Oval Definition:	oval:org.opensuse.security:def:202143798
Revision Date: 2022-09-02 Version: 1 Title: CVE-2021-43798 Description: Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2021-43798 SUSE CVE-2021-43798 SUSE-SU-2022:0751-1 SUSE-SU-2022:1396-1 SUSE-CU-2022:878-1 SUSE-SU-2022:2134-1 Platform(s): openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Manager Server 4.2 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND grafana-8.3.4-1.1 is installed Definition Synopsis Release Information SUSE OpenStack Cloud 8 is installed OR SUSE OpenStack Cloud Crowbar 8 is installed AND grafana is not affected Definition Synopsis Release Information SUSE OpenStack Cloud 9 is installed OR SUSE OpenStack Cloud Crowbar 9 is installed AND grafana is not affected Definition Synopsis SUSE Enterprise Storage 6 is installed AND grafana is not affected Definition Synopsis Release Information SUSE Linux Enterprise Module for SUSE Manager Server 4.2 is installed OR SUSE Manager Server 4.2 is installed AND prometheus-postgres_exporter-0.10.0-150000.1.3.1 is installed Definition Synopsis openSUSE Leap 15.4 is installed AND Package Information grafana-8.3.5-150200.3.21.1 is installed AND grafana is signed with openSUSE key Definition Synopsis openSUSE Leap 15.3 is installed AND Package Information grafana-8.3.5-150200.3.21.1 is installed AND grafana is signed with openSUSE key OR prometheus-postgres_exporter-0.10.0-150000.1.3.1 is installed AND prometheus-postgres_exporter is signed with openSUSE key OR python3-rhnlib-4.2.6-150000.3.34.1 is installed AND python3-rhnlib is signed with openSUSE key OR spacecmd-4.2.16-150000.3.77.1 is installed AND spacecmd is signed with openSUSE key Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND golang-github-prometheus-node_exporter-1.3.0-1.15.3 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed AND golang-github-prometheus-node_exporter-1.3.0-1.15.3 is installed OR Package Information SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND golang-github-prometheus-node_exporter-1.3.0-1.15.3 is installed OR Package Information SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND golang-github-prometheus-node_exporter-1.3.0-1.15.3 is installed
BACK