Oval Definition:	oval:org.opensuse.security:def:202235957
Revision Date: 2023-06-22 Version: 1 Title: CVE-2022-35957 Description: Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/ Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2022-35957 SUSE CVE-2022-35957 SUSE-CU-2023:498-1 SUSE-SU-2022:3676-1 SUSE-SU-2022:4428-1 SUSE-SU-2022:4437-1 SUSE-SU-2022:4439-1 SUSE-SU-2023:2575-1 SUSE-SU-2023:2578-1 SUSE-SU-2023:2579-1 Platform(s): SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP5 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Package Hub 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND grafana-9.5.1-150200.3.41.3 is installed
BACK