Oval Definition:oval:org.opensuse.security:def:201915635
Revision Date:2022-05-22Version:1
Title:CVE-2019-15635
Description:

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2019-15635
SUSE CVE-2019-15635
Platform(s):SUSE Enterprise Storage 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND grafana is not affected
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND grafana is not affected
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND grafana is not affected
    • Definition Synopsis
  • SUSE Enterprise Storage 6 is installed
  • AND grafana is not affected
    • BACK