OVAL Reference oval:org.opensuse.security:def:96853

Oval Definition:

oval:org.opensuse.security:def:96853

Revision Date:	2021-04-15	Version:	1
Title:	Security update for grafana and system-user-grafana (Moderate)
Description:	This update for grafana and system-user-grafana fixes the following issues: - Updated grafana to upstream version 7.3.1 * CVE-2019-15043: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana * CVE-2020-12245: Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip (bsc#1170557) * CVE-2020-13379: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault (bsc#1172409) * CVE-2019-15043: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana (bsc#1148383) * CVE-2020-12052: Grafana version below 6.7.3 is vulnerable for annotation popup XSS (bsc#1170657) * CVE-2020-24303: Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. (bsc#1178243) * CVE-2018-18623: Grafana 5.3.1 has XSS via the 'Dashboard > Text Panel' screen (bsc#1172450) * CVE-2019-19499: Grafana versions below or equal to 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations (bsc#1175951) * Please refer to this package's changelog to get a full list of all changes (including bug fixes etc.) - Initial shipment of system-user-grafana to SES 6
Family:	unix	Class:	patch
Status:		Reference(s):	1148383 1170557 1170657 1172409 1172450 1175951 1178243 CVE-2018-18623 CVE-2019-15043 CVE-2019-19499 CVE-2020-12052 CVE-2020-12245 CVE-2020-13379 CVE-2020-24303 SUSE-SU-2021:1233-1
Platform(s):	openSUSE Leap 15.3 SLE Imports	Product(s):
Definition Synopsis
openSUSE Leap 15.3 SLE Imports is installed AND system-user-grafana-1.0.0-3.9.1 is installed

BACK