Oval Definition:	oval:org.opensuse.security:def:202231097
Revision Date: 2023-06-22 Version: 1 Title: CVE-2022-31097 Description: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2022-31097 SUSE CVE-2022-31097 SUSE-CU-2022:2809-1 SUSE-CU-2023:498-1 SUSE-SU-2022:3676-1 SUSE-SU-2022:3747-1 SUSE-SU-2022:3751-1 SUSE-SU-2022:3765-1 SUSE-SU-2022:4428-1 SUSE-SU-2022:4437-1 SUSE-SU-2022:4439-1 SUSE-SU-2023:2575-1 SUSE-SU-2023:2578-1 SUSE-SU-2023:2579-1 Platform(s): SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP5 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Package Hub 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND grafana-9.5.1-150200.3.41.3 is installed
BACK