally\n removed in 9.0. Deprecated queries will no longer be executed.\n - grafana/ui: Button now specifies a default type='button'.\n The `Button` component provided by @grafana/ui now specifies a default `type='button'` when no type is provided.\n In previous versions, if the attribute was not specified for buttons associated with a `<form>` the\n default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the\n type attribute: `<Button type='submit' />`\n - The `Rename by regex` transformation has been improved to allow global patterns of the form \n `/<stringToReplace>/g`.\n Depending on the regex match used, this may cause some transformations to behave slightly differently. You can\n guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would\n become `/(.*)/`\n - `<Select />` menus will now portal to the document body by default. This is to give more consistent\n behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely \n remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no\n visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}`\n this will continue to prevent the menu from portalling.\n - Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now\n expects the data source UID as a path parameter instead of the data source numeric identifier.\n - Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now\n expect the data source UID as a path parameter instead of the data source numeric identifier.\n - Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect\n the data source UID as a path parameter instead of the data\n - Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect\n the data source UID as a path parameter instead of the data source numeric identifier.\n - The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with\n `error` and `debug`. The precision of timestamps has been increased.\n To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle\n `oldlog`.\n This option will be removed in a future minor release.\n - In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more\n efficient format. The query-result is represented by a single dataframe with a 'labels' column, instead of the\n separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the\n dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or\n Transforms were used, adjustments may be necessary. For example, if you used the 'labels to fields' \n transformation with the logs data, please switch to the 'extract fields' transformation.\n * Deprecations:\n - The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use \n the `go_sql_stats_*` metrics instead.\n - Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when\n navigating to Explore using the deprecated format the URLs are automatically converted. If you have\n existing links pointing to Explore update them using the format generated by Explore upon navigation.\n You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as\n an array of strings, for example `&left=['now-1h','now'...]`. The standard explore URLs follow a key/value\n pattern, for example `&left={'datasource':'test'...}`. Please be sure to check your dashboards for any\n hardcoded links to Explore and update them to the standard URL pattern.\n - Chore: Remove deprecated DataSourceAPI methods.\n - Data: Remove deprecated types and functions from valueMappings.\n - Elasticsearch: Remove browser access mode.\n - Elasticsearch: Remove support for versions after their end of the life (<7.10.0).\n - Explore: Remove support for legacy, compact format URLs.\n - Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels.\n - `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will\n be removed in a future release. If you need to set a different query editor for Explore, conditionally render\n based on `props.app` in your regular query editor.\n * Changes:\n - User: Fix externalUserId not being populated.\n If you used any of these components please use them from grafana/experimental from now on:\n - AccessoryButton\n - EditorFieldGroup\n - EditorHeader\n - EditorField\n - EditorRow\n - EditorList\n - EditorRows\n - EditorSwitch\n - FlexItem\n - Stack\n - InlineSelect\n - InputGroup\n - Space\n - Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by\n setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding\n `?__feature.useLegacyHeatmapPanel=true` to any dashboard URL.\n - Logger: Enable new logging format by default.\n - Loki: Enable new visual query builder by default.\n - Plugins: Remove plugin list panel.\n - Install wrapper scripts under /usr/sbin\n - Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink \n for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin)\n - Chore: Upgrade typescript to 4.6.4.\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-2575,SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2575,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2575,openSUSE-SLE-15.4-2023-2575,openSUSE-SLE-15.5-2023-2575", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2575-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:2575-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20232575-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:2575-1", url: "https://lists.suse.com/pipermail/sle-updates/2023-June/029953.html", }, { category: "self", summary: "SUSE Bug 1192154", url: "https://bugzilla.suse.com/1192154", }, { category: "self", summary: "SUSE Bug 1192696", url: "https://bugzilla.suse.com/1192696", }, { category: "self", summary: "SUSE Bug 1200480", url: "https://bugzilla.suse.com/1200480", }, { category: "self", summary: "SUSE Bug 1201535", url: "https://bugzilla.suse.com/1201535", }, { category: "self", summary: "SUSE Bug 1201539", url: "https://bugzilla.suse.com/1201539", }, { category: "self", summary: "SUSE Bug 1203185", url: "https://bugzilla.suse.com/1203185", }, { category: "self", summary: "SUSE Bug 1203596", url: "https://bugzilla.suse.com/1203596", }, { category: "self", summary: "SUSE Bug 1203597", url: "https://bugzilla.suse.com/1203597", }, { category: "self", summary: "SUSE Bug 1204501", url: "https://bugzilla.suse.com/1204501", }, { category: "self", summary: "SUSE Bug 1209645", url: "https://bugzilla.suse.com/1209645", }, { category: "self", summary: "SUSE Bug 1210907", url: "https://bugzilla.suse.com/1210907", }, { category: "self", summary: "SUSE CVE CVE-2020-7753 page", url: "https://www.suse.com/security/cve/CVE-2020-7753/", }, { category: "self", summary: "SUSE CVE CVE-2021-3807 page", url: "https://www.suse.com/security/cve/CVE-2021-3807/", }, { category: "self", summary: "SUSE CVE CVE-2021-3918 page", url: "https://www.suse.com/security/cve/CVE-2021-3918/", }, { category: "self", summary: "SUSE CVE CVE-2021-43138 page", url: "https://www.suse.com/security/cve/CVE-2021-43138/", }, { category: "self", summary: "SUSE CVE CVE-2022-0155 page", url: "https://www.suse.com/security/cve/CVE-2022-0155/", }, { category: "self", summary: "SUSE CVE CVE-2022-27664 page", url: "https://www.suse.com/security/cve/CVE-2022-27664/", }, { category: "self", summary: "SUSE CVE CVE-2022-31097 page", url: "https://www.suse.com/security/cve/CVE-2022-31097/", }, { category: "self", summary: "SUSE CVE CVE-2022-31107 page", url: "https://www.suse.com/security/cve/CVE-2022-31107/", }, { category: "self", summary: "SUSE CVE CVE-2022-32149 page", url: "https://www.suse.com/security/cve/CVE-2022-32149/", }, { category: "self", summary: "SUSE CVE CVE-2022-35957 page", url: "https://www.suse.com/security/cve/CVE-2022-35957/", }, { category: "self", summary: "SUSE CVE CVE-2022-36062 page", url: "https://www.suse.com/security/cve/CVE-2022-36062/", }, { category: "self", summary: "SUSE CVE CVE-2023-1387 page", url: "https://www.suse.com/security/cve/CVE-2023-1387/", }, { category: "self", summary: "SUSE CVE CVE-2023-1410 page", url: "https://www.suse.com/security/cve/CVE-2023-1410/", }, ], title: "Security update for SUSE Manager Client Tools", tracking: { current_release_date: "2023-06-21T11:42:33Z", generator: { date: "2023-06-21T11:42:33Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:2575-1", initial_release_date: "2023-06-21T11:42:33Z", revision_history: [ { date: "2023-06-21T11:42:33Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-9.5.1-150200.3.41.3.aarch64", product: { name: "grafana-9.5.1-150200.3.41.3.aarch64", product_id: "grafana-9.5.1-150200.3.41.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-9.5.1-150200.3.41.3.i586", product: { name: "grafana-9.5.1-150200.3.41.3.i586", product_id: "grafana-9.5.1-150200.3.41.3.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grafana-9.5.1-150200.3.41.3.ppc64le", product: { name: "grafana-9.5.1-150200.3.41.3.ppc64le", product_id: "grafana-9.5.1-150200.3.41.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-9.5.1-150200.3.41.3.s390x", product: { name: "grafana-9.5.1-150200.3.41.3.s390x", product_id: "grafana-9.5.1-150200.3.41.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grafana-9.5.1-150200.3.41.3.x86_64", product: { name: "grafana-9.5.1-150200.3.41.3.x86_64", product_id: "grafana-9.5.1-150200.3.41.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP4", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP4", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP5", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP4", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", }, product_reference: "grafana-9.5.1-150200.3.41.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP4", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", }, product_reference: "grafana-9.5.1-150200.3.41.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP4", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", }, product_reference: "grafana-9.5.1-150200.3.41.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP4", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", }, product_reference: "grafana-9.5.1-150200.3.41.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", }, product_reference: "grafana-9.5.1-150200.3.41.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", }, product_reference: "grafana-9.5.1-150200.3.41.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", }, product_reference: "grafana-9.5.1-150200.3.41.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", }, product_reference: "grafana-9.5.1-150200.3.41.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", }, product_reference: "grafana-9.5.1-150200.3.41.3.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", }, product_reference: "grafana-9.5.1-150200.3.41.3.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", }, product_reference: "grafana-9.5.1-150200.3.41.3.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", }, product_reference: "grafana-9.5.1-150200.3.41.3.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", }, product_reference: "grafana-9.5.1-150200.3.41.3.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", }, product_reference: "grafana-9.5.1-150200.3.41.3.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", }, product_reference: "grafana-9.5.1-150200.3.41.3.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.1-150200.3.41.3.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", }, product_reference: "grafana-9.5.1-150200.3.41.3.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2020-7753", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7753", }, ], notes: [ { category: "general", text: "All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7753", url: "https://www.suse.com/security/cve/CVE-2020-7753", }, { category: "external", summary: "SUSE Bug 1218843 for CVE-2020-7753", url: "https://bugzilla.suse.com/1218843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "important", }, ], title: "CVE-2020-7753", }, { cve: "CVE-2021-3807", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3807", }, ], notes: [ { category: "general", text: "ansi-regex is vulnerable to Inefficient Regular Expression Complexity", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3807", url: "https://www.suse.com/security/cve/CVE-2021-3807", }, { category: "external", summary: "SUSE Bug 1192154 for CVE-2021-3807", url: "https://bugzilla.suse.com/1192154", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "important", }, ], title: "CVE-2021-3807", }, { cve: "CVE-2021-3918", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3918", }, ], notes: [ { category: "general", text: "json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3918", url: "https://www.suse.com/security/cve/CVE-2021-3918", }, { category: "external", summary: "SUSE Bug 1192696 for CVE-2021-3918", url: "https://bugzilla.suse.com/1192696", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "important", }, ], title: "CVE-2021-3918", }, { cve: "CVE-2021-43138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43138", }, ], notes: [ { category: "general", text: "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43138", url: "https://www.suse.com/security/cve/CVE-2021-43138", }, { category: "external", summary: "SUSE Bug 1200480 for CVE-2021-43138", url: "https://bugzilla.suse.com/1200480", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "important", }, ], title: "CVE-2021-43138", }, { cve: "CVE-2022-0155", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0155", }, ], notes: [ { category: "general", text: "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0155", url: "https://www.suse.com/security/cve/CVE-2022-0155", }, { category: "external", summary: "SUSE Bug 1218844 for CVE-2022-0155", url: "https://bugzilla.suse.com/1218844", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "moderate", }, ], title: "CVE-2022-0155", }, { cve: "CVE-2022-27664", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-27664", }, ], notes: [ { category: "general", text: "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-27664", url: "https://www.suse.com/security/cve/CVE-2022-27664", }, { category: "external", summary: "SUSE Bug 1203185 for CVE-2022-27664", url: "https://bugzilla.suse.com/1203185", }, { category: "external", summary: "SUSE Bug 1203293 for CVE-2022-27664", url: "https://bugzilla.suse.com/1203293", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "important", }, ], title: "CVE-2022-27664", }, { cve: "CVE-2022-31097", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31097", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-31097", url: "https://www.suse.com/security/cve/CVE-2022-31097", }, { category: "external", summary: "SUSE Bug 1201535 for CVE-2022-31097", url: "https://bugzilla.suse.com/1201535", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "important", }, ], title: "CVE-2022-31097", }, { cve: "CVE-2022-31107", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31107", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-31107", url: "https://www.suse.com/security/cve/CVE-2022-31107", }, { category: "external", summary: "SUSE Bug 1201539 for CVE-2022-31107", url: "https://bugzilla.suse.com/1201539", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "important", }, ], title: "CVE-2022-31107", }, { cve: "CVE-2022-32149", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-32149", }, ], notes: [ { category: "general", text: "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-32149", url: "https://www.suse.com/security/cve/CVE-2022-32149", }, { category: "external", summary: "SUSE Bug 1204501 for CVE-2022-32149", url: "https://bugzilla.suse.com/1204501", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "important", }, ], title: "CVE-2022-32149", }, { cve: "CVE-2022-35957", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-35957", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-35957", url: "https://www.suse.com/security/cve/CVE-2022-35957", }, { category: "external", summary: "SUSE Bug 1203597 for CVE-2022-35957", url: "https://bugzilla.suse.com/1203597", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "moderate", }, ], title: "CVE-2022-35957", }, { cve: "CVE-2022-36062", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-36062", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-36062", url: "https://www.suse.com/security/cve/CVE-2022-36062", }, { category: "external", summary: "SUSE Bug 1203596 for CVE-2022-36062", url: "https://bugzilla.suse.com/1203596", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "moderate", }, ], title: "CVE-2022-36062", }, { cve: "CVE-2023-1387", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1387", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \n\nBy enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-1387", url: "https://www.suse.com/security/cve/CVE-2023-1387", }, { category: "external", summary: "SUSE Bug 1210907 for CVE-2023-1387", url: "https://bugzilla.suse.com/1210907", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "moderate", }, ], title: "CVE-2023-1387", }, { cve: "CVE-2023-1410", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1410", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. \n\nGrafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. \n\nThe stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized.\n\nAn attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. \n\n Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. \n\n\n\n\n\n\n\n\n\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-1410", url: "https://www.suse.com/security/cve/CVE-2023-1410", }, { category: "external", summary: "SUSE Bug 1209645 for CVE-2023-1410", url: "https://bugzilla.suse.com/1209645", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-9.5.1-150200.3.41.3.x86_64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.4:grafana-9.5.1-150200.3.41.3.x86_64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.aarch64", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.ppc64le", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.s390x", "openSUSE Leap 15.5:grafana-9.5.1-150200.3.41.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-21T11:42:33Z", details: "moderate", }, ], title: "CVE-2023-1410", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.