Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-15727 (GCVE-0-2018-15727)
Vulnerability from cvelistv5 – Published: 2018-08-29 15:00 – Updated: 2024-08-05 10:01
VLAI?
EPSS
Summary
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105184 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2019:0019 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3829 | vendor-advisoryx_refsource_REDHAT |
| https://grafana.com/blog/2018/08/29/grafana-5.2.3… | x_refsource_CONFIRM |
Date Public ?
2018-08-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105184"
},
{
"name": "RHSA-2019:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"name": "RHSA-2018:3829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-04T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105184"
},
{
"name": "RHSA-2019:0019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"name": "RHSA-2018:3829",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105184"
},
{
"name": "RHSA-2019:0019",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"name": "RHSA-2018:3829",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"name": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/",
"refsource": "CONFIRM",
"url": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15727",
"datePublished": "2018-08-29T15:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:01:54.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-15727",
"date": "2026-05-20",
"epss": "0.79555",
"percentile": "0.99103"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndIncluding\": \"2.1.2\", \"matchCriteriaId\": \"9C71899D-7F83-4225-9909-A92946D40993\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.1.1\", \"matchCriteriaId\": \"77EFAAB9-3793-4EB2-93CD-A176BE99114F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndExcluding\": \"4.6.4\", \"matchCriteriaId\": \"0B6D532B-B26E-40A0-BB6B-F4212C81C486\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndExcluding\": \"5.2.3\", \"matchCriteriaId\": \"94C5564A-BC37-4906-AF7B-4DB4E335C6DB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"516F4E8E-ED2F-4282-9DAB-D8B378F61258\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \\\"remember me\\\" cookie knowing only a username of an LDAP or OAuth user.\"}, {\"lang\": \"es\", \"value\": \"Grafana en versiones 2.x, 3.x y 4.x anteriores a la 4.6.4 y versiones 5.x anteriores a la 5.2.3 permite la omisi\\u00f3n de autenticaci\\u00f3n debido a que un atacante puede generar una cookie \\\"remember me\\\" v\\u00e1lida conociendo solo el nombre de usuario de un usuario LDAP u OAuth.\"}]",
"id": "CVE-2018-15727",
"lastModified": "2024-11-21T03:51:20.950",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-08-29T15:29:00.240",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/105184\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3829\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0019\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3829\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0019\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-15727\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-08-29T15:29:00.240\",\"lastModified\":\"2024-11-21T03:51:20.950\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \\\"remember me\\\" cookie knowing only a username of an LDAP or OAuth user.\"},{\"lang\":\"es\",\"value\":\"Grafana en versiones 2.x, 3.x y 4.x anteriores a la 4.6.4 y versiones 5.x anteriores a la 5.2.3 permite la omisi\u00f3n de autenticaci\u00f3n debido a que un atacante puede generar una cookie \\\"remember me\\\" v\u00e1lida conociendo solo el nombre de usuario de un usuario LDAP u OAuth.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.1.2\",\"matchCriteriaId\":\"9C71899D-7F83-4225-9909-A92946D40993\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.1.1\",\"matchCriteriaId\":\"77EFAAB9-3793-4EB2-93CD-A176BE99114F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.6.4\",\"matchCriteriaId\":\"0B6D532B-B26E-40A0-BB6B-F4212C81C486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.2.3\",\"matchCriteriaId\":\"94C5564A-BC37-4906-AF7B-4DB4E335C6DB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"516F4E8E-ED2F-4282-9DAB-D8B378F61258\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105184\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3829\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0019\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3829\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
BDU:2020-01361
Vulnerability from fstec - Published: 28.08.2019
VLAI Severity ?
Title
Уязвимость веб-инструмента представления данных Grafana, связанная с ошибками аутентификации, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защиищаемой информации
Description
Уязвимость веб-инструмента представления данных Grafana связана с ошибками аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на конфиденциальность, целостность и доступность защиищаемой информации
Severity ?
Vendor
Novell Inc., Grafana Labs
Software Name
SUSE Enterprise Storage, SUSE OpenStack Cloud, SUSE OpenStack Cloud Crowbar, HPE Helion Openstack, Grafana
Software Version
4 (SUSE Enterprise Storage), 7 (SUSE OpenStack Cloud), 8 (SUSE OpenStack Cloud), 8 (SUSE OpenStack Cloud Crowbar), 8 (HPE Helion Openstack), от 2.0.0 до 2.1.2 включительно (Grafana), от 3.0.0 до 3.1.1 включительно (Grafana), от 4.0.0 до 4.6.4 включительно (Grafana), от 5.0.0 до 5.2.3 включительно (Grafana)
Possible Mitigations
Использование рекомендаций:
Для Grafana:
https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2018-15727/
Reference
https://www.suse.com/security/cve/CVE-2018-15727/
https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/
CWE
CWE-287
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Grafana Labs",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "4 (SUSE Enterprise Storage), 7 (SUSE OpenStack Cloud), 8 (SUSE OpenStack Cloud), 8 (SUSE OpenStack Cloud Crowbar), 8 (HPE Helion Openstack), \u043e\u0442 2.0.0 \u0434\u043e 2.1.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Grafana), \u043e\u0442 3.0.0 \u0434\u043e 3.1.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Grafana), \u043e\u0442 4.0.0 \u0434\u043e 4.6.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Grafana), \u043e\u0442 5.0.0 \u0434\u043e 5.2.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Grafana)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Grafana:\nhttps://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2018-15727/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.08.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.04.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.04.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01361",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-15727",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SUSE Enterprise Storage, SUSE OpenStack Cloud, SUSE OpenStack Cloud Crowbar, HPE Helion Openstack, Grafana",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445\u00a0Grafana, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f (CWE-287)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445\u00a0Grafana \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/security/cve/CVE-2018-15727/\nhttps://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-287",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
CNVD-2018-17485
Vulnerability from cnvd - Published: 2018-09-05
VLAI Severity ?
Title
Grafana认证绕过漏洞
Description
Grafana是一个开源的、功能丰富的指标仪表板和支持Graphite、Elasticsearch、OpenTSDB、Prometheus及InfluxDB的图形编辑器。
Grafana存在认证绕过漏洞。该漏洞源于攻击者可仅利用LDAP或Oauth用户名即可生成有效的‘remember me’ cookie。攻击者可利用该漏洞绕过身份验证。
Severity
中
Patch Name
Grafana认证绕过漏洞的补丁
Patch Description
Grafana是一个开源的、功能丰富的指标仪表板和支持Graphite、Elasticsearch、OpenTSDB、Prometheus及InfluxDB的图形编辑器。
Grafana存在认证绕过漏洞。该漏洞源于攻击者可仅利用LDAP或Oauth用户名即可生成有效的‘remember me’ cookie。攻击者可利用该漏洞绕过身份验证。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-15727
Impacted products
| Name | ['Grafana Grafana 2.*', 'Grafana Grafana 3.*', 'Grafana Grafana 4.*,<4.6.4', 'Grafana Grafana 5.*,<5.2.3'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-15727"
}
},
"description": "Grafana\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u3001\u529f\u80fd\u4e30\u5bcc\u7684\u6307\u6807\u4eea\u8868\u677f\u548c\u652f\u6301Graphite\u3001Elasticsearch\u3001OpenTSDB\u3001Prometheus\u53caInfluxDB\u7684\u56fe\u5f62\u7f16\u8f91\u5668\u3002\r\n\r\nGrafana\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u653b\u51fb\u8005\u53ef\u4ec5\u5229\u7528LDAP\u6216Oauth\u7528\u6237\u540d\u5373\u53ef\u751f\u6210\u6709\u6548\u7684\u2018remember me\u2019 cookie\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u3002",
"discovererName": "unknown",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-17485",
"openTime": "2018-09-05",
"patchDescription": "Grafana\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u3001\u529f\u80fd\u4e30\u5bcc\u7684\u6307\u6807\u4eea\u8868\u677f\u548c\u652f\u6301Graphite\u3001Elasticsearch\u3001OpenTSDB\u3001Prometheus\u53caInfluxDB\u7684\u56fe\u5f62\u7f16\u8f91\u5668\u3002\r\n\r\nGrafana\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u653b\u51fb\u8005\u53ef\u4ec5\u5229\u7528LDAP\u6216Oauth\u7528\u6237\u540d\u5373\u53ef\u751f\u6210\u6709\u6548\u7684\u2018remember me\u2019 cookie\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Grafana\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Grafana Grafana 2.*",
"Grafana Grafana 3.*",
"Grafana Grafana 4.*\uff0c\u003c4.6.4",
"Grafana Grafana 5.*\uff0c\u003c5.2.3"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-15727",
"serverity": "\u4e2d",
"submitTime": "2018-08-30",
"title": "Grafana\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}
FKIE_CVE-2018-15727
Vulnerability from fkie_nvd - Published: 2018-08-29 15:29 - Updated: 2024-11-21 03:51
Severity ?
Summary
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/105184 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3829 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0019 | Third Party Advisory | |
| cve@mitre.org | https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105184 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3829 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0019 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C71899D-7F83-4225-9909-A92946D40993",
"versionEndIncluding": "2.1.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77EFAAB9-3793-4EB2-93CD-A176BE99114F",
"versionEndIncluding": "3.1.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B6D532B-B26E-40A0-BB6B-F4212C81C486",
"versionEndExcluding": "4.6.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94C5564A-BC37-4906-AF7B-4DB4E335C6DB",
"versionEndExcluding": "5.2.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516F4E8E-ED2F-4282-9DAB-D8B378F61258",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user."
},
{
"lang": "es",
"value": "Grafana en versiones 2.x, 3.x y 4.x anteriores a la 4.6.4 y versiones 5.x anteriores a la 5.2.3 permite la omisi\u00f3n de autenticaci\u00f3n debido a que un atacante puede generar una cookie \"remember me\" v\u00e1lida conociendo solo el nombre de usuario de un usuario LDAP u OAuth."
}
],
"id": "CVE-2018-15727",
"lastModified": "2024-11-21T03:51:20.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-29T15:29:00.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105184"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-RGJG-66CX-5X9M
Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2023-10-02 12:01
VLAI?
Summary
Grafana Authentication Bypass
Details
Grafana before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
Specific Go Packages Affected
github.com/grafana/grafana/pkg/api
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/grafana/grafana"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-15727"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-20T21:09:16Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Grafana before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.\n\n### Specific Go Packages Affected\ngithub.com/grafana/grafana/pkg/api",
"id": "GHSA-rgjg-66cx-5x9m",
"modified": "2023-10-02T12:01:50Z",
"published": "2022-02-15T01:57:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15727"
},
{
"type": "WEB",
"url": "https://github.com/grafana/grafana/commit/7baecf0d0deae0d865e45cf03e082bc0db3f28c3"
},
{
"type": "WEB",
"url": "https://github.com/grafana/grafana/commit/df83bf10a225811927644bdf6265fa80bdea9137"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"type": "WEB",
"url": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix"
},
{
"type": "WEB",
"url": "https://www.securityfocus.com/bid/105184"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Grafana Authentication Bypass"
}
GSD-2018-15727
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-15727",
"description": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.",
"id": "GSD-2018-15727",
"references": [
"https://www.suse.com/security/cve/CVE-2018-15727.html",
"https://access.redhat.com/errata/RHSA-2019:0019",
"https://access.redhat.com/errata/RHSA-2018:3829"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-15727"
],
"details": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.",
"id": "GSD-2018-15727",
"modified": "2023-12-13T01:22:23.459008Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105184"
},
{
"name": "RHSA-2019:0019",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"name": "RHSA-2018:3829",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"name": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/",
"refsource": "CONFIRM",
"url": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c4.6.4||\u003e=5.0.0 \u003c5.2.3",
"affected_versions": "All versions before 4.6.4, all versions starting from 5.0.0 before 5.2.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-287",
"CWE-937"
],
"date": "2022-04-12",
"description": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.",
"fixed_versions": [
"4.6.4",
"5.2.3"
],
"identifier": "CVE-2018-15727",
"identifiers": [
"GHSA-rgjg-66cx-5x9m",
"CVE-2018-15727"
],
"not_impacted": "All versions starting from 4.6.4 before 5.0.0, all versions starting from 5.2.3",
"package_slug": "go/github.com/grafana/grafana/pkg/api",
"pubdate": "2022-02-15",
"solution": "Upgrade to versions 4.6.4, 5.2.3 or above.",
"title": "Improper Authentication",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-15727",
"https://github.com/grafana/grafana/commit/7baecf0d0deae0d865e45cf03e082bc0db3f28c3",
"https://github.com/grafana/grafana/commit/df83bf10a225811927644bdf6265fa80bdea9137",
"https://access.redhat.com/errata/RHSA-2018:3829",
"https://access.redhat.com/errata/RHSA-2019:0019",
"https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/",
"https://www.securityfocus.com/bid/105184",
"https://github.com/advisories/GHSA-rgjg-66cx-5x9m"
],
"uuid": "224edfa0-353d-4ca6-b41c-5d168eee4bb4"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15727"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/"
},
{
"name": "105184",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105184"
},
{
"name": "RHSA-2018:3829",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"name": "RHSA-2019:0019",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-03-05T17:26Z",
"publishedDate": "2018-08-29T15:29Z"
}
}
}
RHSA-2018:3829
Vulnerability from csaf_redhat - Published: 2018-12-17 18:41 - Updated: 2025-11-21 18:07Summary
Red Hat Security Advisory: RHGS WA security and bug fix update
Severity
Moderate
Notes
Topic: Updated packages are now available for Red Hat Gluster Storage 3.4 Web Administration on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.
Security Fix(es):
* grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
All users of Red Hat Gluster Storage Web Administration are advised to upgrade to these updated packages, which provide numerous bug fixes.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
5.5 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages are now available for Red Hat Gluster Storage 3.4 Web Administration on Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.\n\nSecurity Fix(es):\n\n* grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll users of Red Hat Gluster Storage Web Administration are advised to upgrade to these updated packages, which provide numerous bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3829",
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1599291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599291"
},
{
"category": "external",
"summary": "1610668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610668"
},
{
"category": "external",
"summary": "1611991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1611991"
},
{
"category": "external",
"summary": "1624088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624088"
},
{
"category": "external",
"summary": "1627651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627651"
},
{
"category": "external",
"summary": "1627988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627988"
},
{
"category": "external",
"summary": "1629520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629520"
},
{
"category": "external",
"summary": "1630344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630344"
},
{
"category": "external",
"summary": "1641413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641413"
},
{
"category": "external",
"summary": "1642574",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642574"
},
{
"category": "external",
"summary": "1650557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1650557"
},
{
"category": "external",
"summary": "1656057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656057"
},
{
"category": "external",
"summary": "1656064",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656064"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3829.json"
}
],
"title": "Red Hat Security Advisory: RHGS WA security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T18:07:12+00:00",
"generator": {
"date": "2025-11-21T18:07:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:3829",
"initial_release_date": "2018-12-17T18:41:38+00:00",
"revision_history": [
{
"date": "2018-12-17T18:41:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-12-17T18:41:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:07:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:na:el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:wa:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"product": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"product_id": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-node-agent@1.6.3-11.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"product": {
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"product_id": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-gluster-integration@1.6.3-13.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "grafana-0:4.6.4-1.el7rhgs.src",
"product": {
"name": "grafana-0:4.6.4-1.el7rhgs.src",
"product_id": "grafana-0:4.6.4-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@4.6.4-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-0:1.6.3-8.el7rhgs.src",
"product": {
"name": "tendrl-api-0:1.6.3-8.el7rhgs.src",
"product_id": "tendrl-api-0:1.6.3-8.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api@1.6.3-8.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"product": {
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"product_id": "tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ansible@1.6.3-10.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.src",
"product": {
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.src",
"product_id": "tendrl-ui-0:1.6.3-14.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ui@1.6.3-14.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"product": {
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"product_id": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-monitoring-integration@1.6.3-16.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-node-agent@1.6.3-11.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"product": {
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"product_id": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-gluster-integration@1.6.3-13.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"product": {
"name": "tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"product_id": "tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api@1.6.3-8.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"product": {
"name": "tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"product_id": "tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api-httpd@1.6.3-8.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"product": {
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"product_id": "tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ansible@1.6.3-10.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"product": {
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"product_id": "tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ui@1.6.3-14.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"product": {
"name": "tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"product_id": "tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-grafana-plugins@1.6.3-16.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"product": {
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"product_id": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-monitoring-integration@1.6.3-16.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:4.6.4-1.el7rhgs.x86_64",
"product": {
"name": "grafana-0:4.6.4-1.el7rhgs.x86_64",
"product_id": "grafana-0:4.6.4-1.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@4.6.4-1.el7rhgs?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch"
},
"product_reference": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src"
},
"product_reference": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src"
},
"product_reference": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:4.6.4-1.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src"
},
"product_reference": "grafana-0:4.6.4-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:4.6.4-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64"
},
"product_reference": "grafana-0:4.6.4-1.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-0:1.6.3-8.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch"
},
"product_reference": "tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-0:1.6.3-8.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src"
},
"product_reference": "tendrl-api-0:1.6.3-8.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch"
},
"product_reference": "tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch"
},
"product_reference": "tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch"
},
"product_reference": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src"
},
"product_reference": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src"
},
"product_reference": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch"
},
"product_reference": "tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src"
},
"product_reference": "tendrl-ui-0:1.6.3-14.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-15727",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1624088"
}
],
"notes": [
{
"category": "description",
"text": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: authentication bypass knowing only a username of an LDAP or OAuth user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-15727"
},
{
"category": "external",
"summary": "RHBZ#1624088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624088"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-15727",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15727"
}
],
"release_date": "2018-08-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-17T18:41:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"category": "workaround",
"details": "As per upstream (https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix)\n\n* Switch to authentication mechanism other than LDAP or OAuth\n* Grafana should be isolated from public networks",
"product_ids": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: authentication bypass knowing only a username of an LDAP or OAuth user"
}
]
}
RHSA-2018_3829
Vulnerability from csaf_redhat - Published: 2018-12-17 18:41 - Updated: 2024-11-15 00:37Summary
Red Hat Security Advisory: RHGS WA security and bug fix update
Severity
Moderate
Notes
Topic: Updated packages are now available for Red Hat Gluster Storage 3.4 Web Administration on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.
Security Fix(es):
* grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
All users of Red Hat Gluster Storage Web Administration are advised to upgrade to these updated packages, which provide numerous bug fixes.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
5.5 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages are now available for Red Hat Gluster Storage 3.4 Web Administration on Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.\n\nSecurity Fix(es):\n\n* grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll users of Red Hat Gluster Storage Web Administration are advised to upgrade to these updated packages, which provide numerous bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3829",
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1599291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599291"
},
{
"category": "external",
"summary": "1610668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610668"
},
{
"category": "external",
"summary": "1611991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1611991"
},
{
"category": "external",
"summary": "1624088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624088"
},
{
"category": "external",
"summary": "1627651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627651"
},
{
"category": "external",
"summary": "1627988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627988"
},
{
"category": "external",
"summary": "1629520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629520"
},
{
"category": "external",
"summary": "1630344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630344"
},
{
"category": "external",
"summary": "1641413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641413"
},
{
"category": "external",
"summary": "1642574",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642574"
},
{
"category": "external",
"summary": "1650557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1650557"
},
{
"category": "external",
"summary": "1656057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656057"
},
{
"category": "external",
"summary": "1656064",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656064"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3829.json"
}
],
"title": "Red Hat Security Advisory: RHGS WA security and bug fix update",
"tracking": {
"current_release_date": "2024-11-15T00:37:57+00:00",
"generator": {
"date": "2024-11-15T00:37:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:3829",
"initial_release_date": "2018-12-17T18:41:38+00:00",
"revision_history": [
{
"date": "2018-12-17T18:41:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-12-17T18:41:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T00:37:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:na:el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:wa:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"product": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"product_id": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-node-agent@1.6.3-11.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"product": {
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"product_id": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-gluster-integration@1.6.3-13.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "grafana-0:4.6.4-1.el7rhgs.src",
"product": {
"name": "grafana-0:4.6.4-1.el7rhgs.src",
"product_id": "grafana-0:4.6.4-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@4.6.4-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-0:1.6.3-8.el7rhgs.src",
"product": {
"name": "tendrl-api-0:1.6.3-8.el7rhgs.src",
"product_id": "tendrl-api-0:1.6.3-8.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api@1.6.3-8.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"product": {
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"product_id": "tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ansible@1.6.3-10.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.src",
"product": {
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.src",
"product_id": "tendrl-ui-0:1.6.3-14.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ui@1.6.3-14.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"product": {
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"product_id": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-monitoring-integration@1.6.3-16.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-node-agent@1.6.3-11.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"product": {
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"product_id": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-gluster-integration@1.6.3-13.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"product": {
"name": "tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"product_id": "tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api@1.6.3-8.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"product": {
"name": "tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"product_id": "tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api-httpd@1.6.3-8.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"product": {
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"product_id": "tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ansible@1.6.3-10.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"product": {
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"product_id": "tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ui@1.6.3-14.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"product": {
"name": "tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"product_id": "tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-grafana-plugins@1.6.3-16.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"product": {
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"product_id": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-monitoring-integration@1.6.3-16.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:4.6.4-1.el7rhgs.x86_64",
"product": {
"name": "grafana-0:4.6.4-1.el7rhgs.x86_64",
"product_id": "grafana-0:4.6.4-1.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@4.6.4-1.el7rhgs?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch"
},
"product_reference": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src"
},
"product_reference": "tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src"
},
"product_reference": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:4.6.4-1.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src"
},
"product_reference": "grafana-0:4.6.4-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:4.6.4-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64"
},
"product_reference": "grafana-0:4.6.4-1.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ansible-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-0:1.6.3-8.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch"
},
"product_reference": "tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-0:1.6.3-8.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src"
},
"product_reference": "tendrl-api-0:1.6.3-8.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch"
},
"product_reference": "tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch"
},
"product_reference": "tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch"
},
"product_reference": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src"
},
"product_reference": "tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src"
},
"product_reference": "tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch"
},
"product_reference": "tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ui-0:1.6.3-14.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src"
},
"product_reference": "tendrl-ui-0:1.6.3-14.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-15727",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1624088"
}
],
"notes": [
{
"category": "description",
"text": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: authentication bypass knowing only a username of an LDAP or OAuth user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-15727"
},
{
"category": "external",
"summary": "RHBZ#1624088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624088"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-15727",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15727"
}
],
"release_date": "2018-08-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-12-17T18:41:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"category": "workaround",
"details": "As per upstream (https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix)\n\n* Switch to authentication mechanism other than LDAP or OAuth\n* Grafana should be isolated from public networks",
"product_ids": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-13.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:grafana-0:4.6.4-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-8.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-8.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-16.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-14.el7rhgs.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: authentication bypass knowing only a username of an LDAP or OAuth user"
}
]
}
RHSA-2019:0019
Vulnerability from csaf_redhat - Published: 2019-01-03 17:45 - Updated: 2025-11-21 18:07Summary
Red Hat Security Advisory: grafana security and bug fix update
Severity
Moderate
Notes
Topic: The updated grafana package is now available for Red Hat Ceph Storage 3.2.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The grafana package provides the Grafana metrics dashboard and graph editor.
Security Fix(es):
* grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* The grafana package has been upgraded to upstream version 5.2.4., which includes a number of bug fixes (BZ#1647494)
* Shrinking the cluster size no longer causes the Red Hat Ceph Storage Dashboard to display the error message Templating init failed (BZ#1653273)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
5.5 (Medium)
Affected products
Threats
Impact
Moderate
A flaw was found in grafana. An incomplete fix for CVE-2018-12099 allows for a XSS in the "Dashboard > Text Panel" screen.
6.1 (Medium)
Affected products
Threats
Impact
Moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The updated grafana package is now available for Red Hat Ceph Storage 3.2.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grafana package provides the Grafana metrics dashboard and graph editor.\n\nSecurity Fix(es):\n\n* grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The grafana package has been upgraded to upstream version 5.2.4., which includes a number of bug fixes (BZ#1647494)\n\n* Shrinking the cluster size no longer causes the Red Hat Ceph Storage Dashboard to display the error message Templating init failed (BZ#1653273)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0019",
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1624088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624088"
},
{
"category": "external",
"summary": "1633825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633825"
},
{
"category": "external",
"summary": "1647494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647494"
},
{
"category": "external",
"summary": "1647496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647496"
},
{
"category": "external",
"summary": "1652427",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652427"
},
{
"category": "external",
"summary": "1653273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653273"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0019.json"
}
],
"title": "Red Hat Security Advisory: grafana security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T18:07:16+00:00",
"generator": {
"date": "2025-11-21T18:07:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:0019",
"initial_release_date": "2019-01-03T17:45:23+00:00",
"revision_history": [
{
"date": "2019-01-03T17:45:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-01-03T17:45:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:07:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 3.2 Tools",
"product": {
"name": "Red Hat Ceph Storage 3.2 Tools",
"product_id": "7Server-RHEL-7-RHCEPH-3.2-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:5.2.4-1.el7cp.x86_64",
"product": {
"name": "grafana-0:5.2.4-1.el7cp.x86_64",
"product_id": "grafana-0:5.2.4-1.el7cp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@5.2.4-1.el7cp?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:5.2.4-1.el7cp.src",
"product": {
"name": "grafana-0:5.2.4-1.el7cp.src",
"product_id": "grafana-0:5.2.4-1.el7cp.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@5.2.4-1.el7cp?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:5.2.4-1.el7cp.src as a component of Red Hat Ceph Storage 3.2 Tools",
"product_id": "7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src"
},
"product_reference": "grafana-0:5.2.4-1.el7cp.src",
"relates_to_product_reference": "7Server-RHEL-7-RHCEPH-3.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:5.2.4-1.el7cp.x86_64 as a component of Red Hat Ceph Storage 3.2 Tools",
"product_id": "7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
},
"product_reference": "grafana-0:5.2.4-1.el7cp.x86_64",
"relates_to_product_reference": "7Server-RHEL-7-RHCEPH-3.2-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-15727",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1624088"
}
],
"notes": [
{
"category": "description",
"text": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: authentication bypass knowing only a username of an LDAP or OAuth user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-15727"
},
{
"category": "external",
"summary": "RHBZ#1624088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624088"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-15727",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15727"
}
],
"release_date": "2018-08-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-03T17:45:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"category": "workaround",
"details": "As per upstream (https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix)\n\n* Switch to authentication mechanism other than LDAP or OAuth\n* Grafana should be isolated from public networks",
"product_ids": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: authentication bypass knowing only a username of an LDAP or OAuth user"
},
{
"cve": "CVE-2018-18623",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850568"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in grafana. An incomplete fix for CVE-2018-12099 allows for a XSS in the \"Dashboard \u003e Text Panel\" screen.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: XSS vulnerability via the \"Dashboard \u003e Text Panel\" screen",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift 3.11 grafana-container packages a vulnerable version of grafana, the dashboard is set to read-only meaning that the vulnerable component cannot be added or modified to contain the potential XSS. As the OpenShift version still packages vulnerable code, the impact is set Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18623"
},
{
"category": "external",
"summary": "RHBZ#1850568",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850568"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18623",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18623"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18623",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18623"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20200608-0008/",
"url": "https://security.netapp.com/advisory/ntap-20200608-0008/"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-03T17:45:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: XSS vulnerability via the \"Dashboard \u003e Text Panel\" screen"
}
]
}
RHSA-2019_0019
Vulnerability from csaf_redhat - Published: 2019-01-03 17:45 - Updated: 2024-11-15 00:38Summary
Red Hat Security Advisory: grafana security and bug fix update
Severity
Moderate
Notes
Topic: The updated grafana package is now available for Red Hat Ceph Storage 3.2.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The grafana package provides the Grafana metrics dashboard and graph editor.
Security Fix(es):
* grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* The grafana package has been upgraded to upstream version 5.2.4., which includes a number of bug fixes (BZ#1647494)
* Shrinking the cluster size no longer causes the Red Hat Ceph Storage Dashboard to display the error message Templating init failed (BZ#1653273)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
5.5 (Medium)
Affected products
Threats
Impact
Moderate
A flaw was found in grafana. An incomplete fix for CVE-2018-12099 allows for a XSS in the "Dashboard > Text Panel" screen.
6.1 (Medium)
Affected products
Threats
Impact
Moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The updated grafana package is now available for Red Hat Ceph Storage 3.2.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grafana package provides the Grafana metrics dashboard and graph editor.\n\nSecurity Fix(es):\n\n* grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The grafana package has been upgraded to upstream version 5.2.4., which includes a number of bug fixes (BZ#1647494)\n\n* Shrinking the cluster size no longer causes the Red Hat Ceph Storage Dashboard to display the error message Templating init failed (BZ#1653273)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0019",
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1624088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624088"
},
{
"category": "external",
"summary": "1633825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633825"
},
{
"category": "external",
"summary": "1647494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647494"
},
{
"category": "external",
"summary": "1647496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647496"
},
{
"category": "external",
"summary": "1652427",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652427"
},
{
"category": "external",
"summary": "1653273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653273"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0019.json"
}
],
"title": "Red Hat Security Advisory: grafana security and bug fix update",
"tracking": {
"current_release_date": "2024-11-15T00:38:31+00:00",
"generator": {
"date": "2024-11-15T00:38:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:0019",
"initial_release_date": "2019-01-03T17:45:23+00:00",
"revision_history": [
{
"date": "2019-01-03T17:45:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-01-03T17:45:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T00:38:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 3.2 Tools",
"product": {
"name": "Red Hat Ceph Storage 3.2 Tools",
"product_id": "7Server-RHEL-7-RHCEPH-3.2-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:5.2.4-1.el7cp.x86_64",
"product": {
"name": "grafana-0:5.2.4-1.el7cp.x86_64",
"product_id": "grafana-0:5.2.4-1.el7cp.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@5.2.4-1.el7cp?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:5.2.4-1.el7cp.src",
"product": {
"name": "grafana-0:5.2.4-1.el7cp.src",
"product_id": "grafana-0:5.2.4-1.el7cp.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@5.2.4-1.el7cp?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:5.2.4-1.el7cp.src as a component of Red Hat Ceph Storage 3.2 Tools",
"product_id": "7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src"
},
"product_reference": "grafana-0:5.2.4-1.el7cp.src",
"relates_to_product_reference": "7Server-RHEL-7-RHCEPH-3.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:5.2.4-1.el7cp.x86_64 as a component of Red Hat Ceph Storage 3.2 Tools",
"product_id": "7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
},
"product_reference": "grafana-0:5.2.4-1.el7cp.x86_64",
"relates_to_product_reference": "7Server-RHEL-7-RHCEPH-3.2-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-15727",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2018-08-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1624088"
}
],
"notes": [
{
"category": "description",
"text": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: authentication bypass knowing only a username of an LDAP or OAuth user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-15727"
},
{
"category": "external",
"summary": "RHBZ#1624088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624088"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-15727",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15727"
}
],
"release_date": "2018-08-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-03T17:45:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"category": "workaround",
"details": "As per upstream (https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix)\n\n* Switch to authentication mechanism other than LDAP or OAuth\n* Grafana should be isolated from public networks",
"product_ids": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: authentication bypass knowing only a username of an LDAP or OAuth user"
},
{
"cve": "CVE-2018-18623",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850568"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in grafana. An incomplete fix for CVE-2018-12099 allows for a XSS in the \"Dashboard \u003e Text Panel\" screen.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: XSS vulnerability via the \"Dashboard \u003e Text Panel\" screen",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift 3.11 grafana-container packages a vulnerable version of grafana, the dashboard is set to read-only meaning that the vulnerable component cannot be added or modified to contain the potential XSS. As the OpenShift version still packages vulnerable code, the impact is set Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-18623"
},
{
"category": "external",
"summary": "RHBZ#1850568",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850568"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-18623",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18623"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18623",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18623"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20200608-0008/",
"url": "https://security.netapp.com/advisory/ntap-20200608-0008/"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-01-03T17:45:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.src",
"7Server-RHEL-7-RHCEPH-3.2-Tools:grafana-0:5.2.4-1.el7cp.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: XSS vulnerability via the \"Dashboard \u003e Text Panel\" screen"
}
]
}
SUSE-SU-2019:2671-1
Vulnerability from csaf_suse - Published: 2019-10-15 12:46 - Updated: 2019-10-15 12:46Summary
Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer
Severity
Moderate
Notes
Title of the patch: Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer
Description of the patch: This update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer fixes the following issues:
In python-pysaml2 the following security issue was fixed:
- CVE-2016-10127: Fixed an XML external entity attack. (bsc#1019074)
crowbar-core was updated to version 4.0+git.1570463621.40b11cd48:
* network: Don't set datapath-ids on ovs-bridges anymore (bsc#1152916)
* barclamp_lib: Sync timeout with other barclamps (SOC-10513, SOC-10011)
* gems: Update easy_diff to 1.0.0 (SOC-10505)
* crowbar: Do not read /etc/crowbar.install.key in non-SUSE init script
* transition.sh: Do not read /etc/crowbar.install.key
* gather_logs: Make it a bit useful again
* gather_logs: Do not read /etc/crowbar.install.key
* network: Allow locking down the network config for nodes (bsc#1120657)
* network: Check existing upper layers before bond setup (bsc#1120657)
* network: never plug two interface into the same ovs bridge (bsc#1120657)
* network: Avoid plugging the same interface to two ovs bridges (bsc#1120657)
* nic library: some helper for identifying base interface (bsc#1120657)
* network: Rework the vlan port replugging code (bsc#1120657)
* network: DRY out 'kill_nic_files' (noref)
* Add CVE-2019-5477 the to travis ignore list (SOC-9635)
crowbar-openstack was updated to version 4.0+git.1569429513.e7016b2b6:
* tempest: don't rely on service catalogue (SOC-10633)
* nova: set default attribute for max_threads_per_process
* database: Hardcode ruby version for package installation (SOC-10010)
* neutron: restore dhcp_domain in stable/4.0 (bsc#1145867)
* nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719)
grafana was updated to:
- CVE-2019-15043: Adds authentication to a few rest endpoints that could be used to access grafana snapshot apis to cause denial of service (SOC-10357 bsc#1148383)
Also see https://github.com/grafana/grafana/compare/v5.4.4...v5.4.5
grafana was updated to version 4.6.5:
- CVE-2018-19039: Users with Editor or Admin permissions could exfiltrate files (jsc#SOC-9976 bsc#1115960)
grafana was updated version to 4.6.4:
- CVE-2018-15727 / CVE-2018-558213: Fixed an authentication bypass because an attacker can generate a valid 'remember me'cookie knowing only a username of an LDAP or OAuth user (jsc#SOC-9980 bsc#1106515)
Other fixes:
* sql: added code migration type
* release 4.6.3
* fix default alias
* fixes broken alert eval when first condition is using OR
* fix: alert list panel now works correctly after adding manual annotation on dashboard, fixes #9951
* fix: fix for avatar images when gzip is turned on, fixes #5952
* sets version to 4.6.2
* prom: add support for default step param (#9866)
* build: fixed jshint error
* fix: Html escaping caused issue in InfluxDB query editor, could not pick greater than or less then operators, fixes #9871
* heatmap: fix tooltip in 'Time series bucket' mode, #9332 (#9867)
* fix cloudwatch ec2_instance_attribute (#9718)
* colorpicker: fix color string change #9769 (#9780)
* changes version to 4.6.1
* fix: panel view now wraps, no scrolling required, fixes #9746
* plugins: fix for loading external plugins behind auth proxy, fixes #9509
* fix: color picker bug at series overrides page, #9715 (#9738)
* tech: switch to golang 1.9.2
* tech: add missing include
* save as should only delete threshold for panels with alerts
* fix: graphite annotation tooltip included undefined, fixes #9707
* build: updated version to v4.6.0
* plugins: added backward compatible path for rxjs
* ux: updated singlestat default colors
* prometheus: fixed unsaved changes warning when changing time range due to step option on query model was changed in datasource.query code, fixes #9675
* fix: firefox can now create region annotations, fixes #9638
* alerting: only editors can pause rules
* fix: another fix for playlist view state, #9639
* fix: fixed playlist controls and view state, fixes #9639
* prom: adds pre built grafana dashboard
* bump version for publish_testing.sh
* update version to 4.6.0-beta3
* plugins: expose dashboard impression store
* modify $__timeGroup macro so it can be used in select clause (#9527)
* plugins: fixes path issue on Windows
* prometheus: enable gzip for /metrics endpoint
* fix: fixed save to file button in export modal, fixes #9586
* mysql: add usage stats for mysql
* pluginloader: esModule true for systemjs config
* Fix heatmap Y axis rendering (#9580)
* fix vector range
* prometheus: add builtin template variable as range vectors
* fix: fixed prometheus step issue that caused browser crash, fixes #9575
* fix: getting started panel and mark adding data source as done, fixes #9568
* Fixes for annotations API (#9577)
* bump packagecloud script
* build: added imports of rxjs utility functions
* prepare for v4.6.0-beta2 release
* fix template variable expanding
* annotations: quote reserved fields (#9550)
* ux: align alert and btn colors
* fix: fixed color pickers that were broken in minified builds, fixes #9549
* textpanel: fixes #9491
* csv: fix import for saveAs shim
* plugins: expose more util and flot dependencies
* alert_tab: clear test result when testing rules
* (cloudwatch) fix cloudwatch query error over 24h (#9536)
* show error message when cloudwatch datasource can't add
* update packagecloud script for 4.6.0-beta1
* changelog: adds note about closing #9516
* alerting: add count_non_null reducer
* Update rpm.md
* fix: can now remove annotation tags without popover closing
* tech: add backward compatibility for <spectrum-picker> directive (#9510)
* fix: fixed links on new 404 page, fixes #9493
* logging: dont use cli logger in http_server
* oauth: raise error if session state is missing
* oauth: provide more logging for failed oauth requests
* prepare for 4.6.0-beta1 release
* docs: updated whats new article
* docs: initial draft release v46
* graph: fix y-axis decimalTick check. Fixes #9405
* minor docs update
* docs: annotation docs update
* changelog: adds note about closing #7104
* changelog: adds note about closing #9373
* metrics: disable gzip for /metrics endpoint (#9468)
* Annotation docs (#9506)
* Update CHANGELOG.md
* Update PLUGIN_DEV.md
* Update PLUGIN_DEV.md
* Update README.md
* Fixed link issue in CHANGELOG
* Create PLUGIN_DEV.md
* changelog: adds note about closing #9371,#5334,#8812
* ds_edit: placeholder should only be cert header
* fixed minor styling issus (#9497)
* fix: alert api limit param did not work and caused SQL syntax error, fixes #9492
* annotations: add endpoint for writing graphite-like events (#9495)
* Update unsaved_changes_modal.ts
* fix: set lastSeenAt date when creating users to then years in past insteasd of empty date, fixes #9260
* ux: minor ux fix
* Retain old name for TLS client auth
* Return error if datasource TLS CA not parsed
* Datasource settings: Make HTTP all caps
* Datasource HTTP settings: Add TLS skip verify
* Make URL capitalisation consistent in UI
* Alias macron package in app_routes.go
* Verify datasource TLS and split client auth and CA
* Tidy spacing in datasource TLS settings
* Tests: Clarify what InsecureSkipVerify does
* postgres: add missing ngInject decorator
* docs: initial docs for new annotation features, #9483
* Adds note for #9209 to changelog
* Postgres Data Source (#9475)
* tech: expose more to plugins, closes #9456
* Fix NaN handling (#9469)
* snapshots: improve snapshot listing performance, #9314 (#9477)
* mysql: fix interpolation for numbers in temp vars
* Added docs for Kafka alerting
* Fixed failing go tests
* gofmt fixes
* Added tests
* Kafka REST Proxy works with Grafana
* added insrtuctions for oauth2 okta bitbucket (#9471)
* Unified Color picker fixes (#9466)
* Show min interval query option for mixed datasource (#9467)
* gzip: plugin readme content set explicitly
* ignore pattern for vendored libs
* fix: escape metric segment auto complete, fixes #9423
* Corrected a PostgreSQL SELECT statement. (#9460)
* tests: found the unhandled promise issue in the dash import tests
* testing: fixing tests
* annotations: minor change to default/edit annotation color
* Create annotations (#8197)
* OAuth: Rename sslcli
* OAuth: Separate TLS client auth and CA config
* OAuth: Check both TLS client cert and key
* Always verify TLS unless explicitly told otherwise
* fix: threshold's colors in table panels (#9445) (#9453)
* singlestat: fix sizing bug #9337 (#9448)
* Revert 'Fix coloring in singlestat if null value (#9438)' (#9443)
* Fix coloring in singlestat if null value (#9438)
* fix: missing semicolon
* changed jsontree to use jsonexplorer (#9416)
* docs page for authproxy (#9420)
* Update codebox (#9430)
* Series color picker fix (#9442)
* fix type in readme
* removed commented line
* changelog: adds note about closing #9110
* Fixed typo
* Change empty string checks and improve logging
* changelog: adds note about closing #9208
* Fix spelling on 404 page.
* Lint fix
* Update kbn.js
* Add Norwegian Krone denominator for currency
* fixed layout for column options, changed dropdown for date format kept old code
* build: add noUnusedLocals to tsc parameters
* build: install go based on env variable
* changes go version to 1.9.1
* changelog: adds note about closing #9226
* changelog: add note about closing #9429
* changelog: adds note about closing #9399
* Fix formatting issue
* Add milliseconds format in table panel's config
* support for s3 path (#9151)
* Remove apparently unnecessary .flush() calls.
* Fix empty message and toolong attribute names Use default state message if no message is provided by the user Slice attribute name to maximum of 50 chars
* Address review comments.
* changelog: add note about closing #7175
* plugin_loader: expose app_events to plugins
* Add the missing comma
* colorpicker: refactoring the new unififed colorpicker, #9347
* Unified colorpicker (#9347)
* fix missing column headers in excel export (#9413)
* build: remove clean plugin from dev build
* build: fixed broken elastic unit test
* shore: cleanup unused stuff in common.d.ts
* Build URL for close alert request differently
* some restyling (#9409)
* Docs text fixes (#9408)
* Checkbox fixes (#9400)
* fix: ensure panel.datasource is null as default
* plugibs: expose more to plugins
* properly parse & pass upload image bool from config
* break out slack upload into separate function
* tech: minor npm scripts update
* build: fixed build
* refactoring: minor refactoring of PR #8916
* Update script to make it use OpsGenie's REST API
* docs: minor docs fix
* Merge branch 'master' of github.com:grafana/grafana
* build: minor webpack fix
* docs: updated building from source docs
* playlist: play and edit should use same width
* shore: fixed html indentation, #9368
* tech: updated yarn.lock
* shore: minor cleanup
* Webpack (#9391)
* fixing json for CI
* adding support for token-based slack file.upload API call for posting images to slack
* changelog: adds note about closing #8479
* changelog: adds note about closing #8050
* changelog: adds note about closing #9386
* change pdiff to percent_diff for conditions
* panel: rename label on csv export modal
* add diff and pdiff for conditions
* fix, add targetContainsTemplate()
* fix cloudwatch alert bug
* add debug log
* move extend statistics handling code to backend
* fix assume role
* improve cloudwatch tsdb
* refactor cloudwatch code
* remove obsolete code
* move cloudwatch crendential related code
* remove old handler
* fix annotation query
* fix time
* fix dimension convertion
* re-implement annotation query
* fix parameter format
* fix alert feature
* fix parameter format
* refactor cloudwatch to support new tsdb interface
* refactor cloudwatch frontend code
* refactor cloudwatch frontend code
* fix test
* re-implement dimension_values()
* fix error message
* remove performEC2DescribeInstances()
* re-implement ec2_instance_attribute()
* re-implement ebs_volume_ids()
* import the change, https://github.com/grafana/grafana/pull/9268
* fix conflict
* fix test
* remove obsolete GetMetricStatistics()
* fix test
* move test code
* fix conflict
* porting other suggestion
* re-implement get regions
* move the metric find query code
* (cloudwatch) move query parameter to 'parameters'
* parse duration
* remove offset for startTime
* cache creds for keys/credentials auth type
* fix test
* fix invalid query filter
* count up metrics
* (cloudwatch) alerting
* add brazil currency
* tech: upgrade of systemjs to 0.20.x working
* tech: reverted to systemjs
* tech: migrating elasticsearch to typescript
* changelog: add note about using golang 1.9
* change go version to 1.9
* changelog: adds note about closing #9367
* tech: systemjs upgrade
* made a text-panel page, maybe we don't need it
* cleaned up html/sass and added final touches
* Enable dualstack in every net.Dialer, fixes #9364
* jaeger: capitalize tracer name
* jaeger: logging improvement
* tech: systemjs upgrade
* Have include intervalFactor in its calculation, so always equal to the step query parameter.
* alertlist: toggle play/pause button
* updated css and html for recent state changes for alert lists
* Fix export_modal message (#9353)
* s3: minor fix for PR #9223
* internal metrics: add grafana version
* changelog: adds note about closing 5765
* Update latest.json
* typescript: stricter typescript option
* prom_docker: give targets correct job name
* testdata: add bucket scenarios for heatmap
* dev-docker: add grafana as target
* changelog: add note ablout closing #9319
* introduce smtp config option for EHLO identity
* changelog: note about closing #9250
* go fmt
* new page for text, needs more work
* replaced img in graph, created alert list page
* docs: update docs
* Update CHANGELOG.md
* changelog: adds note about closing #5873
* replaced image
* Docs new updates (#9324)
* Update CHANGELOG.md
* Update latest.json
* cleanup: removed unused file
* tech: remove bower and moved remaining bower dependencies to npm
* tech: cleanup and fixed build issue
* tech: upgraded angularjs and moved dependency from bower to npm, closes #9327
* follow go idiom and return error as second param
* tech: updated tsconfig
* docker: adds alertmanager to prometheus fig
* tech: more tslint rules
* another img update
* tech: removing unused variables from typescript files, and making tslint rules more strict
* deleted old shortcuts instruction
* text uppdates for dashlist and singlestat(+img). updated the keyboard shortcuts
* context is reserved for go's context
* make ds a param for Query
* remove batch abstraction
* rename executor into tsdbqueryendpoint
* remove unused structs
* refactor response flow
* tech: removed test component
* ux: minor singlestat update
* singlestat: minor change
* Update CHANGELOG.md
* Singlestat time (#9298)
* tech: progress on react poc
* adds note about closing #9213
* Update _navbar.scss
* replaced images, updating text(not finished)
* fix: close for 'Unsaved Changes' modal, #9284 (#9313)
* Initial graphite tags support (#9239)
* tech: initial react poc
* Make details more clean in PD description
* bug: enable HEAD requests again
* Add `DbClusterIdentifier` to CloudWatch dimensions (#9297)
* templating: fix dependent variable updating (#9306)
* Fix adhoc filters restoration (#9303)
* Explicitly refer to Github 'OAuth' applications
* config bucket and region for s3 uploader
* fixes bug introduced with prom namespaces
* fixing spelling of millesecond -> millisecond
* fixing spelling of millesecond -> millisecond
* Remove duplicate bus.AddHandler() (#9289)
* Update CHANGELOG.md
* use same key as mt
* tag alert queries that return no_data
* updated error page html+css, added ds_store to ignore (#9285)
* public/app/plugins/panel/graph/specs/graph_specs.ts: relax tests to be 'within' instead of 'equal', so they won't fail on i686 (#9286)
* Fix path to icon (#9276)
* adds note about fix in v4.5.2
* skip NaN values when writing to graphite
* addded mass units, #9265 (#9273)
* Fully fill out nulls in cloudfront data source (#9268)
* make it possible to configure sampler type
* mark >=400 responses as error
* change port for jaeger dev container
* logwrapper for jaeger
* make samplerconfig.param configurable
* adds custom tags from settings
* use route as span name
* add trace headers for outgoing requests
* docker file for running jaeger
* better formating for error trace
* attach context with span to *http.Request
* add traces for datasource reverse proxy requests
* trace failed executions
* use tags instead of logs
* use opentracing ext package when possible
* set example port to zipkin default
* adds codahale to vendor
* makes jaeger tracing configurable
* add trace parameters for outgoing requests
* adds basic traces using open traces
* require dashboard panels to have id
* fix: jsonData should not be allowed to be null, fixes #9258
* packaging: reduce package size
* Update upgrading.md (#9263)
* Added --pluginUrl option to grafana-cli for local network plugin installation
* adds note about closing #1395
* add locale format
* update changelog
* fixes broken tests :boom:
* minor code adjusetments
* pass context to image uploaders
* remove unused deps
* Reduced OAuth scope to read_write
* GCS support via JSON API
* gofmt fixes
* Added GCS support #8370
* move more known datasources from others
* Remove alert thresholds on panel duplicate, issue #9178 (#9257)
* 4.5.1 docs + update version to 5.0.0-pre1
* publish_both.sh update for 4.5.1
* Update CHANGELOG.md
* docs: updated changelog
* packaging: reducing package size be only including public vendor stuff we need
* docs: update download links
* allow ssl renegotiation for datasources
* check args for query
* add test for completer
* fix
* follow token name change
* (prometheus) support label value completion
* (prometheus) support label name completion
* get s3 url via aws-sdk-go, fix #9189
* Prometheus: Rework the interaction between auto interval (computed based on graph resolution), min interval (where specified, per query) and intervalFactor (AKA resolution, where specified, per query). As a bonus, have and reflect the actual interval (not the auto interval), taking into account min interval and Prometheus' 11k data points limit.
* minor fix
* (prometheus) support instant query for table format, use checkbox to switch query type
* (prometheus) instant query support
* Add thumbnail to card
* Add values to the hipchat card
* Reorder editorconfig
* Enable datasources to be able to round off to a UTC day properly
* Include triggering metrics to pagerduty alerts
novnc was updated to fix the following issue:
- Add tightPNG encoding (bsc#1145796)
This encoding is needed to allow noVNC to work with instances that
run on ESX hypervisors. It is not possible to update the Newton package
to noVNC 1.1.0 as that version is not supported with openstack-nova until Rocky.
openstack-keystone was updated to fix:
- A domain_admin should be allowed to list role assignments for the
domain and for all projects of this domain with a domain-scoped token.
(bsc#1118159)
openstack-neutron was updated to fix:
- Add path to not update device lists in large sets. (bsc#1136784)
Since the ssh timeout issue was resolved, start adding back the removed
patches. Backport based on comment #1.
- Revert OVS timeout patch as it also seams to cause CI issues. (SOC-10092)
- Since the CI failures are mostly seen in ha jobs, let us first
try to revert the last added HA related patches. Once we nail
down the issue, we can add one at a time. (SOC-10092)
- Disallow router interface out of subnet IP range (bsc#1108033)
- Fix for dhcp serializing port delete and network rpc calls (bsc#1143475)
- Fixed a function call error with get_reader_session
Fixed an argument issue with respect to Context not having 'bein'
function, we should have passed the session instead of context.
Also fixed another function argument error with respect to
'is_ha_router_port'. (bsc#1133722)
- Divide and conquer local hridge flows beasts (bsc#1133722)
- Choose random value for HA routes vr_id
- Change duplicate OVS bridge datapath ids
- Async notify neutron server for HA states
- Divide and conquer security group beasts
- Change default local ovs connection timeout (bsc#1136784)
- Do not call update device list in large sets (bsc#1136784)
- More accurate agent restart state transfer (bsc#1136784)
- OVS agent: Always send start flag during initial sync (bsc#1136784)
- Keep HA ports info for HA router during entire lifecycle
- Packets getting lost during SNAT with too many connections
- Don't restart neutron-ovs-cleanup on RPM update (bsc#1132860)
- neutron-keepalived-state-change will check VIP before spawning ip monitor (bsc#1131961)
- handle database query correctly
- Fix the update port status issue without getting the ports to BUILD status.(bsc#1131053)
- OVS Raise RuntimeError in_get_dp if id is None
- OVS Survive errors from check ovs status
- Trigger port status DOWN on VIF replug.patch
- Fix dvr ha router gateway port binding to incorrect host
- DVR HA Unbinding a HA router from agent does not clear HA interface
- Don't trigger DVR port update if status the same
- Add retry decorator update_segment_host_mapping (bsc#1127558)
- Do state report after setting start flag on OVS restart
openstack-nova was updated to fix:
Security issue fixed:
- CVE-2016-10127: Fixed XXE in XML Parsing (bsc#1019074)
- Allow to attach more than 26 volumes (bsc#1118900)
openstack-tempest was updated to fix:
- Avoid server check teardown exception breaking tearDown (SOC 10092)
python-urllib3 was updated to fix:
- Add missing dependency on python-six (bsc#1150895)
sleshammer was updated to fix:
- Really drop etc/udev/rules.d/70-persistent-net.rules from the overlay
it was still present in the tarball. (SOC-9288)
rubygem-chef was updated to fix:
- pretty print inspect results and force encode the content (SOC-9954)
- updated to version 1.0.0
- Unmerge Arrays containing Hashes
- Handle duplicate values in arrays correctly
rubygem-easy_diff was updated to version 0.0.6
- Fix merging arrays of hashes
Patchnames: SUSE-2019-2671,SUSE-OpenStack-Cloud-7-2019-2671,SUSE-Storage-4-2019-2671
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9 (Critical)
Affected products
Recommended
73 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
73 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
73 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
73 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
Threats
Impact
low
7.1 (High)
Affected products
Recommended
73 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
73 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
57 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer fixes the following issues:\n\nIn python-pysaml2 the following security issue was fixed:\n\n- CVE-2016-10127: Fixed an XML external entity attack. (bsc#1019074)\n\ncrowbar-core was updated to version 4.0+git.1570463621.40b11cd48:\n* network: Don\u0027t set datapath-ids on ovs-bridges anymore (bsc#1152916)\n* barclamp_lib: Sync timeout with other barclamps (SOC-10513, SOC-10011)\n* gems: Update easy_diff to 1.0.0 (SOC-10505)\n* crowbar: Do not read /etc/crowbar.install.key in non-SUSE init script\n* transition.sh: Do not read /etc/crowbar.install.key\n* gather_logs: Make it a bit useful again\n* gather_logs: Do not read /etc/crowbar.install.key\n* network: Allow locking down the network config for nodes (bsc#1120657)\n* network: Check existing upper layers before bond setup (bsc#1120657)\n* network: never plug two interface into the same ovs bridge (bsc#1120657)\n* network: Avoid plugging the same interface to two ovs bridges (bsc#1120657)\n* nic library: some helper for identifying base interface (bsc#1120657)\n* network: Rework the vlan port replugging code (bsc#1120657)\n* network: DRY out \u0027kill_nic_files\u0027 (noref)\n* Add CVE-2019-5477 the to travis ignore list (SOC-9635)\n\ncrowbar-openstack was updated to version 4.0+git.1569429513.e7016b2b6:\n* tempest: don\u0027t rely on service catalogue (SOC-10633)\n* nova: set default attribute for max_threads_per_process\n* database: Hardcode ruby version for package installation (SOC-10010)\n* neutron: restore dhcp_domain in stable/4.0 (bsc#1145867)\n* nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719)\n\ngrafana was updated to:\n\n- CVE-2019-15043: Adds authentication to a few rest endpoints that could be used to access grafana snapshot apis to cause denial of service (SOC-10357 bsc#1148383)\n Also see https://github.com/grafana/grafana/compare/v5.4.4...v5.4.5\n\n\ngrafana was updated to version 4.6.5:\n\n- CVE-2018-19039: Users with Editor or Admin permissions could exfiltrate files (jsc#SOC-9976 bsc#1115960)\n\ngrafana was updated version to 4.6.4:\n\n- CVE-2018-15727 / CVE-2018-558213: Fixed an authentication bypass because an attacker can generate a valid \u0027remember me\u0027cookie knowing only a username of an LDAP or OAuth user (jsc#SOC-9980 bsc#1106515)\n\nOther fixes:\n\n* sql: added code migration type\n* release 4.6.3\n* fix default alias\n* fixes broken alert eval when first condition is using OR\n* fix: alert list panel now works correctly after adding manual annotation on dashboard, fixes #9951\n* fix: fix for avatar images when gzip is turned on, fixes #5952\n* sets version to 4.6.2\n* prom: add support for default step param (#9866)\n* build: fixed jshint error\n* fix: Html escaping caused issue in InfluxDB query editor, could not pick greater than or less then operators, fixes #9871\n* heatmap: fix tooltip in \u0027Time series bucket\u0027 mode, #9332 (#9867)\n* fix cloudwatch ec2_instance_attribute (#9718)\n* colorpicker: fix color string change #9769 (#9780)\n* changes version to 4.6.1\n* fix: panel view now wraps, no scrolling required, fixes #9746\n* plugins: fix for loading external plugins behind auth proxy, fixes #9509\n* fix: color picker bug at series overrides page, #9715 (#9738)\n* tech: switch to golang 1.9.2\n* tech: add missing include\n* save as should only delete threshold for panels with alerts\n* fix: graphite annotation tooltip included undefined, fixes #9707\n* build: updated version to v4.6.0\n* plugins: added backward compatible path for rxjs\n* ux: updated singlestat default colors\n* prometheus: fixed unsaved changes warning when changing time range due to step option on query model was changed in datasource.query code, fixes #9675\n* fix: firefox can now create region annotations, fixes #9638\n* alerting: only editors can pause rules\n* fix: another fix for playlist view state, #9639\n* fix: fixed playlist controls and view state, fixes #9639\n* prom: adds pre built grafana dashboard\n* bump version for publish_testing.sh\n* update version to 4.6.0-beta3\n* plugins: expose dashboard impression store\n* modify $__timeGroup macro so it can be used in select clause (#9527)\n* plugins: fixes path issue on Windows\n* prometheus: enable gzip for /metrics endpoint\n* fix: fixed save to file button in export modal, fixes #9586\n* mysql: add usage stats for mysql\n* pluginloader: esModule true for systemjs config\n* Fix heatmap Y axis rendering (#9580)\n* fix vector range\n* prometheus: add builtin template variable as range vectors\n* fix: fixed prometheus step issue that caused browser crash, fixes #9575\n* fix: getting started panel and mark adding data source as done, fixes #9568\n* Fixes for annotations API (#9577)\n* bump packagecloud script\n* build: added imports of rxjs utility functions\n* prepare for v4.6.0-beta2 release\n* fix template variable expanding\n* annotations: quote reserved fields (#9550)\n* ux: align alert and btn colors\n* fix: fixed color pickers that were broken in minified builds, fixes #9549\n* textpanel: fixes #9491\n* csv: fix import for saveAs shim\n* plugins: expose more util and flot dependencies\n* alert_tab: clear test result when testing rules\n* (cloudwatch) fix cloudwatch query error over 24h (#9536)\n* show error message when cloudwatch datasource can\u0027t add\n* update packagecloud script for 4.6.0-beta1\n* changelog: adds note about closing #9516\n* alerting: add count_non_null reducer\n* Update rpm.md\n* fix: can now remove annotation tags without popover closing\n* tech: add backward compatibility for \u003cspectrum-picker\u003e directive (#9510)\n* fix: fixed links on new 404 page, fixes #9493\n* logging: dont use cli logger in http_server\n* oauth: raise error if session state is missing\n* oauth: provide more logging for failed oauth requests\n* prepare for 4.6.0-beta1 release\n* docs: updated whats new article\n* docs: initial draft release v46\n* graph: fix y-axis decimalTick check. Fixes #9405\n* minor docs update\n* docs: annotation docs update\n* changelog: adds note about closing #7104\n* changelog: adds note about closing #9373\n* metrics: disable gzip for /metrics endpoint (#9468)\n* Annotation docs (#9506)\n* Update CHANGELOG.md\n* Update PLUGIN_DEV.md\n* Update PLUGIN_DEV.md\n* Update README.md\n* Fixed link issue in CHANGELOG\n* Create PLUGIN_DEV.md\n* changelog: adds note about closing #9371,#5334,#8812\n* ds_edit: placeholder should only be cert header\n* fixed minor styling issus (#9497)\n* fix: alert api limit param did not work and caused SQL syntax error, fixes #9492\n* annotations: add endpoint for writing graphite-like events (#9495)\n* Update unsaved_changes_modal.ts\n* fix: set lastSeenAt date when creating users to then years in past insteasd of empty date, fixes #9260\n* ux: minor ux fix\n* Retain old name for TLS client auth\n* Return error if datasource TLS CA not parsed\n* Datasource settings: Make HTTP all caps\n* Datasource HTTP settings: Add TLS skip verify\n* Make URL capitalisation consistent in UI\n* Alias macron package in app_routes.go\n* Verify datasource TLS and split client auth and CA\n* Tidy spacing in datasource TLS settings\n* Tests: Clarify what InsecureSkipVerify does\n* postgres: add missing ngInject decorator\n* docs: initial docs for new annotation features, #9483\n* Adds note for #9209 to changelog\n* Postgres Data Source (#9475)\n* tech: expose more to plugins, closes #9456\n* Fix NaN handling (#9469)\n* snapshots: improve snapshot listing performance, #9314 (#9477)\n* mysql: fix interpolation for numbers in temp vars\n* Added docs for Kafka alerting\n* Fixed failing go tests\n* gofmt fixes\n* Added tests\n* Kafka REST Proxy works with Grafana\n* added insrtuctions for oauth2 okta bitbucket (#9471)\n* Unified Color picker fixes (#9466)\n* Show min interval query option for mixed datasource (#9467)\n* gzip: plugin readme content set explicitly\n* ignore pattern for vendored libs\n* fix: escape metric segment auto complete, fixes #9423\n* Corrected a PostgreSQL SELECT statement. (#9460)\n* tests: found the unhandled promise issue in the dash import tests\n* testing: fixing tests\n* annotations: minor change to default/edit annotation color\n* Create annotations (#8197)\n* OAuth: Rename sslcli\n* OAuth: Separate TLS client auth and CA config\n* OAuth: Check both TLS client cert and key\n* Always verify TLS unless explicitly told otherwise\n* fix: threshold\u0027s colors in table panels (#9445) (#9453)\n* singlestat: fix sizing bug #9337 (#9448)\n* Revert \u0027Fix coloring in singlestat if null value (#9438)\u0027 (#9443)\n* Fix coloring in singlestat if null value (#9438)\n* fix: missing semicolon\n* changed jsontree to use jsonexplorer (#9416)\n* docs page for authproxy (#9420)\n* Update codebox (#9430)\n* Series color picker fix (#9442)\n* fix type in readme\n* removed commented line\n* changelog: adds note about closing #9110\n* Fixed typo\n* Change empty string checks and improve logging\n* changelog: adds note about closing #9208\n* Fix spelling on 404 page.\n* Lint fix\n* Update kbn.js\n* Add Norwegian Krone denominator for currency\n* fixed layout for column options, changed dropdown for date format kept old code\n* build: add noUnusedLocals to tsc parameters\n* build: install go based on env variable\n* changes go version to 1.9.1\n* changelog: adds note about closing #9226\n* changelog: add note about closing #9429\n* changelog: adds note about closing #9399\n* Fix formatting issue\n* Add milliseconds format in table panel\u0027s config\n* support for s3 path (#9151)\n* Remove apparently unnecessary .flush() calls.\n* Fix empty message and toolong attribute names Use default state message if no message is provided by the user Slice attribute name to maximum of 50 chars\n* Address review comments.\n* changelog: add note about closing #7175\n* plugin_loader: expose app_events to plugins\n* Add the missing comma\n* colorpicker: refactoring the new unififed colorpicker, #9347\n* Unified colorpicker (#9347)\n* fix missing column headers in excel export (#9413)\n* build: remove clean plugin from dev build\n* build: fixed broken elastic unit test\n* shore: cleanup unused stuff in common.d.ts\n* Build URL for close alert request differently\n* some restyling (#9409)\n* Docs text fixes (#9408)\n* Checkbox fixes (#9400)\n* fix: ensure panel.datasource is null as default\n* plugibs: expose more to plugins\n* properly parse \u0026 pass upload image bool from config\n* break out slack upload into separate function\n* tech: minor npm scripts update\n* build: fixed build\n* refactoring: minor refactoring of PR #8916\n* Update script to make it use OpsGenie\u0027s REST API\n* docs: minor docs fix\n* Merge branch \u0027master\u0027 of github.com:grafana/grafana\n* build: minor webpack fix\n* docs: updated building from source docs\n* playlist: play and edit should use same width\n* shore: fixed html indentation, #9368\n* tech: updated yarn.lock\n* shore: minor cleanup\n* Webpack (#9391)\n* fixing json for CI\n* adding support for token-based slack file.upload API call for posting images to slack\n* changelog: adds note about closing #8479\n* changelog: adds note about closing #8050\n* changelog: adds note about closing #9386\n* change pdiff to percent_diff for conditions\n* panel: rename label on csv export modal\n* add diff and pdiff for conditions\n* fix, add targetContainsTemplate()\n* fix cloudwatch alert bug\n* add debug log\n* move extend statistics handling code to backend\n* fix assume role\n* improve cloudwatch tsdb\n* refactor cloudwatch code\n* remove obsolete code\n* move cloudwatch crendential related code\n* remove old handler\n* fix annotation query\n* fix time\n* fix dimension convertion\n* re-implement annotation query\n* fix parameter format\n* fix alert feature\n* fix parameter format\n* refactor cloudwatch to support new tsdb interface\n* refactor cloudwatch frontend code\n* refactor cloudwatch frontend code\n* fix test\n* re-implement dimension_values()\n* fix error message\n* remove performEC2DescribeInstances()\n* re-implement ec2_instance_attribute()\n* re-implement ebs_volume_ids()\n* import the change, https://github.com/grafana/grafana/pull/9268\n* fix conflict\n* fix test\n* remove obsolete GetMetricStatistics()\n* fix test\n* move test code\n* fix conflict\n* porting other suggestion\n* re-implement get regions\n* move the metric find query code\n* (cloudwatch) move query parameter to \u0027parameters\u0027\n* parse duration\n* remove offset for startTime\n* cache creds for keys/credentials auth type\n* fix test\n* fix invalid query filter\n* count up metrics\n* (cloudwatch) alerting\n* add brazil currency\n* tech: upgrade of systemjs to 0.20.x working\n* tech: reverted to systemjs\n* tech: migrating elasticsearch to typescript\n* changelog: add note about using golang 1.9\n* change go version to 1.9\n* changelog: adds note about closing #9367\n* tech: systemjs upgrade\n* made a text-panel page, maybe we don\u0027t need it\n* cleaned up html/sass and added final touches\n* Enable dualstack in every net.Dialer, fixes #9364\n* jaeger: capitalize tracer name\n* jaeger: logging improvement\n* tech: systemjs upgrade\n* Have include intervalFactor in its calculation, so always equal to the step query parameter.\n* alertlist: toggle play/pause button\n* updated css and html for recent state changes for alert lists\n* Fix export_modal message (#9353)\n* s3: minor fix for PR #9223\n* internal metrics: add grafana version\n* changelog: adds note about closing 5765\n* Update latest.json\n* typescript: stricter typescript option\n* prom_docker: give targets correct job name\n* testdata: add bucket scenarios for heatmap\n* dev-docker: add grafana as target\n* changelog: add note ablout closing #9319\n* introduce smtp config option for EHLO identity\n* changelog: note about closing #9250\n* go fmt\n* new page for text, needs more work\n* replaced img in graph, created alert list page\n* docs: update docs\n* Update CHANGELOG.md\n* changelog: adds note about closing #5873\n* replaced image\n* Docs new updates (#9324)\n* Update CHANGELOG.md\n* Update latest.json\n* cleanup: removed unused file\n* tech: remove bower and moved remaining bower dependencies to npm\n* tech: cleanup and fixed build issue\n* tech: upgraded angularjs and moved dependency from bower to npm, closes #9327\n* follow go idiom and return error as second param\n* tech: updated tsconfig\n* docker: adds alertmanager to prometheus fig\n* tech: more tslint rules\n* another img update\n* tech: removing unused variables from typescript files, and making tslint rules more strict\n* deleted old shortcuts instruction\n* text uppdates for dashlist and singlestat(+img). updated the keyboard shortcuts\n* context is reserved for go\u0027s context\n* make ds a param for Query\n* remove batch abstraction\n* rename executor into tsdbqueryendpoint\n* remove unused structs\n* refactor response flow\n* tech: removed test component\n* ux: minor singlestat update\n* singlestat: minor change\n* Update CHANGELOG.md\n* Singlestat time (#9298)\n* tech: progress on react poc\n* adds note about closing #9213\n* Update _navbar.scss\n* replaced images, updating text(not finished)\n* fix: close for \u0027Unsaved Changes\u0027 modal, #9284 (#9313)\n* Initial graphite tags support (#9239)\n* tech: initial react poc\n* Make details more clean in PD description\n* bug: enable HEAD requests again\n* Add `DbClusterIdentifier` to CloudWatch dimensions (#9297)\n* templating: fix dependent variable updating (#9306)\n* Fix adhoc filters restoration (#9303)\n* Explicitly refer to Github \u0027OAuth\u0027 applications\n* config bucket and region for s3 uploader\n* fixes bug introduced with prom namespaces\n* fixing spelling of millesecond -\u003e millisecond\n* fixing spelling of millesecond -\u003e millisecond\n* Remove duplicate bus.AddHandler() (#9289)\n* Update CHANGELOG.md\n* use same key as mt\n* tag alert queries that return no_data\n* updated error page html+css, added ds_store to ignore (#9285)\n* public/app/plugins/panel/graph/specs/graph_specs.ts: relax tests to be \u0027within\u0027 instead of \u0027equal\u0027, so they won\u0027t fail on i686 (#9286)\n* Fix path to icon (#9276)\n* adds note about fix in v4.5.2\n* skip NaN values when writing to graphite\n* addded mass units, #9265 (#9273)\n* Fully fill out nulls in cloudfront data source (#9268)\n* make it possible to configure sampler type\n* mark \u003e=400 responses as error\n* change port for jaeger dev container\n* logwrapper for jaeger\n* make samplerconfig.param configurable\n* adds custom tags from settings\n* use route as span name\n* add trace headers for outgoing requests\n* docker file for running jaeger\n* better formating for error trace\n* attach context with span to *http.Request\n* add traces for datasource reverse proxy requests\n* trace failed executions\n* use tags instead of logs\n* use opentracing ext package when possible\n* set example port to zipkin default\n* adds codahale to vendor\n* makes jaeger tracing configurable\n* add trace parameters for outgoing requests\n* adds basic traces using open traces\n* require dashboard panels to have id\n* fix: jsonData should not be allowed to be null, fixes #9258\n* packaging: reduce package size\n* Update upgrading.md (#9263)\n* Added --pluginUrl option to grafana-cli for local network plugin installation\n* adds note about closing #1395\n* add locale format\n* update changelog\n* fixes broken tests :boom:\n* minor code adjusetments\n* pass context to image uploaders\n* remove unused deps\n* Reduced OAuth scope to read_write\n* GCS support via JSON API\n* gofmt fixes\n* Added GCS support #8370\n* move more known datasources from others\n* Remove alert thresholds on panel duplicate, issue #9178 (#9257)\n* 4.5.1 docs + update version to 5.0.0-pre1\n* publish_both.sh update for 4.5.1\n* Update CHANGELOG.md\n* docs: updated changelog\n* packaging: reducing package size be only including public vendor stuff we need\n* docs: update download links\n* allow ssl renegotiation for datasources\n* check args for query\n* add test for completer\n* fix\n* follow token name change\n* (prometheus) support label value completion\n* (prometheus) support label name completion\n* get s3 url via aws-sdk-go, fix #9189\n* Prometheus: Rework the interaction between auto interval (computed based on graph resolution), min interval (where specified, per query) and intervalFactor (AKA resolution, where specified, per query). As a bonus, have and reflect the actual interval (not the auto interval), taking into account min interval and Prometheus\u0027 11k data points limit.\n* minor fix\n* (prometheus) support instant query for table format, use checkbox to switch query type\n* (prometheus) instant query support\n* Add thumbnail to card\n* Add values to the hipchat card\n* Reorder editorconfig\n* Enable datasources to be able to round off to a UTC day properly\n* Include triggering metrics to pagerduty alerts\n\nnovnc was updated to fix the following issue:\n\n- Add tightPNG encoding (bsc#1145796)\n This encoding is needed to allow noVNC to work with instances that\n run on ESX hypervisors. It is not possible to update the Newton package\n to noVNC 1.1.0 as that version is not supported with openstack-nova until Rocky.\n\nopenstack-keystone was updated to fix:\n\n- A domain_admin should be allowed to list role assignments for the\n domain and for all projects of this domain with a domain-scoped token.\n (bsc#1118159)\n\nopenstack-neutron was updated to fix:\n- Add path to not update device lists in large sets. (bsc#1136784)\n Since the ssh timeout issue was resolved, start adding back the removed\n patches. Backport based on comment #1.\n- Revert OVS timeout patch as it also seams to cause CI issues. (SOC-10092)\n- Since the CI failures are mostly seen in ha jobs, let us first\n try to revert the last added HA related patches. Once we nail\n down the issue, we can add one at a time. (SOC-10092)\n- Disallow router interface out of subnet IP range (bsc#1108033)\n- Fix for dhcp serializing port delete and network rpc calls (bsc#1143475)\n- Fixed a function call error with get_reader_session\n Fixed an argument issue with respect to Context not having \u0027bein\u0027\n function, we should have passed the session instead of context.\n Also fixed another function argument error with respect to\n \u0027is_ha_router_port\u0027. (bsc#1133722)\n- Divide and conquer local hridge flows beasts (bsc#1133722) \n- Choose random value for HA routes vr_id\n- Change duplicate OVS bridge datapath ids\n- Async notify neutron server for HA states\n- Divide and conquer security group beasts\n- Change default local ovs connection timeout (bsc#1136784)\n- Do not call update device list in large sets (bsc#1136784)\n- More accurate agent restart state transfer (bsc#1136784)\n- OVS agent: Always send start flag during initial sync (bsc#1136784)\n- Keep HA ports info for HA router during entire lifecycle\n- Packets getting lost during SNAT with too many connections\n- Don\u0027t restart neutron-ovs-cleanup on RPM update (bsc#1132860)\n- neutron-keepalived-state-change will check VIP before spawning ip monitor (bsc#1131961)\n- handle database query correctly\n- Fix the update port status issue without getting the ports to BUILD status.(bsc#1131053)\n\n- OVS Raise RuntimeError in_get_dp if id is None\n- OVS Survive errors from check ovs status\n- Trigger port status DOWN on VIF replug.patch\n- Fix dvr ha router gateway port binding to incorrect host\n- DVR HA Unbinding a HA router from agent does not clear HA interface\n- Don\u0027t trigger DVR port update if status the same\n- Add retry decorator update_segment_host_mapping (bsc#1127558)\n- Do state report after setting start flag on OVS restart\n\nopenstack-nova was updated to fix:\n\nSecurity issue fixed:\n\n- CVE-2016-10127: Fixed XXE in XML Parsing (bsc#1019074)\n\n- Allow to attach more than 26 volumes (bsc#1118900)\n\nopenstack-tempest was updated to fix:\n\n- Avoid server check teardown exception breaking tearDown (SOC 10092)\n\npython-urllib3 was updated to fix:\n\n- Add missing dependency on python-six (bsc#1150895)\n\nsleshammer was updated to fix:\n\n- Really drop etc/udev/rules.d/70-persistent-net.rules from the overlay\n it was still present in the tarball. (SOC-9288)\n\nrubygem-chef was updated to fix:\n\n- pretty print inspect results and force encode the content (SOC-9954)\n\n- updated to version 1.0.0\n\n - Unmerge Arrays containing Hashes\n - Handle duplicate values in arrays correctly\n\nrubygem-easy_diff was updated to version 0.0.6\n\n- Fix merging arrays of hashes\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2671,SUSE-OpenStack-Cloud-7-2019-2671,SUSE-Storage-4-2019-2671",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2671-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2671-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192671-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2671-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-October/006017.html"
},
{
"category": "self",
"summary": "SUSE Bug 1019074",
"url": "https://bugzilla.suse.com/1019074"
},
{
"category": "self",
"summary": "SUSE Bug 1052286",
"url": "https://bugzilla.suse.com/1052286"
},
{
"category": "self",
"summary": "SUSE Bug 1106515",
"url": "https://bugzilla.suse.com/1106515"
},
{
"category": "self",
"summary": "SUSE Bug 1108033",
"url": "https://bugzilla.suse.com/1108033"
},
{
"category": "self",
"summary": "SUSE Bug 1115960",
"url": "https://bugzilla.suse.com/1115960"
},
{
"category": "self",
"summary": "SUSE Bug 1118159",
"url": "https://bugzilla.suse.com/1118159"
},
{
"category": "self",
"summary": "SUSE Bug 1118900",
"url": "https://bugzilla.suse.com/1118900"
},
{
"category": "self",
"summary": "SUSE Bug 1120657",
"url": "https://bugzilla.suse.com/1120657"
},
{
"category": "self",
"summary": "SUSE Bug 1127558",
"url": "https://bugzilla.suse.com/1127558"
},
{
"category": "self",
"summary": "SUSE Bug 1128954",
"url": "https://bugzilla.suse.com/1128954"
},
{
"category": "self",
"summary": "SUSE Bug 1128987",
"url": "https://bugzilla.suse.com/1128987"
},
{
"category": "self",
"summary": "SUSE Bug 1131053",
"url": "https://bugzilla.suse.com/1131053"
},
{
"category": "self",
"summary": "SUSE Bug 1131961",
"url": "https://bugzilla.suse.com/1131961"
},
{
"category": "self",
"summary": "SUSE Bug 1132860",
"url": "https://bugzilla.suse.com/1132860"
},
{
"category": "self",
"summary": "SUSE Bug 1133719",
"url": "https://bugzilla.suse.com/1133719"
},
{
"category": "self",
"summary": "SUSE Bug 1133722",
"url": "https://bugzilla.suse.com/1133722"
},
{
"category": "self",
"summary": "SUSE Bug 1136784",
"url": "https://bugzilla.suse.com/1136784"
},
{
"category": "self",
"summary": "SUSE Bug 1143475",
"url": "https://bugzilla.suse.com/1143475"
},
{
"category": "self",
"summary": "SUSE Bug 1145796",
"url": "https://bugzilla.suse.com/1145796"
},
{
"category": "self",
"summary": "SUSE Bug 1145867",
"url": "https://bugzilla.suse.com/1145867"
},
{
"category": "self",
"summary": "SUSE Bug 1148383",
"url": "https://bugzilla.suse.com/1148383"
},
{
"category": "self",
"summary": "SUSE Bug 1150895",
"url": "https://bugzilla.suse.com/1150895"
},
{
"category": "self",
"summary": "SUSE Bug 1152916",
"url": "https://bugzilla.suse.com/1152916"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10127 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15727 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19039 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-558213 page",
"url": "https://www.suse.com/security/cve/CVE-2018-558213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15043 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5477 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5477/"
},
{
"category": "self",
"summary": "SUSE Bug SOC-10001",
"url": "https://bugzilla.suse.com/SOC-10001"
},
{
"category": "self",
"summary": "SUSE Bug SOC-10010",
"url": "https://bugzilla.suse.com/SOC-10010"
},
{
"category": "self",
"summary": "SUSE Bug SOC-10011",
"url": "https://bugzilla.suse.com/SOC-10011"
},
{
"category": "self",
"summary": "SUSE Bug SOC-10092",
"url": "https://bugzilla.suse.com/SOC-10092"
},
{
"category": "self",
"summary": "SUSE Bug SOC-10357",
"url": "https://bugzilla.suse.com/SOC-10357"
},
{
"category": "self",
"summary": "SUSE Bug SOC-10505",
"url": "https://bugzilla.suse.com/SOC-10505"
},
{
"category": "self",
"summary": "SUSE Bug SOC-10513",
"url": "https://bugzilla.suse.com/SOC-10513"
},
{
"category": "self",
"summary": "SUSE Bug SOC-10633",
"url": "https://bugzilla.suse.com/SOC-10633"
},
{
"category": "self",
"summary": "SUSE Bug SOC-9288",
"url": "https://bugzilla.suse.com/SOC-9288"
},
{
"category": "self",
"summary": "SUSE Bug SOC-9635",
"url": "https://bugzilla.suse.com/SOC-9635"
},
{
"category": "self",
"summary": "SUSE Bug SOC-9954",
"url": "https://bugzilla.suse.com/SOC-9954"
},
{
"category": "self",
"summary": "SUSE Bug SOC-9976",
"url": "https://bugzilla.suse.com/SOC-9976"
},
{
"category": "self",
"summary": "SUSE Bug SOC-9980",
"url": "https://bugzilla.suse.com/SOC-9980"
}
],
"title": "Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer",
"tracking": {
"current_release_date": "2019-10-15T12:46:16Z",
"generator": {
"date": "2019-10-15T12:46:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2671-1",
"initial_release_date": "2019-10-15T12:46:16Z",
"revision_history": [
{
"date": "2019-10-15T12:46:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"product": {
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"product_id": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64"
}
},
{
"category": "product_version",
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"product": {
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"product_id": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64"
}
},
{
"category": "product_version",
"name": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"product": {
"name": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"product_id": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.aarch64"
}
},
{
"category": "product_version",
"name": "grafana-4.6.5-1.11.2.aarch64",
"product": {
"name": "grafana-4.6.5-1.11.2.aarch64",
"product_id": "grafana-4.6.5-1.11.2.aarch64"
}
},
{
"category": "product_version",
"name": "novnc-1.0.0-12.1.aarch64",
"product": {
"name": "novnc-1.0.0-12.1.aarch64",
"product_id": "novnc-1.0.0-12.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"product_id": "ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.aarch64",
"product_id": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"product_id": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.aarch64",
"product_id": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.aarch64",
"product_id": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "rubygem-chef-10.32.2-5.12.1.aarch64",
"product": {
"name": "rubygem-chef-10.32.2-5.12.1.aarch64",
"product_id": "rubygem-chef-10.32.2-5.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"product": {
"name": "crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"product_id": "crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"product": {
"name": "openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"product_id": "openstack-keystone-10.0.3~dev9-7.18.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"product": {
"name": "openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"product_id": "openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-keystone-test-10.0.3~dev9-7.18.2.noarch",
"product": {
"name": "openstack-keystone-test-10.0.3~dev9-7.18.2.noarch",
"product_id": "openstack-keystone-test-10.0.3~dev9-7.18.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"product": {
"name": "openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"product_id": "openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"product": {
"name": "openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"product_id": "openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"product": {
"name": "openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"product_id": "openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-server-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-test-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "openstack-neutron-test-9.4.2~dev21-7.32.1.noarch",
"product_id": "openstack-neutron-test-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-api-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-cells-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-cert-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-compute-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-console-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"product": {
"name": "openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"product_id": "openstack-nova-doc-14.0.11~dev13-4.34.2.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-network-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-network-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-network-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-test-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-test-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-test-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"product": {
"name": "openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"product_id": "openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"product": {
"name": "openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"product_id": "openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "openstack-xen-plugins-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "openstack-xen-plugins-14.0.11~dev13-4.34.3.noarch",
"product_id": "openstack-xen-plugins-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "python-keystone-10.0.3~dev9-7.18.2.noarch",
"product": {
"name": "python-keystone-10.0.3~dev9-7.18.2.noarch",
"product_id": "python-keystone-10.0.3~dev9-7.18.2.noarch"
}
},
{
"category": "product_version",
"name": "python-neutron-9.4.2~dev21-7.32.1.noarch",
"product": {
"name": "python-neutron-9.4.2~dev21-7.32.1.noarch",
"product_id": "python-neutron-9.4.2~dev21-7.32.1.noarch"
}
},
{
"category": "product_version",
"name": "python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"product": {
"name": "python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"product_id": "python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch"
}
},
{
"category": "product_version",
"name": "python-nova-14.0.11~dev13-4.34.3.noarch",
"product": {
"name": "python-nova-14.0.11~dev13-4.34.3.noarch",
"product_id": "python-nova-14.0.11~dev13-4.34.3.noarch"
}
},
{
"category": "product_version",
"name": "python-pysaml2-4.0.2-3.11.3.noarch",
"product": {
"name": "python-pysaml2-4.0.2-3.11.3.noarch",
"product_id": "python-pysaml2-4.0.2-3.11.3.noarch"
}
},
{
"category": "product_version",
"name": "python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"product": {
"name": "python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"product_id": "python-tempest-12.2.1~a0~dev177-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "python-urllib3-1.16-3.9.2.noarch",
"product": {
"name": "python-urllib3-1.16-3.9.2.noarch",
"product_id": "python-urllib3-1.16-3.9.2.noarch"
}
},
{
"category": "product_version",
"name": "sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"product": {
"name": "sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"product_id": "sleshammer-aarch64-0.7.0-0.18.12.3.noarch"
}
},
{
"category": "product_version",
"name": "sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"product": {
"name": "sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"product_id": "sleshammer-ppc64le-0.7.0-0.18.12.3.noarch"
}
},
{
"category": "product_version",
"name": "sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"product": {
"name": "sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"product_id": "sleshammer-s390x-0.7.0-0.18.12.3.noarch"
}
},
{
"category": "product_version",
"name": "sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"product": {
"name": "sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"product_id": "sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.ppc64le",
"product": {
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.ppc64le",
"product_id": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.ppc64le"
}
},
{
"category": "product_version",
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.ppc64le",
"product": {
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.ppc64le",
"product_id": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.ppc64le"
}
},
{
"category": "product_version",
"name": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.ppc64le",
"product": {
"name": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.ppc64le",
"product_id": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grafana-4.6.5-1.11.2.ppc64le",
"product": {
"name": "grafana-4.6.5-1.11.2.ppc64le",
"product_id": "grafana-4.6.5-1.11.2.ppc64le"
}
},
{
"category": "product_version",
"name": "novnc-1.0.0-12.1.ppc64le",
"product": {
"name": "novnc-1.0.0-12.1.ppc64le",
"product_id": "novnc-1.0.0-12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.ppc64le",
"product_id": "ruby2.1-rubygem-chef-10.32.2-5.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.ppc64le",
"product_id": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.ppc64le",
"product_id": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rubygem-chef-10.32.2-5.12.1.ppc64le",
"product": {
"name": "rubygem-chef-10.32.2-5.12.1.ppc64le",
"product_id": "rubygem-chef-10.32.2-5.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"product": {
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"product_id": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x"
}
},
{
"category": "product_version",
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"product": {
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"product_id": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x"
}
},
{
"category": "product_version",
"name": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"product": {
"name": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"product_id": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.s390x"
}
},
{
"category": "product_version",
"name": "grafana-4.6.5-1.11.2.s390x",
"product": {
"name": "grafana-4.6.5-1.11.2.s390x",
"product_id": "grafana-4.6.5-1.11.2.s390x"
}
},
{
"category": "product_version",
"name": "novnc-1.0.0-12.1.s390x",
"product": {
"name": "novnc-1.0.0-12.1.s390x",
"product_id": "novnc-1.0.0-12.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"product": {
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"product_id": "ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.s390x",
"product": {
"name": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.s390x",
"product_id": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"product_id": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.s390x",
"product_id": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.s390x",
"product": {
"name": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.s390x",
"product_id": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "rubygem-chef-10.32.2-5.12.1.s390x",
"product": {
"name": "rubygem-chef-10.32.2-5.12.1.s390x",
"product_id": "rubygem-chef-10.32.2-5.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"product": {
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"product_id": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"product": {
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"product_id": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"product": {
"name": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"product_id": "crowbar-core-devel-4.0+git.1570463621.40b11cd48-9.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "grafana-4.6.5-1.11.2.x86_64",
"product": {
"name": "grafana-4.6.5-1.11.2.x86_64",
"product_id": "grafana-4.6.5-1.11.2.x86_64"
}
},
{
"category": "product_version",
"name": "novnc-1.0.0-12.1.x86_64",
"product": {
"name": "novnc-1.0.0-12.1.x86_64",
"product_id": "novnc-1.0.0-12.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"product_id": "ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.x86_64",
"product_id": "ruby2.1-rubygem-chef-testsuite-10.32.2-5.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"product_id": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.x86_64",
"product_id": "ruby2.1-rubygem-easy_diff-doc-1.0.0-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.x86_64",
"product_id": "ruby2.1-rubygem-easy_diff-testsuite-1.0.0-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rubygem-chef-10.32.2-5.12.1.x86_64",
"product": {
"name": "rubygem-chef-10.32.2-5.12.1.x86_64",
"product_id": "rubygem-chef-10.32.2-5.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64"
},
"product_reference": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x"
},
"product_reference": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64"
},
"product_reference": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64"
},
"product_reference": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x"
},
"product_reference": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64"
},
"product_reference": "crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch"
},
"product_reference": "crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-4.6.5-1.11.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64"
},
"product_reference": "grafana-4.6.5-1.11.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "novnc-1.0.0-12.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64"
},
"product_reference": "novnc-1.0.0-12.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "novnc-1.0.0-12.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x"
},
"product_reference": "novnc-1.0.0-12.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "novnc-1.0.0-12.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64"
},
"product_reference": "novnc-1.0.0-12.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-keystone-10.0.3~dev9-7.18.2.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch"
},
"product_reference": "openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch"
},
"product_reference": "openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch"
},
"product_reference": "openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch"
},
"product_reference": "openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch"
},
"product_reference": "openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-server-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-api-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-cells-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-cert-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-compute-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-console-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-doc-14.0.11~dev13-4.34.2.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch"
},
"product_reference": "openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch"
},
"product_reference": "openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch"
},
"product_reference": "openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-keystone-10.0.3~dev9-7.18.2.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch"
},
"product_reference": "python-keystone-10.0.3~dev9-7.18.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-9.4.2~dev21-7.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch"
},
"product_reference": "python-neutron-9.4.2~dev21-7.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch"
},
"product_reference": "python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nova-14.0.11~dev13-4.34.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch"
},
"product_reference": "python-nova-14.0.11~dev13-4.34.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pysaml2-4.0.2-3.11.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch"
},
"product_reference": "python-pysaml2-4.0.2-3.11.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tempest-12.2.1~a0~dev177-4.6.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch"
},
"product_reference": "python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-1.16-3.9.2.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch"
},
"product_reference": "python-urllib3-1.16-3.9.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x"
},
"product_reference": "ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x"
},
"product_reference": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-chef-10.32.2-5.12.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64"
},
"product_reference": "rubygem-chef-10.32.2-5.12.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-chef-10.32.2-5.12.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x"
},
"product_reference": "rubygem-chef-10.32.2-5.12.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-chef-10.32.2-5.12.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64"
},
"product_reference": "rubygem-chef-10.32.2-5.12.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sleshammer-aarch64-0.7.0-0.18.12.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch"
},
"product_reference": "sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sleshammer-ppc64le-0.7.0-0.18.12.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch"
},
"product_reference": "sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sleshammer-s390x-0.7.0-0.18.12.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch"
},
"product_reference": "sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sleshammer-x86_64-0.7.0-0.18.12.3.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
},
"product_reference": "sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64"
},
"product_reference": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64"
},
"product_reference": "crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64"
},
"product_reference": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-chef-10.32.2-5.12.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64"
},
"product_reference": "rubygem-chef-10.32.2-5.12.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-chef-10.32.2-5.12.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64"
},
"product_reference": "rubygem-chef-10.32.2-5.12.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sleshammer-aarch64-0.7.0-0.18.12.3.noarch as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch"
},
"product_reference": "sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sleshammer-x86_64-0.7.0-0.18.12.3.noarch as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
},
"product_reference": "sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10127"
}
],
"notes": [
{
"category": "general",
"text": "PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10127",
"url": "https://www.suse.com/security/cve/CVE-2016-10127"
},
{
"category": "external",
"summary": "SUSE Bug 1019074 for CVE-2016-10127",
"url": "https://bugzilla.suse.com/1019074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-15T12:46:16Z",
"details": "important"
}
],
"title": "CVE-2016-10127"
},
{
"cve": "CVE-2018-15727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15727"
}
],
"notes": [
{
"category": "general",
"text": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15727",
"url": "https://www.suse.com/security/cve/CVE-2018-15727"
},
{
"category": "external",
"summary": "SUSE Bug 1106515 for CVE-2018-15727",
"url": "https://bugzilla.suse.com/1106515"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-15T12:46:16Z",
"details": "important"
}
],
"title": "CVE-2018-15727"
},
{
"cve": "CVE-2018-19039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19039"
}
],
"notes": [
{
"category": "general",
"text": "Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19039",
"url": "https://www.suse.com/security/cve/CVE-2018-19039"
},
{
"category": "external",
"summary": "SUSE Bug 1115960 for CVE-2018-19039",
"url": "https://bugzilla.suse.com/1115960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-15T12:46:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-19039"
},
{
"cve": "CVE-2018-558213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-558213"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15727. Reason: This candidate is a reservation duplicate of CVE-2018-15727. Notes: All CVE users should reference CVE-2018-15727 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-558213",
"url": "https://www.suse.com/security/cve/CVE-2018-558213"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-15T12:46:16Z",
"details": "low"
}
],
"title": "CVE-2018-558213"
},
{
"cve": "CVE-2019-15043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15043"
}
],
"notes": [
{
"category": "general",
"text": "In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15043",
"url": "https://www.suse.com/security/cve/CVE-2019-15043"
},
{
"category": "external",
"summary": "SUSE Bug 1148383 for CVE-2019-15043",
"url": "https://bugzilla.suse.com/1148383"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-15T12:46:16Z",
"details": "important"
}
],
"title": "CVE-2019-15043"
},
{
"cve": "CVE-2019-5477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5477"
}
],
"notes": [
{
"category": "general",
"text": "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby\u0027s `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5477",
"url": "https://www.suse.com/security/cve/CVE-2019-5477"
},
{
"category": "external",
"summary": "SUSE Bug 1146578 for CVE-2019-5477",
"url": "https://bugzilla.suse.com/1146578"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE Enterprise Storage 4:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE Enterprise Storage 4:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE Enterprise Storage 4:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE Enterprise Storage 4:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE Enterprise Storage 4:sleshammer-x86_64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.aarch64",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.s390x",
"SUSE OpenStack Cloud 7:crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1.x86_64",
"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1.noarch",
"SUSE OpenStack Cloud 7:grafana-4.6.5-1.11.2.x86_64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.aarch64",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.s390x",
"SUSE OpenStack Cloud 7:novnc-1.0.0-12.1.x86_64",
"SUSE OpenStack Cloud 7:openstack-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-keystone-doc-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-doc-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-ha-tool-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-l3-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-metering-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-neutron-server-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cells-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-cert-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-compute-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-conductor-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-console-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-consoleauth-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-doc-14.0.11~dev13-4.34.2.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-novncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-placement-api-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-scheduler-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-serialproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-nova-vncproxy-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:openstack-tempest-test-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-keystone-10.0.3~dev9-7.18.2.noarch",
"SUSE OpenStack Cloud 7:python-neutron-9.4.2~dev21-7.32.1.noarch",
"SUSE OpenStack Cloud 7:python-neutron-lbaas-9.2.2~dev11-4.18.3.noarch",
"SUSE OpenStack Cloud 7:python-nova-14.0.11~dev13-4.34.3.noarch",
"SUSE OpenStack Cloud 7:python-pysaml2-4.0.2-3.11.3.noarch",
"SUSE OpenStack Cloud 7:python-tempest-12.2.1~a0~dev177-4.6.3.noarch",
"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.9.2.noarch",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.aarch64",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.s390x",
"SUSE OpenStack Cloud 7:ruby2.1-rubygem-easy_diff-1.0.0-3.3.1.x86_64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.aarch64",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.s390x",
"SUSE OpenStack Cloud 7:rubygem-chef-10.32.2-5.12.1.x86_64",
"SUSE OpenStack Cloud 7:sleshammer-aarch64-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-ppc64le-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-s390x-0.7.0-0.18.12.3.noarch",
"SUSE OpenStack Cloud 7:sleshammer-x86_64-0.7.0-0.18.12.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-15T12:46:16Z",
"details": "important"
}
],
"title": "CVE-2019-5477"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…