Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-21703
Vulnerability from cvelistv5
Published
2022-02-08 20:40
Modified
2025-04-23 19:06
Severity ?
EPSS score ?
Summary
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:35.380Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/grafana/grafana/pull/45083", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-21703", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-23T14:11:04.630434Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-23T19:06:44.591Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "grafana", vendor: "grafana", versions: [ { status: "affected", version: ">= 3.0-beta1, < 7.5.15", }, { status: "affected", version: ">= 8.0.0, < 8.3.5", }, ], }, ], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352: Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-07T07:06:31.000Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/grafana/grafana/pull/45083", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], source: { advisory: "GHSA-cmf4-h3xc-jw8w", discovery: "UNKNOWN", }, title: "Cross Site Request Forgery in Grafana", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-21703", STATE: "PUBLIC", TITLE: "Cross Site Request Forgery in Grafana", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grafana", version: { version_data: [ { version_value: ">= 3.0-beta1, < 7.5.15", }, { version_value: ">= 8.0.0, < 8.3.5", }, ], }, }, ], }, vendor_name: "grafana", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-352: Cross-Site Request Forgery (CSRF)", }, ], }, ], }, references: { reference_data: [ { name: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", refsource: "MISC", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { name: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", refsource: "CONFIRM", url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { name: "https://github.com/grafana/grafana/pull/45083", refsource: "MISC", url: "https://github.com/grafana/grafana/pull/45083", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], }, source: { advisory: "GHSA-cmf4-h3xc-jw8w", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-21703", datePublished: "2022-02-08T20:40:10.000Z", dateReserved: "2021-11-16T00:00:00.000Z", dateUpdated: "2025-04-23T19:06:44.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2022-21703\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-02-08T21:15:20.150\",\"lastModified\":\"2024-11-21T06:45:16.160\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\"},{\"lang\":\"es\",\"value\":\"Grafana es una plataforma de código abierto para la monitorización y la observabilidad. Las versiones afectadas están sujetas a una vulnerabilidad de tipo cross site request forgery que permite a atacantes elevar sus privilegios al montar ataques de origen cruzado contra usuarios autenticados de Grafana con altos privilegios (por ejemplo, editores o administradores). Un atacante puede explotar esta vulnerabilidad para una elevación de privilegios al engañar a un usuario autenticado para que invite al atacante como un nuevo usuario con altos privilegios. Se recomienda a usuarios actualizar lo antes posible. No hay medidas de mitigación adicionales conocidas para este problema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.1\",\"versionEndExcluding\":\"7.5.15\",\"matchCriteriaId\":\"1F2335D6-B310-42E7-8FC8-25B8E2264829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.3.5\",\"matchCriteriaId\":\"16145A8D-9FF1-4EEE-8E29-198B408582B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:3.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D738463C-2E39-42D3-A730-5A49594825CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"152CFB89-E06C-455E-8B72-016F44D33DA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:3.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E44CD01-FC42-4A90-B976-87E65F3C3E44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:3.0.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B0D67F3-2D3C-4DB7-BF59-4719BCF8A613\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:3.0.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"1804B55D-0FAA-4529-9749-8342A779430D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:3.0.0:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAF5DF18-EAD2-4888-B1B7-0506C0F893EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:3.0.0:beta7:*:*:*:*:*:*\",\"matchCriteriaId\":\"9376D16C-2453-4E08-981C-4789F741FA5E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"CC05F69D-6C6B-472D-87B7-84231F14CA8B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://github.com/grafana/grafana/pull/45083\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220303-0005/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/grafana/grafana/pull/45083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220303-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/grafana/grafana/pull/45083\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220303-0005/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/\", \"name\": \"FEDORA-2022-83405f9d5b\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/\", \"name\": \"FEDORA-2022-9dd03cab55\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/\", \"name\": \"FEDORA-2022-c5383675d9\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T02:53:35.380Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-21703\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T14:11:04.630434Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T14:11:05.842Z\"}}], \"cna\": {\"title\": \"Cross Site Request Forgery in Grafana\", \"source\": {\"advisory\": \"GHSA-cmf4-h3xc-jw8w\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"grafana\", \"product\": \"grafana\", \"versions\": [{\"status\": \"affected\", \"version\": \">= 3.0-beta1, < 7.5.15\"}, {\"status\": \"affected\", \"version\": \">= 8.0.0, < 8.3.5\"}]}], \"references\": [{\"url\": \"https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/grafana/grafana/pull/45083\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220303-0005/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/\", \"name\": \"FEDORA-2022-83405f9d5b\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/\", \"name\": \"FEDORA-2022-9dd03cab55\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/\", \"name\": \"FEDORA-2022-c5383675d9\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-05-07T07:06:31.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"GHSA-cmf4-h3xc-jw8w\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \">= 3.0-beta1, < 7.5.15\"}, {\"version_value\": \">= 8.0.0, < 8.3.5\"}]}, \"product_name\": \"grafana\"}]}, \"vendor_name\": \"grafana\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/\", \"name\": \"https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w\", \"name\": \"https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/grafana/grafana/pull/45083\", \"name\": \"https://github.com/grafana/grafana/pull/45083\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220303-0005/\", \"name\": \"https://security.netapp.com/advisory/ntap-20220303-0005/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/\", \"name\": \"FEDORA-2022-83405f9d5b\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/\", \"name\": \"FEDORA-2022-9dd03cab55\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/\", \"name\": \"FEDORA-2022-c5383675d9\", \"refsource\": \"FEDORA\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-21703\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cross Site Request Forgery in Grafana\", \"ASSIGNER\": \"security-advisories@github.com\"}}}}", cveMetadata: "{\"cveId\": \"CVE-2022-21703\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-23T19:06:44.591Z\", \"dateReserved\": \"2021-11-16T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-02-08T20:40:10.000Z\", \"assignerShortName\": \"GitHub_M\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
rhsa-2022_8057
Vulnerability from csaf_redhat
Published
2022-11-15 10:31
Modified
2025-01-06 19:21
Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Notes
Topic
An update for grafana is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grafana is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8057", url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index", }, { category: "external", summary: "2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "2055349", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", }, { category: "external", summary: "2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "2104367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", }, { category: "external", summary: "2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8057.json", }, ], title: "Red Hat Security Advisory: grafana security, bug fix, and enhancement update", tracking: { current_release_date: "2025-01-06T19:21:49+00:00", generator: { date: "2025-01-06T19:21:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2022:8057", initial_release_date: "2022-11-15T10:31:43+00:00", revision_history: [ { date: "2022-11-15T10:31:43+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-15T10:31:43+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T19:21:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.src", product: { name: "grafana-0:7.5.15-3.el9.src", product_id: "grafana-0:7.5.15-3.el9.src", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.aarch64", product: { name: "grafana-0:7.5.15-3.el9.aarch64", product_id: "grafana-0:7.5.15-3.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=aarch64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", product_id: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.ppc64le", product: { name: "grafana-0:7.5.15-3.el9.ppc64le", product_id: "grafana-0:7.5.15-3.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", product_id: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.x86_64", product: { name: "grafana-0:7.5.15-3.el9.x86_64", product_id: "grafana-0:7.5.15-3.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=x86_64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", product_id: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.s390x", product: { name: "grafana-0:7.5.15-3.el9.s390x", product_id: "grafana-0:7.5.15-3.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=s390x", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.s390x", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.s390x", product_id: "grafana-debuginfo-0:7.5.15-3.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", }, product_reference: "grafana-0:7.5.15-3.el9.aarch64", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", }, product_reference: "grafana-0:7.5.15-3.el9.ppc64le", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", }, product_reference: "grafana-0:7.5.15-3.el9.s390x", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", }, product_reference: "grafana-0:7.5.15-3.el9.src", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", }, product_reference: "grafana-0:7.5.15-3.el9.x86_64", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.s390x", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", relates_to_product_reference: "AppStream-9.1.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23648", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-03-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2065290", }, ], notes: [ { category: "description", text: "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.", title: "Vulnerability description", }, { category: "summary", text: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-23648", }, { category: "external", summary: "RHBZ#2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-23648", url: "https://www.cve.org/CVERecord?id=CVE-2021-23648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", }, { category: "external", summary: "https://github.com/braintree/sanitize-url/pull/40", url: "https://github.com/braintree/sanitize-url/pull/40", }, { category: "external", summary: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", url: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", }, ], release_date: "2022-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", }, { cve: "CVE-2022-1705", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107374", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: improper sanitization of Transfer-Encoding header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1705", }, { category: "external", summary: "RHBZ#2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1705", url: "https://www.cve.org/CVERecord?id=CVE-2022-1705", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", }, { category: "external", summary: "https://go.dev/issue/53188", url: "https://go.dev/issue/53188", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: improper sanitization of Transfer-Encoding header", }, { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-21673", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044628", }, ], notes: [ { category: "description", text: "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.", title: "Vulnerability description", }, { category: "summary", text: "grafana: Forward OAuth Identity Token can allow users to access some data sources", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "RHBZ#2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21673", url: "https://www.cve.org/CVERecord?id=CVE-2022-21673", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", }, { category: "external", summary: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", url: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: Forward OAuth Identity Token can allow users to access some data sources", }, { cve: "CVE-2022-21698", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2045880", }, ], notes: [ { category: "description", text: "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream's (the Prometheus project) impact rating.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "RHBZ#2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21698", url: "https://www.cve.org/CVERecord?id=CVE-2022-21698", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", }, { category: "external", summary: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", url: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", }, ], release_date: "2022-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", }, { cve: "CVE-2022-21702", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050648", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.", title: "Vulnerability description", }, { category: "summary", text: "grafana: XSS vulnerability in data source handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "RHBZ#2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21702", url: "https://www.cve.org/CVERecord?id=CVE-2022-21702", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: XSS vulnerability in data source handling", }, { cve: "CVE-2022-21703", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050742", }, ], notes: [ { category: "description", text: "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.", title: "Vulnerability description", }, { category: "summary", text: "grafana: CSRF vulnerability can lead to privilege escalation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "RHBZ#2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21703", url: "https://www.cve.org/CVERecord?id=CVE-2022-21703", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: CSRF vulnerability can lead to privilege escalation", }, { cve: "CVE-2022-21713", cwe: { id: "CWE-425", name: "Direct Request ('Forced Browsing')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050743", }, ], notes: [ { category: "description", text: "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).", title: "Vulnerability description", }, { category: "summary", text: "grafana: IDOR vulnerability can lead to information disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "RHBZ#2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21713", url: "https://www.cve.org/CVERecord?id=CVE-2022-21713", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: IDOR vulnerability can lead to information disclosure", }, { cve: "CVE-2022-28131", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107390", }, ], notes: [ { category: "description", text: "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Decoder.Skip", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28131", }, { category: "external", summary: "RHBZ#2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28131", url: "https://www.cve.org/CVERecord?id=CVE-2022-28131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", }, { category: "external", summary: "https://go.dev/issue/53614", url: "https://go.dev/issue/53614", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Decoder.Skip", }, { cve: "CVE-2022-30630", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107371", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: io/fs: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30630", }, { category: "external", summary: "RHBZ#2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30630", url: "https://www.cve.org/CVERecord?id=CVE-2022-30630", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", }, { category: "external", summary: "https://go.dev/issue/53415", url: "https://go.dev/issue/53415", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: io/fs: stack exhaustion in Glob", }, { cve: "CVE-2022-30631", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107342", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: compress/gzip: stack exhaustion in Reader.Read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30631", }, { category: "external", summary: "RHBZ#2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30631", url: "https://www.cve.org/CVERecord?id=CVE-2022-30631", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", }, { category: "external", summary: "https://go.dev/issue/53168", url: "https://go.dev/issue/53168", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: compress/gzip: stack exhaustion in Reader.Read", }, { cve: "CVE-2022-30632", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107386", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: path/filepath: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30632", }, { category: "external", summary: "RHBZ#2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30632", url: "https://www.cve.org/CVERecord?id=CVE-2022-30632", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", }, { category: "external", summary: "https://go.dev/issue/53416", url: "https://go.dev/issue/53416", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: path/filepath: stack exhaustion in Glob", }, { cve: "CVE-2022-30633", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107392", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Unmarshal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30633", }, { category: "external", summary: "RHBZ#2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30633", url: "https://www.cve.org/CVERecord?id=CVE-2022-30633", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", }, { category: "external", summary: "https://go.dev/issue/53611", url: "https://go.dev/issue/53611", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Unmarshal", }, { cve: "CVE-2022-30635", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107388", }, ], notes: [ { category: "description", text: "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/gob: stack exhaustion in Decoder.Decode", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30635", }, { category: "external", summary: "RHBZ#2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30635", url: "https://www.cve.org/CVERecord?id=CVE-2022-30635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", }, { category: "external", summary: "https://go.dev/issue/53615", url: "https://go.dev/issue/53615", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/gob: stack exhaustion in Decoder.Decode", }, { cve: "CVE-2022-32148", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107383", }, ], notes: [ { category: "description", text: "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-32148", }, { category: "external", summary: "RHBZ#2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-32148", url: "https://www.cve.org/CVERecord?id=CVE-2022-32148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", }, { category: "external", summary: "https://go.dev/issue/53423", url: "https://go.dev/issue/53423", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", }, ], }
RHSA-2022:7519
Vulnerability from csaf_redhat
Published
2022-11-08 09:34
Modified
2025-05-01 15:22
Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Notes
Topic
An update for grafana is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055348)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grafana is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055348)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7519", url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index", }, { category: "external", summary: "2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "2055348", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2055348", }, { category: "external", summary: "2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7519.json", }, ], title: "Red Hat Security Advisory: grafana security, bug fix, and enhancement update", tracking: { current_release_date: "2025-05-01T15:22:03+00:00", generator: { date: "2025-05-01T15:22:03+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2022:7519", initial_release_date: "2022-11-08T09:34:04+00:00", revision_history: [ { date: "2022-11-08T09:34:04+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-08T09:34:04+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-01T15:22:03+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.src", product: { name: "grafana-0:7.5.15-3.el8.src", product_id: "grafana-0:7.5.15-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.aarch64", product: { name: "grafana-0:7.5.15-3.el8.aarch64", product_id: "grafana-0:7.5.15-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", product_id: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.ppc64le", product: { name: "grafana-0:7.5.15-3.el8.ppc64le", product_id: "grafana-0:7.5.15-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", product_id: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.x86_64", product: { name: "grafana-0:7.5.15-3.el8.x86_64", product_id: "grafana-0:7.5.15-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", product_id: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.s390x", product: { name: "grafana-0:7.5.15-3.el8.s390x", product_id: "grafana-0:7.5.15-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.s390x", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.s390x", product_id: "grafana-debuginfo-0:7.5.15-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", }, product_reference: "grafana-0:7.5.15-3.el8.aarch64", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", }, product_reference: "grafana-0:7.5.15-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", }, product_reference: "grafana-0:7.5.15-3.el8.s390x", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", }, product_reference: "grafana-0:7.5.15-3.el8.src", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", }, product_reference: "grafana-0:7.5.15-3.el8.x86_64", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.s390x", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", relates_to_product_reference: "AppStream-8.7.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23648", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-03-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2065290", }, ], notes: [ { category: "description", text: "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.", title: "Vulnerability description", }, { category: "summary", text: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-23648", }, { category: "external", summary: "RHBZ#2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-23648", url: "https://www.cve.org/CVERecord?id=CVE-2021-23648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", }, { category: "external", summary: "https://github.com/braintree/sanitize-url/pull/40", url: "https://github.com/braintree/sanitize-url/pull/40", }, { category: "external", summary: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", url: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", }, ], release_date: "2022-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", }, { cve: "CVE-2022-1705", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107374", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: improper sanitization of Transfer-Encoding header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1705", }, { category: "external", summary: "RHBZ#2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1705", url: "https://www.cve.org/CVERecord?id=CVE-2022-1705", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", }, { category: "external", summary: "https://go.dev/issue/53188", url: "https://go.dev/issue/53188", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: improper sanitization of Transfer-Encoding header", }, { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-21673", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044628", }, ], notes: [ { category: "description", text: "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.", title: "Vulnerability description", }, { category: "summary", text: "grafana: Forward OAuth Identity Token can allow users to access some data sources", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "RHBZ#2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21673", url: "https://www.cve.org/CVERecord?id=CVE-2022-21673", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", }, { category: "external", summary: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", url: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: Forward OAuth Identity Token can allow users to access some data sources", }, { cve: "CVE-2022-21698", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2045880", }, ], notes: [ { category: "description", text: "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream's (the Prometheus project) impact rating.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "RHBZ#2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21698", url: "https://www.cve.org/CVERecord?id=CVE-2022-21698", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", }, { category: "external", summary: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", url: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", }, ], release_date: "2022-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", }, { cve: "CVE-2022-21702", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050648", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.", title: "Vulnerability description", }, { category: "summary", text: "grafana: XSS vulnerability in data source handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "RHBZ#2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21702", url: "https://www.cve.org/CVERecord?id=CVE-2022-21702", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: XSS vulnerability in data source handling", }, { cve: "CVE-2022-21703", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050742", }, ], notes: [ { category: "description", text: "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.", title: "Vulnerability description", }, { category: "summary", text: "grafana: CSRF vulnerability can lead to privilege escalation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "RHBZ#2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21703", url: "https://www.cve.org/CVERecord?id=CVE-2022-21703", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: CSRF vulnerability can lead to privilege escalation", }, { cve: "CVE-2022-21713", cwe: { id: "CWE-425", name: "Direct Request ('Forced Browsing')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050743", }, ], notes: [ { category: "description", text: "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).", title: "Vulnerability description", }, { category: "summary", text: "grafana: IDOR vulnerability can lead to information disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "RHBZ#2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21713", url: "https://www.cve.org/CVERecord?id=CVE-2022-21713", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: IDOR vulnerability can lead to information disclosure", }, { cve: "CVE-2022-28131", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107390", }, ], notes: [ { category: "description", text: "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Decoder.Skip", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28131", }, { category: "external", summary: "RHBZ#2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28131", url: "https://www.cve.org/CVERecord?id=CVE-2022-28131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", }, { category: "external", summary: "https://go.dev/issue/53614", url: "https://go.dev/issue/53614", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Decoder.Skip", }, { cve: "CVE-2022-30630", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107371", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: io/fs: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30630", }, { category: "external", summary: "RHBZ#2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30630", url: "https://www.cve.org/CVERecord?id=CVE-2022-30630", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", }, { category: "external", summary: "https://go.dev/issue/53415", url: "https://go.dev/issue/53415", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: io/fs: stack exhaustion in Glob", }, { cve: "CVE-2022-30631", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107342", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: compress/gzip: stack exhaustion in Reader.Read", title: "Vulnerability summary", }, { category: "other", text: "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30631", }, { category: "external", summary: "RHBZ#2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30631", url: "https://www.cve.org/CVERecord?id=CVE-2022-30631", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", }, { category: "external", summary: "https://go.dev/issue/53168", url: "https://go.dev/issue/53168", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: compress/gzip: stack exhaustion in Reader.Read", }, { cve: "CVE-2022-30632", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107386", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: path/filepath: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30632", }, { category: "external", summary: "RHBZ#2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30632", url: "https://www.cve.org/CVERecord?id=CVE-2022-30632", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", }, { category: "external", summary: "https://go.dev/issue/53416", url: "https://go.dev/issue/53416", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: path/filepath: stack exhaustion in Glob", }, { cve: "CVE-2022-30633", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107392", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Unmarshal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30633", }, { category: "external", summary: "RHBZ#2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30633", url: "https://www.cve.org/CVERecord?id=CVE-2022-30633", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", }, { category: "external", summary: "https://go.dev/issue/53611", url: "https://go.dev/issue/53611", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Unmarshal", }, { cve: "CVE-2022-30635", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107388", }, ], notes: [ { category: "description", text: "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/gob: stack exhaustion in Decoder.Decode", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30635", }, { category: "external", summary: "RHBZ#2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30635", url: "https://www.cve.org/CVERecord?id=CVE-2022-30635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", }, { category: "external", summary: "https://go.dev/issue/53615", url: "https://go.dev/issue/53615", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/gob: stack exhaustion in Decoder.Decode", }, { cve: "CVE-2022-32148", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107383", }, ], notes: [ { category: "description", text: "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with account management controls, including integration with single sign-on (SSO), to ensure that user permissions are restricted to only the functions necessary for their roles. Access to sensitive information is explicitly authorized and enforced based on predefined access policies. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, which helps identify patterns of unauthorized access or data exposure. The platform enforces the use of validated cryptographic modules across compute resources to protect the confidentiality of information, even in the event of interception.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-32148", }, { category: "external", summary: "RHBZ#2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-32148", url: "https://www.cve.org/CVERecord?id=CVE-2022-32148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", }, { category: "external", summary: "https://go.dev/issue/53423", url: "https://go.dev/issue/53423", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", }, ], }
RHSA-2022:8057
Vulnerability from csaf_redhat
Published
2022-11-15 10:31
Modified
2025-05-01 15:22
Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Notes
Topic
An update for grafana is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grafana is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8057", url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index", }, { category: "external", summary: "2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "2055349", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", }, { category: "external", summary: "2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "2104367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", }, { category: "external", summary: "2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8057.json", }, ], title: "Red Hat Security Advisory: grafana security, bug fix, and enhancement update", tracking: { current_release_date: "2025-05-01T15:22:37+00:00", generator: { date: "2025-05-01T15:22:37+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2022:8057", initial_release_date: "2022-11-15T10:31:43+00:00", revision_history: [ { date: "2022-11-15T10:31:43+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-15T10:31:43+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-01T15:22:37+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.src", product: { name: "grafana-0:7.5.15-3.el9.src", product_id: "grafana-0:7.5.15-3.el9.src", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.aarch64", product: { name: "grafana-0:7.5.15-3.el9.aarch64", product_id: "grafana-0:7.5.15-3.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=aarch64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", product_id: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.ppc64le", product: { name: "grafana-0:7.5.15-3.el9.ppc64le", product_id: "grafana-0:7.5.15-3.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", product_id: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.x86_64", product: { name: "grafana-0:7.5.15-3.el9.x86_64", product_id: "grafana-0:7.5.15-3.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=x86_64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", product_id: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.s390x", product: { name: "grafana-0:7.5.15-3.el9.s390x", product_id: "grafana-0:7.5.15-3.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=s390x", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.s390x", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.s390x", product_id: "grafana-debuginfo-0:7.5.15-3.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", }, product_reference: "grafana-0:7.5.15-3.el9.aarch64", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", }, product_reference: "grafana-0:7.5.15-3.el9.ppc64le", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", }, product_reference: "grafana-0:7.5.15-3.el9.s390x", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", }, product_reference: "grafana-0:7.5.15-3.el9.src", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", }, product_reference: "grafana-0:7.5.15-3.el9.x86_64", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.s390x", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", relates_to_product_reference: "AppStream-9.1.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23648", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-03-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2065290", }, ], notes: [ { category: "description", text: "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.", title: "Vulnerability description", }, { category: "summary", text: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-23648", }, { category: "external", summary: "RHBZ#2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-23648", url: "https://www.cve.org/CVERecord?id=CVE-2021-23648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", }, { category: "external", summary: "https://github.com/braintree/sanitize-url/pull/40", url: "https://github.com/braintree/sanitize-url/pull/40", }, { category: "external", summary: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", url: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", }, ], release_date: "2022-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", }, { cve: "CVE-2022-1705", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107374", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: improper sanitization of Transfer-Encoding header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1705", }, { category: "external", summary: "RHBZ#2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1705", url: "https://www.cve.org/CVERecord?id=CVE-2022-1705", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", }, { category: "external", summary: "https://go.dev/issue/53188", url: "https://go.dev/issue/53188", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: improper sanitization of Transfer-Encoding header", }, { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-21673", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044628", }, ], notes: [ { category: "description", text: "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.", title: "Vulnerability description", }, { category: "summary", text: "grafana: Forward OAuth Identity Token can allow users to access some data sources", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "RHBZ#2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21673", url: "https://www.cve.org/CVERecord?id=CVE-2022-21673", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", }, { category: "external", summary: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", url: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: Forward OAuth Identity Token can allow users to access some data sources", }, { cve: "CVE-2022-21698", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2045880", }, ], notes: [ { category: "description", text: "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream's (the Prometheus project) impact rating.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "RHBZ#2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21698", url: "https://www.cve.org/CVERecord?id=CVE-2022-21698", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", }, { category: "external", summary: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", url: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", }, ], release_date: "2022-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", }, { cve: "CVE-2022-21702", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050648", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.", title: "Vulnerability description", }, { category: "summary", text: "grafana: XSS vulnerability in data source handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "RHBZ#2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21702", url: "https://www.cve.org/CVERecord?id=CVE-2022-21702", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: XSS vulnerability in data source handling", }, { cve: "CVE-2022-21703", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050742", }, ], notes: [ { category: "description", text: "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.", title: "Vulnerability description", }, { category: "summary", text: "grafana: CSRF vulnerability can lead to privilege escalation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "RHBZ#2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21703", url: "https://www.cve.org/CVERecord?id=CVE-2022-21703", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: CSRF vulnerability can lead to privilege escalation", }, { cve: "CVE-2022-21713", cwe: { id: "CWE-425", name: "Direct Request ('Forced Browsing')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050743", }, ], notes: [ { category: "description", text: "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).", title: "Vulnerability description", }, { category: "summary", text: "grafana: IDOR vulnerability can lead to information disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "RHBZ#2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21713", url: "https://www.cve.org/CVERecord?id=CVE-2022-21713", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: IDOR vulnerability can lead to information disclosure", }, { cve: "CVE-2022-28131", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107390", }, ], notes: [ { category: "description", text: "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Decoder.Skip", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28131", }, { category: "external", summary: "RHBZ#2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28131", url: "https://www.cve.org/CVERecord?id=CVE-2022-28131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", }, { category: "external", summary: "https://go.dev/issue/53614", url: "https://go.dev/issue/53614", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Decoder.Skip", }, { cve: "CVE-2022-30630", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107371", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: io/fs: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30630", }, { category: "external", summary: "RHBZ#2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30630", url: "https://www.cve.org/CVERecord?id=CVE-2022-30630", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", }, { category: "external", summary: "https://go.dev/issue/53415", url: "https://go.dev/issue/53415", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: io/fs: stack exhaustion in Glob", }, { cve: "CVE-2022-30631", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107342", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: compress/gzip: stack exhaustion in Reader.Read", title: "Vulnerability summary", }, { category: "other", text: "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30631", }, { category: "external", summary: "RHBZ#2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30631", url: "https://www.cve.org/CVERecord?id=CVE-2022-30631", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", }, { category: "external", summary: "https://go.dev/issue/53168", url: "https://go.dev/issue/53168", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: compress/gzip: stack exhaustion in Reader.Read", }, { cve: "CVE-2022-30632", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107386", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: path/filepath: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30632", }, { category: "external", summary: "RHBZ#2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30632", url: "https://www.cve.org/CVERecord?id=CVE-2022-30632", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", }, { category: "external", summary: "https://go.dev/issue/53416", url: "https://go.dev/issue/53416", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: path/filepath: stack exhaustion in Glob", }, { cve: "CVE-2022-30633", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107392", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Unmarshal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30633", }, { category: "external", summary: "RHBZ#2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30633", url: "https://www.cve.org/CVERecord?id=CVE-2022-30633", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", }, { category: "external", summary: "https://go.dev/issue/53611", url: "https://go.dev/issue/53611", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Unmarshal", }, { cve: "CVE-2022-30635", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107388", }, ], notes: [ { category: "description", text: "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/gob: stack exhaustion in Decoder.Decode", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30635", }, { category: "external", summary: "RHBZ#2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30635", url: "https://www.cve.org/CVERecord?id=CVE-2022-30635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", }, { category: "external", summary: "https://go.dev/issue/53615", url: "https://go.dev/issue/53615", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/gob: stack exhaustion in Decoder.Decode", }, { cve: "CVE-2022-32148", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107383", }, ], notes: [ { category: "description", text: "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with account management controls, including integration with single sign-on (SSO), to ensure that user permissions are restricted to only the functions necessary for their roles. Access to sensitive information is explicitly authorized and enforced based on predefined access policies. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, which helps identify patterns of unauthorized access or data exposure. The platform enforces the use of validated cryptographic modules across compute resources to protect the confidentiality of information, even in the event of interception.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-32148", }, { category: "external", summary: "RHBZ#2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-32148", url: "https://www.cve.org/CVERecord?id=CVE-2022-32148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", }, { category: "external", summary: "https://go.dev/issue/53423", url: "https://go.dev/issue/53423", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", }, ], }
rhsa-2022:7519
Vulnerability from csaf_redhat
Published
2022-11-08 09:34
Modified
2025-05-01 15:22
Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Notes
Topic
An update for grafana is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055348)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grafana is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055348)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7519", url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index", }, { category: "external", summary: "2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "2055348", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2055348", }, { category: "external", summary: "2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7519.json", }, ], title: "Red Hat Security Advisory: grafana security, bug fix, and enhancement update", tracking: { current_release_date: "2025-05-01T15:22:03+00:00", generator: { date: "2025-05-01T15:22:03+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2022:7519", initial_release_date: "2022-11-08T09:34:04+00:00", revision_history: [ { date: "2022-11-08T09:34:04+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-08T09:34:04+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-01T15:22:03+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.src", product: { name: "grafana-0:7.5.15-3.el8.src", product_id: "grafana-0:7.5.15-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.aarch64", product: { name: "grafana-0:7.5.15-3.el8.aarch64", product_id: "grafana-0:7.5.15-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", product_id: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.ppc64le", product: { name: "grafana-0:7.5.15-3.el8.ppc64le", product_id: "grafana-0:7.5.15-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", product_id: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.x86_64", product: { name: "grafana-0:7.5.15-3.el8.x86_64", product_id: "grafana-0:7.5.15-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", product_id: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.s390x", product: { name: "grafana-0:7.5.15-3.el8.s390x", product_id: "grafana-0:7.5.15-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.s390x", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.s390x", product_id: "grafana-debuginfo-0:7.5.15-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", }, product_reference: "grafana-0:7.5.15-3.el8.aarch64", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", }, product_reference: "grafana-0:7.5.15-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", }, product_reference: "grafana-0:7.5.15-3.el8.s390x", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", }, product_reference: "grafana-0:7.5.15-3.el8.src", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", }, product_reference: "grafana-0:7.5.15-3.el8.x86_64", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.s390x", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", relates_to_product_reference: "AppStream-8.7.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23648", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-03-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2065290", }, ], notes: [ { category: "description", text: "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.", title: "Vulnerability description", }, { category: "summary", text: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-23648", }, { category: "external", summary: "RHBZ#2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-23648", url: "https://www.cve.org/CVERecord?id=CVE-2021-23648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", }, { category: "external", summary: "https://github.com/braintree/sanitize-url/pull/40", url: "https://github.com/braintree/sanitize-url/pull/40", }, { category: "external", summary: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", url: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", }, ], release_date: "2022-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", }, { cve: "CVE-2022-1705", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107374", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: improper sanitization of Transfer-Encoding header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1705", }, { category: "external", summary: "RHBZ#2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1705", url: "https://www.cve.org/CVERecord?id=CVE-2022-1705", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", }, { category: "external", summary: "https://go.dev/issue/53188", url: "https://go.dev/issue/53188", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: improper sanitization of Transfer-Encoding header", }, { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-21673", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044628", }, ], notes: [ { category: "description", text: "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.", title: "Vulnerability description", }, { category: "summary", text: "grafana: Forward OAuth Identity Token can allow users to access some data sources", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "RHBZ#2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21673", url: "https://www.cve.org/CVERecord?id=CVE-2022-21673", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", }, { category: "external", summary: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", url: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: Forward OAuth Identity Token can allow users to access some data sources", }, { cve: "CVE-2022-21698", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2045880", }, ], notes: [ { category: "description", text: "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream's (the Prometheus project) impact rating.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "RHBZ#2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21698", url: "https://www.cve.org/CVERecord?id=CVE-2022-21698", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", }, { category: "external", summary: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", url: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", }, ], release_date: "2022-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", }, { cve: "CVE-2022-21702", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050648", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.", title: "Vulnerability description", }, { category: "summary", text: "grafana: XSS vulnerability in data source handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "RHBZ#2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21702", url: "https://www.cve.org/CVERecord?id=CVE-2022-21702", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: XSS vulnerability in data source handling", }, { cve: "CVE-2022-21703", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050742", }, ], notes: [ { category: "description", text: "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.", title: "Vulnerability description", }, { category: "summary", text: "grafana: CSRF vulnerability can lead to privilege escalation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "RHBZ#2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21703", url: "https://www.cve.org/CVERecord?id=CVE-2022-21703", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: CSRF vulnerability can lead to privilege escalation", }, { cve: "CVE-2022-21713", cwe: { id: "CWE-425", name: "Direct Request ('Forced Browsing')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050743", }, ], notes: [ { category: "description", text: "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).", title: "Vulnerability description", }, { category: "summary", text: "grafana: IDOR vulnerability can lead to information disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "RHBZ#2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21713", url: "https://www.cve.org/CVERecord?id=CVE-2022-21713", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: IDOR vulnerability can lead to information disclosure", }, { cve: "CVE-2022-28131", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107390", }, ], notes: [ { category: "description", text: "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Decoder.Skip", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28131", }, { category: "external", summary: "RHBZ#2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28131", url: "https://www.cve.org/CVERecord?id=CVE-2022-28131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", }, { category: "external", summary: "https://go.dev/issue/53614", url: "https://go.dev/issue/53614", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Decoder.Skip", }, { cve: "CVE-2022-30630", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107371", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: io/fs: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30630", }, { category: "external", summary: "RHBZ#2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30630", url: "https://www.cve.org/CVERecord?id=CVE-2022-30630", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", }, { category: "external", summary: "https://go.dev/issue/53415", url: "https://go.dev/issue/53415", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: io/fs: stack exhaustion in Glob", }, { cve: "CVE-2022-30631", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107342", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: compress/gzip: stack exhaustion in Reader.Read", title: "Vulnerability summary", }, { category: "other", text: "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30631", }, { category: "external", summary: "RHBZ#2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30631", url: "https://www.cve.org/CVERecord?id=CVE-2022-30631", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", }, { category: "external", summary: "https://go.dev/issue/53168", url: "https://go.dev/issue/53168", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: compress/gzip: stack exhaustion in Reader.Read", }, { cve: "CVE-2022-30632", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107386", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: path/filepath: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30632", }, { category: "external", summary: "RHBZ#2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30632", url: "https://www.cve.org/CVERecord?id=CVE-2022-30632", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", }, { category: "external", summary: "https://go.dev/issue/53416", url: "https://go.dev/issue/53416", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: path/filepath: stack exhaustion in Glob", }, { cve: "CVE-2022-30633", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107392", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Unmarshal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30633", }, { category: "external", summary: "RHBZ#2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30633", url: "https://www.cve.org/CVERecord?id=CVE-2022-30633", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", }, { category: "external", summary: "https://go.dev/issue/53611", url: "https://go.dev/issue/53611", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Unmarshal", }, { cve: "CVE-2022-30635", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107388", }, ], notes: [ { category: "description", text: "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/gob: stack exhaustion in Decoder.Decode", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30635", }, { category: "external", summary: "RHBZ#2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30635", url: "https://www.cve.org/CVERecord?id=CVE-2022-30635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", }, { category: "external", summary: "https://go.dev/issue/53615", url: "https://go.dev/issue/53615", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/gob: stack exhaustion in Decoder.Decode", }, { cve: "CVE-2022-32148", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107383", }, ], notes: [ { category: "description", text: "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with account management controls, including integration with single sign-on (SSO), to ensure that user permissions are restricted to only the functions necessary for their roles. Access to sensitive information is explicitly authorized and enforced based on predefined access policies. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, which helps identify patterns of unauthorized access or data exposure. The platform enforces the use of validated cryptographic modules across compute resources to protect the confidentiality of information, even in the event of interception.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-32148", }, { category: "external", summary: "RHBZ#2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-32148", url: "https://www.cve.org/CVERecord?id=CVE-2022-32148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", }, { category: "external", summary: "https://go.dev/issue/53423", url: "https://go.dev/issue/53423", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", }, ], }
rhsa-2022:8057
Vulnerability from csaf_redhat
Published
2022-11-15 10:31
Modified
2025-05-01 15:22
Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Notes
Topic
An update for grafana is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grafana is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:8057", url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index", }, { category: "external", summary: "2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "2055349", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", }, { category: "external", summary: "2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "2104367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", }, { category: "external", summary: "2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8057.json", }, ], title: "Red Hat Security Advisory: grafana security, bug fix, and enhancement update", tracking: { current_release_date: "2025-05-01T15:22:37+00:00", generator: { date: "2025-05-01T15:22:37+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2022:8057", initial_release_date: "2022-11-15T10:31:43+00:00", revision_history: [ { date: "2022-11-15T10:31:43+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-15T10:31:43+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-01T15:22:37+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.src", product: { name: "grafana-0:7.5.15-3.el9.src", product_id: "grafana-0:7.5.15-3.el9.src", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.aarch64", product: { name: "grafana-0:7.5.15-3.el9.aarch64", product_id: "grafana-0:7.5.15-3.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=aarch64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", product_id: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.ppc64le", product: { name: "grafana-0:7.5.15-3.el9.ppc64le", product_id: "grafana-0:7.5.15-3.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", product_id: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.x86_64", product: { name: "grafana-0:7.5.15-3.el9.x86_64", product_id: "grafana-0:7.5.15-3.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=x86_64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", product_id: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el9.s390x", product: { name: "grafana-0:7.5.15-3.el9.s390x", product_id: "grafana-0:7.5.15-3.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=s390x", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el9.s390x", product: { name: "grafana-debuginfo-0:7.5.15-3.el9.s390x", product_id: "grafana-debuginfo-0:7.5.15-3.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", }, product_reference: "grafana-0:7.5.15-3.el9.aarch64", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", }, product_reference: "grafana-0:7.5.15-3.el9.ppc64le", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", }, product_reference: "grafana-0:7.5.15-3.el9.s390x", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", }, product_reference: "grafana-0:7.5.15-3.el9.src", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", }, product_reference: "grafana-0:7.5.15-3.el9.x86_64", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.aarch64", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.s390x", relates_to_product_reference: "AppStream-9.1.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el9.x86_64", relates_to_product_reference: "AppStream-9.1.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23648", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-03-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2065290", }, ], notes: [ { category: "description", text: "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.", title: "Vulnerability description", }, { category: "summary", text: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-23648", }, { category: "external", summary: "RHBZ#2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-23648", url: "https://www.cve.org/CVERecord?id=CVE-2021-23648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", }, { category: "external", summary: "https://github.com/braintree/sanitize-url/pull/40", url: "https://github.com/braintree/sanitize-url/pull/40", }, { category: "external", summary: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", url: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", }, ], release_date: "2022-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", }, { cve: "CVE-2022-1705", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107374", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: improper sanitization of Transfer-Encoding header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1705", }, { category: "external", summary: "RHBZ#2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1705", url: "https://www.cve.org/CVERecord?id=CVE-2022-1705", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", }, { category: "external", summary: "https://go.dev/issue/53188", url: "https://go.dev/issue/53188", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: improper sanitization of Transfer-Encoding header", }, { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-21673", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044628", }, ], notes: [ { category: "description", text: "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.", title: "Vulnerability description", }, { category: "summary", text: "grafana: Forward OAuth Identity Token can allow users to access some data sources", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "RHBZ#2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21673", url: "https://www.cve.org/CVERecord?id=CVE-2022-21673", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", }, { category: "external", summary: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", url: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: Forward OAuth Identity Token can allow users to access some data sources", }, { cve: "CVE-2022-21698", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2045880", }, ], notes: [ { category: "description", text: "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream's (the Prometheus project) impact rating.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "RHBZ#2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21698", url: "https://www.cve.org/CVERecord?id=CVE-2022-21698", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", }, { category: "external", summary: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", url: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", }, ], release_date: "2022-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", }, { cve: "CVE-2022-21702", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050648", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.", title: "Vulnerability description", }, { category: "summary", text: "grafana: XSS vulnerability in data source handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "RHBZ#2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21702", url: "https://www.cve.org/CVERecord?id=CVE-2022-21702", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: XSS vulnerability in data source handling", }, { cve: "CVE-2022-21703", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050742", }, ], notes: [ { category: "description", text: "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.", title: "Vulnerability description", }, { category: "summary", text: "grafana: CSRF vulnerability can lead to privilege escalation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "RHBZ#2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21703", url: "https://www.cve.org/CVERecord?id=CVE-2022-21703", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: CSRF vulnerability can lead to privilege escalation", }, { cve: "CVE-2022-21713", cwe: { id: "CWE-425", name: "Direct Request ('Forced Browsing')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050743", }, ], notes: [ { category: "description", text: "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).", title: "Vulnerability description", }, { category: "summary", text: "grafana: IDOR vulnerability can lead to information disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "RHBZ#2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21713", url: "https://www.cve.org/CVERecord?id=CVE-2022-21713", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: IDOR vulnerability can lead to information disclosure", }, { cve: "CVE-2022-28131", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107390", }, ], notes: [ { category: "description", text: "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Decoder.Skip", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28131", }, { category: "external", summary: "RHBZ#2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28131", url: "https://www.cve.org/CVERecord?id=CVE-2022-28131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", }, { category: "external", summary: "https://go.dev/issue/53614", url: "https://go.dev/issue/53614", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Decoder.Skip", }, { cve: "CVE-2022-30630", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107371", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: io/fs: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30630", }, { category: "external", summary: "RHBZ#2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30630", url: "https://www.cve.org/CVERecord?id=CVE-2022-30630", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", }, { category: "external", summary: "https://go.dev/issue/53415", url: "https://go.dev/issue/53415", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: io/fs: stack exhaustion in Glob", }, { cve: "CVE-2022-30631", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107342", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: compress/gzip: stack exhaustion in Reader.Read", title: "Vulnerability summary", }, { category: "other", text: "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30631", }, { category: "external", summary: "RHBZ#2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30631", url: "https://www.cve.org/CVERecord?id=CVE-2022-30631", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", }, { category: "external", summary: "https://go.dev/issue/53168", url: "https://go.dev/issue/53168", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: compress/gzip: stack exhaustion in Reader.Read", }, { cve: "CVE-2022-30632", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107386", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: path/filepath: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30632", }, { category: "external", summary: "RHBZ#2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30632", url: "https://www.cve.org/CVERecord?id=CVE-2022-30632", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", }, { category: "external", summary: "https://go.dev/issue/53416", url: "https://go.dev/issue/53416", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: path/filepath: stack exhaustion in Glob", }, { cve: "CVE-2022-30633", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107392", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Unmarshal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30633", }, { category: "external", summary: "RHBZ#2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30633", url: "https://www.cve.org/CVERecord?id=CVE-2022-30633", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", }, { category: "external", summary: "https://go.dev/issue/53611", url: "https://go.dev/issue/53611", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Unmarshal", }, { cve: "CVE-2022-30635", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107388", }, ], notes: [ { category: "description", text: "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/gob: stack exhaustion in Decoder.Decode", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30635", }, { category: "external", summary: "RHBZ#2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30635", url: "https://www.cve.org/CVERecord?id=CVE-2022-30635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", }, { category: "external", summary: "https://go.dev/issue/53615", url: "https://go.dev/issue/53615", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/gob: stack exhaustion in Decoder.Decode", }, { cve: "CVE-2022-32148", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107383", }, ], notes: [ { category: "description", text: "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with account management controls, including integration with single sign-on (SSO), to ensure that user permissions are restricted to only the functions necessary for their roles. Access to sensitive information is explicitly authorized and enforced based on predefined access policies. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, which helps identify patterns of unauthorized access or data exposure. The platform enforces the use of validated cryptographic modules across compute resources to protect the confidentiality of information, even in the event of interception.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-32148", }, { category: "external", summary: "RHBZ#2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-32148", url: "https://www.cve.org/CVERecord?id=CVE-2022-32148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", }, { category: "external", summary: "https://go.dev/issue/53423", url: "https://go.dev/issue/53423", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-15T10:31:43+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:8057", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", }, ], }
rhsa-2022_7519
Vulnerability from csaf_redhat
Published
2022-11-08 09:34
Modified
2025-01-06 19:21
Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Notes
Topic
An update for grafana is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055348)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for grafana is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055348)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:7519", url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index", }, { category: "external", summary: "2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "2055348", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2055348", }, { category: "external", summary: "2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7519.json", }, ], title: "Red Hat Security Advisory: grafana security, bug fix, and enhancement update", tracking: { current_release_date: "2025-01-06T19:21:44+00:00", generator: { date: "2025-01-06T19:21:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2022:7519", initial_release_date: "2022-11-08T09:34:04+00:00", revision_history: [ { date: "2022-11-08T09:34:04+00:00", number: "1", summary: "Initial version", }, { date: "2022-11-08T09:34:04+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T19:21:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.src", product: { name: "grafana-0:7.5.15-3.el8.src", product_id: "grafana-0:7.5.15-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.aarch64", product: { name: "grafana-0:7.5.15-3.el8.aarch64", product_id: "grafana-0:7.5.15-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=aarch64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", product_id: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.ppc64le", product: { name: "grafana-0:7.5.15-3.el8.ppc64le", product_id: "grafana-0:7.5.15-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", product_id: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.x86_64", product: { name: "grafana-0:7.5.15-3.el8.x86_64", product_id: "grafana-0:7.5.15-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", product_id: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "grafana-0:7.5.15-3.el8.s390x", product: { name: "grafana-0:7.5.15-3.el8.s390x", product_id: "grafana-0:7.5.15-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "grafana-debuginfo-0:7.5.15-3.el8.s390x", product: { name: "grafana-debuginfo-0:7.5.15-3.el8.s390x", product_id: "grafana-debuginfo-0:7.5.15-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", }, product_reference: "grafana-0:7.5.15-3.el8.aarch64", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", }, product_reference: "grafana-0:7.5.15-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", }, product_reference: "grafana-0:7.5.15-3.el8.s390x", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", }, product_reference: "grafana-0:7.5.15-3.el8.src", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-0:7.5.15-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", }, product_reference: "grafana-0:7.5.15-3.el8.x86_64", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.aarch64", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.s390x", relates_to_product_reference: "AppStream-8.7.0.GA", }, { category: "default_component_of", full_product_name: { name: "grafana-debuginfo-0:7.5.15-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", }, product_reference: "grafana-debuginfo-0:7.5.15-3.el8.x86_64", relates_to_product_reference: "AppStream-8.7.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23648", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-03-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2065290", }, ], notes: [ { category: "description", text: "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.", title: "Vulnerability description", }, { category: "summary", text: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-23648", }, { category: "external", summary: "RHBZ#2065290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-23648", url: "https://www.cve.org/CVERecord?id=CVE-2021-23648", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", }, { category: "external", summary: "https://github.com/braintree/sanitize-url/pull/40", url: "https://github.com/braintree/sanitize-url/pull/40", }, { category: "external", summary: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", url: "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", }, ], release_date: "2022-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", }, { cve: "CVE-2022-1705", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107374", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: improper sanitization of Transfer-Encoding header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1705", }, { category: "external", summary: "RHBZ#2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1705", url: "https://www.cve.org/CVERecord?id=CVE-2022-1705", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", }, { category: "external", summary: "https://go.dev/issue/53188", url: "https://go.dev/issue/53188", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: improper sanitization of Transfer-Encoding header", }, { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-21673", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2022-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2044628", }, ], notes: [ { category: "description", text: "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.", title: "Vulnerability description", }, { category: "summary", text: "grafana: Forward OAuth Identity Token can allow users to access some data sources", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "RHBZ#2044628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21673", url: "https://www.cve.org/CVERecord?id=CVE-2022-21673", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", }, { category: "external", summary: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", url: "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", }, ], release_date: "2022-01-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: Forward OAuth Identity Token can allow users to access some data sources", }, { cve: "CVE-2022-21698", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, discovery_date: "2022-01-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2045880", }, ], notes: [ { category: "description", text: "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream's (the Prometheus project) impact rating.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "RHBZ#2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21698", url: "https://www.cve.org/CVERecord?id=CVE-2022-21698", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", }, { category: "external", summary: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", url: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", }, ], release_date: "2022-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", }, { cve: "CVE-2022-21702", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050648", }, ], notes: [ { category: "description", text: "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.", title: "Vulnerability description", }, { category: "summary", text: "grafana: XSS vulnerability in data source handling", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "RHBZ#2050648", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21702", url: "https://www.cve.org/CVERecord?id=CVE-2022-21702", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", url: "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: XSS vulnerability in data source handling", }, { cve: "CVE-2022-21703", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050742", }, ], notes: [ { category: "description", text: "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.", title: "Vulnerability description", }, { category: "summary", text: "grafana: CSRF vulnerability can lead to privilege escalation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "RHBZ#2050742", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21703", url: "https://www.cve.org/CVERecord?id=CVE-2022-21703", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "workaround", details: "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: CSRF vulnerability can lead to privilege escalation", }, { cve: "CVE-2022-21713", cwe: { id: "CWE-425", name: "Direct Request ('Forced Browsing')", }, discovery_date: "2022-01-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050743", }, ], notes: [ { category: "description", text: "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).", title: "Vulnerability description", }, { category: "summary", text: "grafana: IDOR vulnerability can lead to information disclosure", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "RHBZ#2050743", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21713", url: "https://www.cve.org/CVERecord?id=CVE-2022-21713", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", }, { category: "external", summary: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", url: "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", }, { category: "external", summary: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, ], release_date: "2022-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "grafana: IDOR vulnerability can lead to information disclosure", }, { cve: "CVE-2022-28131", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107390", }, ], notes: [ { category: "description", text: "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Decoder.Skip", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28131", }, { category: "external", summary: "RHBZ#2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28131", url: "https://www.cve.org/CVERecord?id=CVE-2022-28131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", }, { category: "external", summary: "https://go.dev/issue/53614", url: "https://go.dev/issue/53614", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Decoder.Skip", }, { cve: "CVE-2022-30630", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107371", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: io/fs: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30630", }, { category: "external", summary: "RHBZ#2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30630", url: "https://www.cve.org/CVERecord?id=CVE-2022-30630", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", }, { category: "external", summary: "https://go.dev/issue/53415", url: "https://go.dev/issue/53415", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: io/fs: stack exhaustion in Glob", }, { cve: "CVE-2022-30631", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107342", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: compress/gzip: stack exhaustion in Reader.Read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30631", }, { category: "external", summary: "RHBZ#2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30631", url: "https://www.cve.org/CVERecord?id=CVE-2022-30631", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", }, { category: "external", summary: "https://go.dev/issue/53168", url: "https://go.dev/issue/53168", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: compress/gzip: stack exhaustion in Reader.Read", }, { cve: "CVE-2022-30632", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107386", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: path/filepath: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30632", }, { category: "external", summary: "RHBZ#2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30632", url: "https://www.cve.org/CVERecord?id=CVE-2022-30632", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", }, { category: "external", summary: "https://go.dev/issue/53416", url: "https://go.dev/issue/53416", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: path/filepath: stack exhaustion in Glob", }, { cve: "CVE-2022-30633", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107392", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Unmarshal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30633", }, { category: "external", summary: "RHBZ#2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30633", url: "https://www.cve.org/CVERecord?id=CVE-2022-30633", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", }, { category: "external", summary: "https://go.dev/issue/53611", url: "https://go.dev/issue/53611", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Unmarshal", }, { cve: "CVE-2022-30635", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107388", }, ], notes: [ { category: "description", text: "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/gob: stack exhaustion in Decoder.Decode", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30635", }, { category: "external", summary: "RHBZ#2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30635", url: "https://www.cve.org/CVERecord?id=CVE-2022-30635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", }, { category: "external", summary: "https://go.dev/issue/53615", url: "https://go.dev/issue/53615", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/gob: stack exhaustion in Decoder.Decode", }, { cve: "CVE-2022-32148", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107383", }, ], notes: [ { category: "description", text: "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-32148", }, { category: "external", summary: "RHBZ#2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-32148", url: "https://www.cve.org/CVERecord?id=CVE-2022-32148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", }, { category: "external", summary: "https://go.dev/issue/53423", url: "https://go.dev/issue/53423", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-11-08T09:34:04+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:7519", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", }, ], }
WID-SEC-W-2022-0407
Vulnerability from csaf_certbund
Published
2022-02-08 23:00
Modified
2024-01-23 23:00
Summary
Grafana: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Grafana ist eine Open-Source Analyse- und Visualisierungssoftware.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Grafana ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, um Administratorrechte zu erlangen und um Informationen offenzulegen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Grafana ist eine Open-Source Analyse- und Visualisierungssoftware.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Grafana ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, um Administratorrechte zu erlangen und um Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-0407 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0407.json", }, { category: "self", summary: "WID-SEC-2022-0407 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0407", }, { category: "external", summary: "Grafana 7.5.15 and 8.3.5 released vom 2022-02-08", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:0751-1 vom 2022-03-08", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010387.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:1396-1 vom 2022-04-25", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010822.html", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2022-116 vom 2022-05-27", url: "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-116/index.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:2134-1 vom 2022-06-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011316.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3676-1 vom 2022-10-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012594.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3765-1 vom 2022-10-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012701.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:7519 vom 2022-11-08", url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8057 vom 2022-11-15", url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0191-1 vom 2024-01-23", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017744.html", }, ], source_lang: "en-US", title: "Grafana: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-23T23:00:00.000+00:00", generator: { date: "2024-08-15T17:28:56.132+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-0407", initial_release_date: "2022-02-08T23:00:00.000+00:00", revision_history: [ { date: "2022-02-08T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-03-08T23:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-04-10T22:00:00.000+00:00", number: "3", summary: "Referenz(en) aufgenommen: FEDORA-2022-83405F9D5B, FEDORA-2022-9DD03CAB55, FEDORA-2022-C5383675D9", }, { date: "2022-04-25T22:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-05-26T22:00:00.000+00:00", number: "5", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2022-06-20T22:00:00.000+00:00", number: "6", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-10-20T22:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-10-26T22:00:00.000+00:00", number: "8", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-11-08T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-11-15T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-01-23T23:00:00.000+00:00", number: "11", summary: "Neue Updates von SUSE aufgenommen", }, ], status: "final", version: "11", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, ], category: "vendor", name: "Hitachi", }, { branches: [ { branches: [ { category: "product_name", name: "Open Source Grafana < 7.5.15", product: { name: "Open Source Grafana < 7.5.15", product_id: "T022023", product_identification_helper: { cpe: "cpe:/a:grafana:grafana:7.5.15", }, }, }, { category: "product_name", name: "Open Source Grafana < 8.3.5", product: { name: "Open Source Grafana < 8.3.5", product_id: "T022024", product_identification_helper: { cpe: "cpe:/a:grafana:grafana:8.3.5", }, }, }, ], category: "product_name", name: "Grafana", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2022-21702", notes: [ { category: "description", text: "In Grafana existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden bezüglich der Datenquellen nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter authentisierter Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T002207", "67646", "T017562", ], }, release_date: "2022-02-08T23:00:00.000+00:00", title: "CVE-2022-21702", }, { cve: "CVE-2022-21703", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Grafana aufgrund einer Cross-Site Request Forgery Problematik. Ein Angreifer kann durch einen CSRF Angriff einen Administrator dazu bringen, eine Einladung vom Grafana Server aus zu versenden. In der Folge erhält der Angreifer ein privilegiertes Nutzerkonto. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T002207", "67646", ], }, release_date: "2022-02-08T23:00:00.000+00:00", title: "CVE-2022-21703", }, { cve: "CVE-2022-21713", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Grafana bezüglich verschiedener API Endpunkte unter \"/teams\". Ein Angreifer kann dadurch Informationen offenlegen.", }, ], product_status: { known_affected: [ "T002207", "67646", ], }, release_date: "2022-02-08T23:00:00.000+00:00", title: "CVE-2022-21713", }, ], }
wid-sec-w-2022-0407
Vulnerability from csaf_certbund
Published
2022-02-08 23:00
Modified
2024-01-23 23:00
Summary
Grafana: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Grafana ist eine Open-Source Analyse- und Visualisierungssoftware.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Grafana ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, um Administratorrechte zu erlangen und um Informationen offenzulegen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Grafana ist eine Open-Source Analyse- und Visualisierungssoftware.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Grafana ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, um Administratorrechte zu erlangen und um Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows\n- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-0407 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0407.json", }, { category: "self", summary: "WID-SEC-2022-0407 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0407", }, { category: "external", summary: "Grafana 7.5.15 and 8.3.5 released vom 2022-02-08", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:0751-1 vom 2022-03-08", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010387.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:1396-1 vom 2022-04-25", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010822.html", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2022-116 vom 2022-05-27", url: "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-116/index.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:2134-1 vom 2022-06-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011316.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3676-1 vom 2022-10-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012594.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3765-1 vom 2022-10-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012701.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:7519 vom 2022-11-08", url: "https://access.redhat.com/errata/RHSA-2022:7519", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8057 vom 2022-11-15", url: "https://access.redhat.com/errata/RHSA-2022:8057", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0191-1 vom 2024-01-23", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017744.html", }, ], source_lang: "en-US", title: "Grafana: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-23T23:00:00.000+00:00", generator: { date: "2024-08-15T17:28:56.132+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-0407", initial_release_date: "2022-02-08T23:00:00.000+00:00", revision_history: [ { date: "2022-02-08T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-03-08T23:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-04-10T22:00:00.000+00:00", number: "3", summary: "Referenz(en) aufgenommen: FEDORA-2022-83405F9D5B, FEDORA-2022-9DD03CAB55, FEDORA-2022-C5383675D9", }, { date: "2022-04-25T22:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-05-26T22:00:00.000+00:00", number: "5", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2022-06-20T22:00:00.000+00:00", number: "6", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-10-20T22:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-10-26T22:00:00.000+00:00", number: "8", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2022-11-08T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-11-15T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-01-23T23:00:00.000+00:00", number: "11", summary: "Neue Updates von SUSE aufgenommen", }, ], status: "final", version: "11", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T017562", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, ], category: "vendor", name: "Hitachi", }, { branches: [ { branches: [ { category: "product_name", name: "Open Source Grafana < 7.5.15", product: { name: "Open Source Grafana < 7.5.15", product_id: "T022023", product_identification_helper: { cpe: "cpe:/a:grafana:grafana:7.5.15", }, }, }, { category: "product_name", name: "Open Source Grafana < 8.3.5", product: { name: "Open Source Grafana < 8.3.5", product_id: "T022024", product_identification_helper: { cpe: "cpe:/a:grafana:grafana:8.3.5", }, }, }, ], category: "product_name", name: "Grafana", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2022-21702", notes: [ { category: "description", text: "In Grafana existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden bezüglich der Datenquellen nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter authentisierter Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T002207", "67646", "T017562", ], }, release_date: "2022-02-08T23:00:00.000+00:00", title: "CVE-2022-21702", }, { cve: "CVE-2022-21703", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Grafana aufgrund einer Cross-Site Request Forgery Problematik. Ein Angreifer kann durch einen CSRF Angriff einen Administrator dazu bringen, eine Einladung vom Grafana Server aus zu versenden. In der Folge erhält der Angreifer ein privilegiertes Nutzerkonto. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T002207", "67646", ], }, release_date: "2022-02-08T23:00:00.000+00:00", title: "CVE-2022-21703", }, { cve: "CVE-2022-21713", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Grafana bezüglich verschiedener API Endpunkte unter \"/teams\". Ein Angreifer kann dadurch Informationen offenlegen.", }, ], product_status: { known_affected: [ "T002207", "67646", ], }, release_date: "2022-02-08T23:00:00.000+00:00", title: "CVE-2022-21713", }, ], }
gsd-2022-21703
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-21703", description: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", id: "GSD-2022-21703", references: [ "https://www.suse.com/security/cve/CVE-2022-21703.html", "https://access.redhat.com/errata/RHSA-2022:7519", "https://access.redhat.com/errata/RHSA-2022:8057", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-21703", ], details: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", id: "GSD-2022-21703", modified: "2023-12-13T01:19:13.888455Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-21703", STATE: "PUBLIC", TITLE: "Cross Site Request Forgery in Grafana", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grafana", version: { version_data: [ { version_value: ">= 3.0-beta1, < 7.5.15", }, { version_value: ">= 8.0.0, < 8.3.5", }, ], }, }, ], }, vendor_name: "grafana", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-352: Cross-Site Request Forgery (CSRF)", }, ], }, ], }, references: { reference_data: [ { name: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", refsource: "MISC", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { name: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", refsource: "CONFIRM", url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { name: "https://github.com/grafana/grafana/pull/45083", refsource: "MISC", url: "https://github.com/grafana/grafana/pull/45083", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], }, source: { advisory: "GHSA-cmf4-h3xc-jw8w", discovery: "UNKNOWN", }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.3.5", versionStartIncluding: "8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grafana:grafana:3.0.0:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grafana:grafana:3.0.0:beta2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grafana:grafana:3.0.0:beta3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grafana:grafana:3.0.0:beta4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grafana:grafana:3.0.0:beta5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grafana:grafana:3.0.0:beta6:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grafana:grafana:3.0.0:beta7:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.5.15", versionStartIncluding: "3.0.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-21703", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-352", }, { lang: "en", value: "CWE-352", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/grafana/grafana/pull/45083", refsource: "MISC", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/pull/45083", }, { name: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", refsource: "MISC", tags: [ "Mitigation", "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { name: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", refsource: "CONFIRM", tags: [ "Mitigation", "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0005/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { name: "FEDORA-2022-83405f9d5b", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { name: "FEDORA-2022-9dd03cab55", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { name: "FEDORA-2022-c5383675d9", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, }, }, lastModifiedDate: "2022-09-10T02:41Z", publishedDate: "2022-02-08T21:15Z", }, }, }
suse-su-2022:1396-1
Vulnerability from csaf_suse
Published
2022-04-25 14:43
Modified
2022-04-25 14:43
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
grafana:
- Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)
+ Security:
* Fixes XSS vulnerability in handling data sources
(bsc#1195726, CVE-2022-21702)
* Fixes cross-origin request forgery vulnerability
(bsc#1195727, CVE-2022-21703)
* Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713)
- Update to Go 1.17.
- Add build-time dependency on `wire`.
- Update license to GNU Affero General Public License v3.0.
- Update to version 8.3.4
* GetUserInfo: return an error if no user was found
(bsc#1194873, CVE-2022-21673)
+ Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user
cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource
migration.
+ Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics
dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group
bys.
* Configuration: You can now see your expired API keys if you
have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single
field.
* Export: Fix error being thrown when exporting dashboards
using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and
name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of $__rate_interval variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields
when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when
signing a private plugin.
* Variables: Fix so data source variables are added to adhoc
configuration.
+ Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins
to prevent plugins from crashing.
- Update to version 8.3.3:
* BarChart: Use new data error view component to show actions
in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from
8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the
manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in
InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser
and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram
metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with
multiple fields.
* TraceView: Fix virtualized scrolling when trace view is
opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed
variables.
* Variables: Fix so queryparam option works for scoped
- Update to version 8.3.2
+ Security: Fixes CVE-2021-43813 and CVE-2021-43815.
- Update to version 8.3.1
+ Security: Fixes CVE-2021-43798.
- Update to version 8.3.0
* Alerting: Prevent folders from being deleted when they
contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit
panel.
* Visualizations: Limit y label width to 40% of visualization
width.
* Alerting: Clear alerting rule evaluation errors after
intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges
smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only
sets color.
- Update to version 8.3.0-beta2
+ Breaking changes:
* Grafana 8 Alerting enabled by default for installations that
do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when
upgrading to Grafana 8 alerting.
* Alerting: Create DatasourceError alert if evaluation returns
error.
* Alerting: Make Unified Alerting enabled by default for those
who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api
for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data
sources and to the changelog.
* Plugins Catalog: Enable install controls based on the
pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and
JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo
and Zipkin.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader
introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and
other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access
mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring
spanIDs.
* Tracing: Show start time of trace with milliseconds
precision.
* Variables: Make renamed or missing variable section
expandable.
* Select: Select menus now properly scroll during keyboard
navigation.
- Update to version 8.3.0-beta1
* Alerting: Add UI for contact point testing with custom
annotations and labels.
* Alerting: Make alert state indicator in panel header work
with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT
auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with
Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max
concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram
aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in
the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels
between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating
PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in
Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to
Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via
legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time
fields.
* Variables: Only update panels that are impacted by variable
change.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data
source.
* Azure monitor: Make sure alert rule editor is not enabled
when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to
CodeEditor.
* Dashboard: Remove the current panel from the list of options
in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query
endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* grafana/ui: Enable slider marks display.
- Update to version 8.2.7
- Update to version 8.2.6
* Security: Upgrade Docker base image to Alpine 3.14.3.
* Security: Upgrade Go to 1.17.2.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of
unrelated series.
- Update to version 8.2.5
* Fix No Data behaviour in Legacy Alerting.
* Alerting: Fix a bug where the metric in the evaluation string
was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert
rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL
queries.
* Dashboards: 'Copy' is no longer added to new dashboard
titles.
* DataProxy: Fix overriding response body when response is a
WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field
for date_histogram aggregations.
* Explore: Fix running queries without a datasource property
set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
- Update to version 8.2.4
+ Security: Fixes CVE-2021-41244.
- Update to version 8.2.3
+ Security: Fixes CVE-2021-41174.
- Update to version 8.2.2
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource
filter query.
* Packaging: We removed the ProcSubset option in systemd. This
option prevented Grafana from starting in LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them
more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge,
bar gauge, and pie chart visualizations.
* Alerting: Fix panic when Slack's API sends unexpected
response.
* Alerting: The Create Alert button now appears on the
dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel
disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is
parsed to an object.
* Prometheus: We fixed the issue where the system did not reuse
TCP connections when querying from Grafana alerting.
* Prometheus: We fixed the problem that resulted in an error
when a user created a query with a $__interval min step.
* RowsToFields: We fixed the issue where the system was not
properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data
min = data max.
* Table panel: You can now create a filter that includes
special characters.
- Update to version 8.2.1
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not
found.
* Packaging: Remove systemcallfilters sections from systemd
unit files.
* Prometheus: Add Headers to HTTP client options.
- Update to version 8.2.0
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream
Prometheus AM implementation.
* Alerting: Allows more characters in label names so
notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using
/api/v1/rules endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in
Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with
* CodeEditor: Ensure that we trigger the latest onSave callback
provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Plugins: Create a mock icon component to prevent console
errors.
- Update to version 8.2.0-beta2
* AccessControl: Document new permissions restricting data
source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using
configuration options.
* Alerting: Cleanups alertmanager namespace from key-value
store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new
settings for enabling Grafana 8 alerts and disabling them for
specific organisations.
* CloudWatch: Introduced new math expression where it is
necessary to specify the period field.
* InfluxDB: Added support for $__interval and $__interval_ms in
Flux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end
timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact
with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* Alerting: Fixed an issue where the edit page crashes if you
tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8
alert rules.
* Alerting: Fixed the silence file content generated during
* Analytics: Fixed an issue related to interaction event
propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even
though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables
with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip
error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use
resultFormat.
* Loki: Fixed creating context query for logs with parsed
labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after
an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not
showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh
pages when pressing enter in a text box variable input.
* Variables: Panel no longer crash when using the adhoc
variable in data links.
- Update to version 8.2.0-beta1
* AccessControl: Introduce new permissions to restrict access
for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names,
and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and
Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them
easier to locate.
* Alerting: Support org level isolation of notification
* AzureMonitor: Add data links to deep link to Azure Portal
Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor
Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request
fails in ConfigEditor.
* Chore: Update to Golang 1.16.7.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs
in logs.
* CloudWatch Logs: Disable query path using websockets (Live)
feature.
* CloudWatch/Logs: Don't group dataframes for non time series
* Cloudwatch: Migrate queries that use multiple stats to one
query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource
responses.
* Explore: Add filter by trace or span ID to trace to logs
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields
buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in
tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing
library elements.
* LibraryPanels: Remove library panel icon from the panel
header so you can no longer tell that a panel is a library
panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting
in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number
of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to
backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in
XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or
boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Admin: Prevent user from deleting user's current/active
organization.
* LibraryPanels: Fix library panel getting saved in the
dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip
is set to All.
* Grafana UI: Fix TS error property css is missing in type.
- Update to version 8.1.8
- Update to version 8.1.7
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
- Update to version 8.1.6
+ Security: Fixes CVE-2021-39226.
- Update to version 8.1.5
* BarChart: Fixes panel error that happens on second refresh.
- Update to version 8.1.4
+ Features and enhancements
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
- Update to version 8.1.3
+ Bug fixes
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Docker: Force use of libcrypto1.1 and libssl1.1 versions to
fix CVE-2021-3711.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric
values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being
created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed
correctly.
* Prometheus: Fix validate selector in metrics browser.
* Security: Fix stylesheet injection vulnerability.
* Security: Fix short URL vulnerability.
- Update to version 8.1.2
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible
Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* Toolkit: Fix matchMedia not found error.
- Update to version 8.1.1
* CloudWatch Logs: Fix crash when no region is selected.
- Update to version 8.1.0
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in
everywhere.
* TimeRangePicker: Improve accessibility.
* Annotations: Correct annotations that are displayed upon page
refresh.
* Annotations: Fix Enabled button that disappeared from Grafana
v8.0.6.
* Annotations: Fix data source template variable that was not
available for annotations.
* AzureMonitor: Fix annotations query editor that does not
load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list
* Loki: Update labels in log browser when time range changes in
dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting ->
Normal.
* PasswordField: Prevent a password from being displayed when
you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Security: Update dependencies to fix CVE-2021-36222.
- Update to version 8.1.0-beta3
* Alerting: Support label matcher syntax in alert rule list
filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Docker: Fix builds by delaying go mod verify until all
required files are copied over.
* Exemplars: Fix disable exemplars only on the query that
failed.
* SQL: Fix SQL dataframe resampling (fill mode + time
intervals).
- Update to version 8.1.0-beta2
* Alerting: Expand the value string in alert annotations and
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication
proxy.
* Gazetteer: Update countries.json file to allow for linking to
3-letter country codes.
* Config: Fix Docker builds by correcting formatting in
sample.ini.
* Explore: Fix encoding of internal URLs.
- Update to version 8.1.0-beta1
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Toolkit: Improve error messages when tasks fail.
- Update to version 8.0.7
- Update to version 8.0.6
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
- Update to version 8.0.5
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
- Update to version 8.0.4
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
- Update to version 8.0.3
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
- Update to version 8.0.2
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
- Update to version 8.0.1
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
- Update to version 8.0.0
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
GET /dashboards/db/:slug
GET /dashboard-solo/db/:slug
GET /api/dashboard/db/:slug
DELETE /api/dashboards/db/:slug
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
- Update to version 8.0.0-beta3
* The default HTTP method for Prometheus data source is now
POST.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
- Update to version 8.0.0-beta2
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
* Variables: Refreshes all panels even if panel is full screen.
* QueryField: Remove carriage return character from pasted text.
- Update to version 8.0.0-beta1
+ License update:
* AGPL License: Update license from Apache 2.0 to the GNU
Affero General Public License (AGPL).
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
+ Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and
showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get
the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext
(breaking change).
- Update to version 7.5.13
* Alerting: Fix NoDataFound for alert rules using AND operator.
mgr-cfg:
- Version 4.2.8-1
* Fix the condition for preventing building python 2 subpackage
for SLE15 (bsc#1197579)
- Version 4.2.7-1
* Fix installation problem for SLE15SP4 due missing python-selinux
mgr-osad:
- Version 4.2.8-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
mgr-push:
- Version 4.2.5-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
mgr-virtualization:
- Version 4.2.4-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
prometheus-postgres_exporter:
- Version 0.10.0
* Added hardening to systemd service(s) with changes to `prometheus-postgres_exporter.service` (bsc#1181400)
* Package rename from golang-github-wrouesnel-postgres_exporter (jsc#SLE-23051)
rhnlib:
- Version 4.2.6-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
spacecmd:
- Version 4.2.16-1
* implement system.bootstrap (bsc#1194909)
* Fix interactive mode for 'system_applyerrata' and 'errata_apply' (bsc#1194363)
spacewalk-client-tools:
- Version 4.2.18-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
- Version 4.2.17-1
* Update translation strings
spacewalk-koan:
- Version 4.2.6-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
spacewalk-oscap:
- Version 4.2.4-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
suseRegisterInfo:
- Version 4.2.6-1
* Fix the condition for preventing building python 2 subpackage
for SLE15
Patchnames
SUSE-2022-1396,SUSE-SLE-Manager-Tools-15-2022-1396,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1396,openSUSE-SLE-15.3-2022-1396,openSUSE-SLE-15.4-2022-1396
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\ngrafana:\n\n- Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)\n + Security:\n * Fixes XSS vulnerability in handling data sources\n (bsc#1195726, CVE-2022-21702)\n * Fixes cross-origin request forgery vulnerability\n (bsc#1195727, CVE-2022-21703)\n * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713)\n- Update to Go 1.17.\n- Add build-time dependency on `wire`.\n- Update license to GNU Affero General Public License v3.0.\n- Update to version 8.3.4\n * GetUserInfo: return an error if no user was found\n (bsc#1194873, CVE-2022-21673)\n + Features and enhancements:\n * Alerting: Allow configuration of non-ready alertmanagers.\n * Alerting: Allow customization of Google chat message.\n * AppPlugins: Support app plugins with only default nav.\n * InfluxDB: query editor: skip fields in metadata queries.\n * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user\n cancels query in grafana.\n * Prometheus: Forward oauth tokens after prometheus datasource\n migration.\n + Bug fixes:\n * Azure Monitor: Bug fix for variable interpolations in metrics\n dropdowns.\n * Azure Monitor: Improved error messages for variable queries.\n * CloudMonitoring: Fixes broken variable queries that use group\n bys.\n * Configuration: You can now see your expired API keys if you\n have no active ones.\n * Elasticsearch: Fix handling multiple datalinks for a single\n field.\n * Export: Fix error being thrown when exporting dashboards\n using query variables that reference the default datasource.\n * ImportDashboard: Fixes issue with importing dashboard and\n name ending up in uid.\n * Login: Page no longer overflows on mobile.\n * Plugins: Set backend metadata property for core plugins.\n * Prometheus: Fill missing steps with null values.\n * Prometheus: Fix interpolation of $__rate_interval variable.\n * Prometheus: Interpolate variables with curly brackets syntax.\n * Prometheus: Respect the http-method data source setting.\n * Table: Fixes issue with field config applied to wrong fields\n when hiding columns.\n * Toolkit: Fix bug with rootUrls not being properly parsed when\n signing a private plugin.\n * Variables: Fix so data source variables are added to adhoc\n configuration.\n + Plugin development fixes & changes:\n * Toolkit: Revert build config so tslib is bundled with plugins\n to prevent plugins from crashing.\n- Update to version 8.3.3:\n * BarChart: Use new data error view component to show actions\n in panel edit.\n * CloudMonitor: Iterate over pageToken for resources.\n * Macaron: Prevent WriteHeader invalid HTTP status code panic.\n * AnnoListPanel: Fix interpolation of variables in tags.\n * CloudWatch: Allow queries to have no dimensions specified.\n * CloudWatch: Fix broken queries for users migrating from\n 8.2.4/8.2.5 to 8.3.0.\n * CloudWatch: Make sure MatchExact flag gets the right value.\n * Dashboards: Fix so that empty folders can be deleted from the\n manage dashboards/folders page.\n * InfluxDB: Improve handling of metadata query errors in\n InfluxQL.\n * Loki: Fix adding of ad hoc filters for queries with parser\n and line_format expressions.\n * Prometheus: Fix running of exemplar queries for non-histogram\n metrics.\n * Prometheus: Interpolate template variables in interval.\n * StateTimeline: Fix toolitp not showing when for frames with\n multiple fields.\n * TraceView: Fix virtualized scrolling when trace view is\n opened in right pane in Explore.\n * Variables: Fix repeating panels for on time range changed\n variables.\n * Variables: Fix so queryparam option works for scoped\n- Update to version 8.3.2\n + Security: Fixes CVE-2021-43813 and CVE-2021-43815.\n- Update to version 8.3.1\n + Security: Fixes CVE-2021-43798.\n- Update to version 8.3.0\n * Alerting: Prevent folders from being deleted when they\n contain alerts.\n * Alerting: Show full preview value in tooltip.\n * BarGauge: Limit title width when name is really long.\n * CloudMonitoring: Avoid to escape regexps in filters.\n * CloudWatch: Add support for AWS Metric Insights.\n * TooltipPlugin: Remove other panels' shared tooltip in edit\n panel.\n * Visualizations: Limit y label width to 40% of visualization\n width.\n * Alerting: Clear alerting rule evaluation errors after\n intermittent failures.\n * Alerting: Fix refresh on legacy Alert List panel.\n * Dashboard: Fix queries for panels with non-integer widths.\n * Explore: Fix url update inconsistency.\n * Prometheus: Fix range variables interpolation for time ranges\n smaller than 1 second.\n * ValueMappings: Fixes issue with regex value mapping that only\n sets color.\n- Update to version 8.3.0-beta2\n + Breaking changes:\n * Grafana 8 Alerting enabled by default for installations that\n do not use legacy alerting.\n * Keep Last State for 'If execution error or timeout' when\n upgrading to Grafana 8 alerting.\n * Alerting: Create DatasourceError alert if evaluation returns\n error.\n * Alerting: Make Unified Alerting enabled by default for those\n who do not use legacy alerting.\n * Alerting: Support mute timings configuration through the api\n for the embedded alert manager.\n * CloudWatch: Add missing AWS/Events metrics.\n * Docs: Add easier to find deprecation notices to certain data\n sources and to the changelog.\n * Plugins Catalog: Enable install controls based on the\n pluginAdminEnabled flag.\n * Table: Add space between values for the DefaultCell and\n JSONViewCell.\n * Tracing: Make query editors available in dashboard for Tempo\n and Zipkin.\n * AccessControl: Renamed orgs roles, removed fixed:orgs:reader\n introduced in beta1.\n * Azure Monitor: Add trap focus for modals in grafana/ui and\n other small a11y fixes for Azure Monitor.\n * CodeEditor: Prevent suggestions from being clipped.\n * Dashboard: Fix cache timeout persistence.\n * Datasource: Fix stable sort order of query responses.\n * Explore: Fix error in query history when removing last item.\n * Logs: Fix requesting of older logs when flipped order.\n * Prometheus: Fix running of health check query based on access\n mode.\n * TextPanel: Fix suggestions for existing panels.\n * Tracing: Fix incorrect indentations due to reoccurring\n spanIDs.\n * Tracing: Show start time of trace with milliseconds\n precision.\n * Variables: Make renamed or missing variable section\n expandable.\n * Select: Select menus now properly scroll during keyboard\n navigation.\n- Update to version 8.3.0-beta1\n * Alerting: Add UI for contact point testing with custom\n annotations and labels.\n * Alerting: Make alert state indicator in panel header work\n with Grafana 8 alerts.\n * Alerting: Option for Discord notifier to use webhook name.\n * Annotations: Deprecate AnnotationsSrv.\n * Auth: Omit all base64 paddings in JWT tokens for the JWT\n auth.\n * Azure Monitor: Clean up fields when editing Metrics.\n * AzureMonitor: Add new starter dashboards.\n * AzureMonitor: Add starter dashboard for app monitoring with\n Application Insights.\n * Barchart/Time series: Allow x axis label.\n * CLI: Improve error handling for installing plugins.\n * CloudMonitoring: Migrate to use backend plugin SDK contracts.\n * CloudWatch Logs: Add retry strategy for hitting max\n concurrent queries.\n * CloudWatch: Add AWS RoboMaker metrics and dimension.\n * CloudWatch: Add AWS Transfer metrics and dimension.\n * Dashboard: replace datasource name with a reference object.\n * Dashboards: Show logs on time series when hovering.\n * Elasticsearch: Add support for Elasticsearch 8.0 (Beta).\n * Elasticsearch: Add time zone setting to Date Histogram\n aggregation.\n * Elasticsearch: Enable full range log volume histogram.\n * Elasticsearch: Full range logs volume.\n * Explore: Allow changing the graph type.\n * Explore: Show ANSI colors when highlighting matched words in\n the logs panel.\n * Graph(old) panel: Listen to events from Time series panel.\n * Import: Load gcom dashboards from URL.\n * LibraryPanels: Improves export and import of library panels\n between orgs.\n * OAuth: Support PKCE.\n * Panel edit: Overrides now highlight correctly when searching.\n * PanelEdit: Display drag indicators on draggable sections.\n * Plugins: Refactor Plugin Management.\n * Prometheus: Add custom query parameters when creating\n PromLink url.\n * Prometheus: Remove limits on metrics, labels, and values in\n Metrics Browser.\n * StateTimeline: Share cursor with rest of the panels.\n * Tempo: Add error details when json upload fails.\n * Tempo: Add filtering for service graph query.\n * Tempo: Add links to nodes in Service Graph pointing to\n Prometheus metrics.\n * Time series/Bar chart panel: Add ability to sort series via\n legend.\n * TimeSeries: Allow multiple axes for the same unit.\n * TraceView: Allow span links defined on dataFrame.\n * Transformations: Support a rows mode in labels to fields.\n * ValueMappings: Don't apply field config defaults to time\n fields.\n * Variables: Only update panels that are impacted by variable\n change.\n * API: Fix dashboard quota limit for imports.\n * Alerting: Fix rule editor issues with Azure Monitor data\n source.\n * Azure monitor: Make sure alert rule editor is not enabled\n when template variables are being used.\n * CloudMonitoring: Fix annotation queries.\n * CodeEditor: Trigger the latest getSuggestions() passed to\n CodeEditor.\n * Dashboard: Remove the current panel from the list of options\n in the Dashboard datasource.\n * Encryption: Fix decrypting secrets in alerting migration.\n * InfluxDB: Fix corner case where index is too large in ALIAS\n * NavBar: Order App plugins alphabetically.\n * NodeGraph: Fix zooming sensitivity on touchpads.\n * Plugins: Add OAuth pass-through logic to api/ds/query\n endpoint.\n * Snapshots: Fix panel inspector for snapshot data.\n * Tempo: Fix basic auth password reset on adding tag.\n * ValueMapping: Fixes issue with regex mappings.\n * grafana/ui: Enable slider marks display.\n- Update to version 8.2.7\n- Update to version 8.2.6\n * Security: Upgrade Docker base image to Alpine 3.14.3.\n * Security: Upgrade Go to 1.17.2.\n * TimeSeries: Fix fillBelowTo wrongly affecting fills of\n unrelated series.\n- Update to version 8.2.5\n * Fix No Data behaviour in Legacy Alerting.\n * Alerting: Fix a bug where the metric in the evaluation string\n was not correctly populated.\n * Alerting: Fix no data behaviour in Legacy Alerting for alert\n rules using the AND operator.\n * CloudMonitoring: Ignore min and max aggregation in MQL\n queries.\n * Dashboards: 'Copy' is no longer added to new dashboard\n titles.\n * DataProxy: Fix overriding response body when response is a\n WebSocket upgrade.\n * Elasticsearch: Use field configured in query editor as field\n for date_histogram aggregations.\n * Explore: Fix running queries without a datasource property\n set.\n * InfluxDB: Fix numeric aliases in queries.\n * Plugins: Ensure consistent plugin settings list response.\n * Tempo: Fix validation of float durations.\n * Tracing: Correct tags for each span are shown.\n- Update to version 8.2.4\n + Security: Fixes CVE-2021-41244.\n- Update to version 8.2.3\n + Security: Fixes CVE-2021-41174.\n- Update to version 8.2.2\n * Annotations: We have improved tag search performance.\n * Application: You can now configure an error-template title.\n * AzureMonitor: We removed a restriction from the resource\n filter query.\n * Packaging: We removed the ProcSubset option in systemd. This\n option prevented Grafana from starting in LXC environments.\n * Prometheus: We removed the autocomplete limit for metrics.\n * Table: We improved the styling of the type icons to make them\n more distinct from column / field name.\n * ValueMappings: You can now use value mapping in stat, gauge,\n bar gauge, and pie chart visualizations.\n * Alerting: Fix panic when Slack's API sends unexpected\n response.\n * Alerting: The Create Alert button now appears on the\n dashboard panel when you are working with a default\n datasource.\n * Explore: We fixed the problem where the Explore log panel\n disappears when an Elasticsearch logs query returns no\n results.\n * Graph: You can now see annotation descriptions on hover.\n * Logs: The system now uses the JSON parser only if the line is\n parsed to an object.\n * Prometheus: We fixed the issue where the system did not reuse\n TCP connections when querying from Grafana alerting.\n * Prometheus: We fixed the problem that resulted in an error\n when a user created a query with a $__interval min step.\n * RowsToFields: We fixed the issue where the system was not\n properly interpreting number values.\n * Scale: We fixed how the system handles NaN percent when data\n min = data max.\n * Table panel: You can now create a filter that includes\n special characters.\n- Update to version 8.2.1\n * Dashboard: Fix rendering of repeating panels.\n * Datasources: Fix deletion of data source if plugin is not\n found.\n * Packaging: Remove systemcallfilters sections from systemd\n unit files.\n * Prometheus: Add Headers to HTTP client options.\n- Update to version 8.2.0\n * AWS: Updated AWS authentication documentation.\n * Alerting: Added support Alertmanager data source for upstream\n Prometheus AM implementation.\n * Alerting: Allows more characters in label names so\n notifications are sent.\n * Alerting: Get alert rules for a dashboard or a panel using\n /api/v1/rules endpoints.\n * Annotations: Improved rendering performance of event markers.\n * CloudWatch Logs: Skip caching for log queries.\n * Explore: Added an opt-in configuration for Node Graph in\n Jaeger, Zipkin, and Tempo.\n * Packaging: Add stricter systemd unit options.\n * Prometheus: Metrics browser can now handle label values with\n * CodeEditor: Ensure that we trigger the latest onSave callback\n provided to the component.\n * DashboardList/AlertList: Fix for missing All folder value.\n * Plugins: Create a mock icon component to prevent console\n errors.\n- Update to version 8.2.0-beta2\n * AccessControl: Document new permissions restricting data\n source access.\n * TimePicker: Add fiscal years and search to time picker.\n * Alerting: Added support for Unified Alerting with Grafana HA.\n * Alerting: Added support for tune rule evaluation using\n configuration options.\n * Alerting: Cleanups alertmanager namespace from key-value\n store when disabling Grafana 8 alerts.\n * Alerting: Remove ngalert feature toggle and introduce two new\n settings for enabling Grafana 8 alerts and disabling them for\n specific organisations.\n * CloudWatch: Introduced new math expression where it is\n necessary to specify the period field.\n * InfluxDB: Added support for $__interval and $__interval_ms in\n Flux queries for alerting.\n * InfluxDB: Flux queries can use more precise start and end\n timestamps with nanosecond-precision.\n * Plugins Catalog: Make the catalog the default way to interact\n with plugins.\n * Prometheus: Removed autocomplete limit for metrics.\n * Alerting: Fixed an issue where the edit page crashes if you\n tried to preview an alert without a condition set.\n * Alerting: Fixed rules migration to keep existing Grafana 8\n alert rules.\n * Alerting: Fixed the silence file content generated during\n * Analytics: Fixed an issue related to interaction event\n propagation in Azure Application Insights.\n * BarGauge: Fixed an issue where the cell color was lit even\n though there was no data.\n * BarGauge: Improved handling of streaming data.\n * CloudMonitoring: Fixed INT64 label unmarshal error.\n * ConfirmModal: Fixes confirm button focus on modal open.\n * Dashboard: Add option to generate short URL for variables\n with values containing spaces.\n * Explore: No longer hides errors containing refId property.\n * Fixed an issue that produced State timeline panel tooltip\n error when data was not in sync.\n * InfluxDB: InfluxQL query editor is set to always use\n resultFormat.\n * Loki: Fixed creating context query for logs with parsed\n labels.\n * PageToolbar: Fixed alignment of titles.\n * Plugins Catalog: Update to the list of available panels after\n an install, update or uninstall.\n * TimeSeries: Fixed an issue where the shared cursor was not\n showing when hovering over in old Graph panel.\n * Variables: Fixed issues related to change of focus or refresh\n pages when pressing enter in a text box variable input.\n * Variables: Panel no longer crash when using the adhoc\n variable in data links.\n- Update to version 8.2.0-beta1\n * AccessControl: Introduce new permissions to restrict access\n for reloading provisioning configuration.\n * Alerting: Add UI to edit Cortex/Loki namespace, group names,\n and group evaluation interval.\n * Alerting: Add a Test button to test contact point.\n * Alerting: Allow creating/editing recording rules for Loki and\n Cortex.\n * Alerting: Metrics should have the label org instead of user.\n * Alerting: Sort notification channels by name to make them\n easier to locate.\n * Alerting: Support org level isolation of notification\n * AzureMonitor: Add data links to deep link to Azure Portal\n Azure Resource Graph.\n * AzureMonitor: Add support for annotations from Azure Monitor\n Metrics and Azure Resource Graph services.\n * AzureMonitor: Show error message when subscriptions request\n fails in ConfigEditor.\n * Chore: Update to Golang 1.16.7.\n * CloudWatch Logs: Add link to X-Ray data source for trace IDs\n in logs.\n * CloudWatch Logs: Disable query path using websockets (Live)\n feature.\n * CloudWatch/Logs: Don't group dataframes for non time series\n * Cloudwatch: Migrate queries that use multiple stats to one\n query per stat.\n * Dashboard: Keep live timeseries moving left (v2).\n * Datasources: Introduce response_limit for datasource\n responses.\n * Explore: Add filter by trace or span ID to trace to logs\n * Explore: Download traces as JSON in Explore Inspector.\n * Explore: Reuse Dashboard's QueryRows component.\n * Explore: Support custom display label for derived fields\n buttons for Loki datasource.\n * Grafana UI: Update monaco-related dependencies.\n * Graphite: Deprecate browser access mode.\n * InfluxDB: Improve handling of intervals in alerting.\n * InfluxDB: InfluxQL query editor: Handle unusual characters in\n tag values better.\n * Jaeger: Add ability to upload JSON file for trace data.\n * LibraryElements: Enable specifying UID for new and existing\n library elements.\n * LibraryPanels: Remove library panel icon from the panel\n header so you can no longer tell that a panel is a library\n panel from the dashboard view.\n * Logs panel: Scroll to the bottom on page refresh when sorting\n in ascending order.\n * Loki: Add fuzzy search to label browser.\n * Navigation: Implement active state for items in the Sidemenu.\n * Packaging: Update PID file location from /var/run to /run.\n * Plugins: Add Hide OAuth Forward config option.\n * Postgres/MySQL/MSSQL: Add setting to limit the maximum number\n of rows processed.\n * Prometheus: Add browser access mode deprecation warning.\n * Prometheus: Add interpolation for built-in-time variables to\n backend.\n * Tempo: Add ability to upload trace data in JSON format.\n * TimeSeries/XYChart: Allow grid lines visibility control in\n XYChart and TimeSeries panels.\n * Transformations: Convert field types to time string number or\n boolean.\n * Value mappings: Add regular-expression based value mapping.\n * Zipkin: Add ability to upload trace JSON.\n * Admin: Prevent user from deleting user's current/active\n organization.\n * LibraryPanels: Fix library panel getting saved in the\n dashboard's folder.\n * OAuth: Make generic teams URL and JMES path configurable.\n * QueryEditor: Fix broken copy-paste for mouse middle-click\n * Thresholds: Fix undefined color in 'Add threshold'.\n * Timeseries: Add wide-to-long, and fix multi-frame output.\n * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip\n is set to All.\n * Grafana UI: Fix TS error property css is missing in type.\n- Update to version 8.1.8\n- Update to version 8.1.7\n * Alerting: Fix alerts with evaluation interval more than 30\n seconds resolving before notification.\n * Elasticsearch/Prometheus: Fix usage of proper SigV4 service\n namespace.\n- Update to version 8.1.6\n + Security: Fixes CVE-2021-39226.\n- Update to version 8.1.5\n * BarChart: Fixes panel error that happens on second refresh.\n- Update to version 8.1.4\n + Features and enhancements\n * Explore: Ensure logs volume bar colors match legend colors.\n * LDAP: Search all DNs for users.\n * Alerting: Fix notification channel migration.\n * Annotations: Fix blank panels for queries with unknown data\n sources.\n * BarChart: Fix stale values and x axis labels.\n * Graph: Make old graph panel thresholds work even if ngalert\n is enabled.\n * InfluxDB: Fix regex to identify / as separator.\n * LibraryPanels: Fix update issues related to library panels in\n rows.\n * Variables: Fix variables not updating inside a Panel when the\n preceding Row uses 'Repeat For'.\n- Update to version 8.1.3\n + Bug fixes\n * Alerting: Fix alert flapping in the internal alertmanager.\n * Alerting: Fix request handler failed to convert dataframe\n 'results' to plugins.DataTimeSeriesSlice: input frame is not\n recognized as a time series.\n * Dashboard: Fix UIDs are not preserved when importing/creating\n dashboards thru importing .json file.\n * Dashboard: Forces panel re-render when exiting panel edit.\n * Dashboard: Prevent folder from changing when navigating to\n general settings.\n * Docker: Force use of libcrypto1.1 and libssl1.1 versions to\n fix CVE-2021-3711.\n * Elasticsearch: Fix metric names for alert queries.\n * Elasticsearch: Limit Histogram field parameter to numeric\n values.\n * Elasticsearch: Prevent pipeline aggregations to show up in\n terms order by options.\n * LibraryPanels: Prevent duplicate repeated panels from being\n created.\n * Loki: Fix ad-hoc filter in dashboard when used with parser.\n * Plugins: Track signed files + add warn log for plugin assets\n which are not signed.\n * Postgres/MySQL/MSSQL: Fix region annotations not displayed\n correctly.\n * Prometheus: Fix validate selector in metrics browser.\n * Security: Fix stylesheet injection vulnerability.\n * Security: Fix short URL vulnerability.\n- Update to version 8.1.2\n * AzureMonitor: Add support for PostgreSQL and MySQL Flexible\n Servers.\n * Datasource: Change HTTP status code for failed datasource\n health check to 400.\n * Explore: Add span duration to left panel in trace viewer.\n * Plugins: Use file extension allowlist when serving plugin\n assets instead of checking for UNIX executable.\n * Profiling: Add support for binding pprof server to custom\n network interfaces.\n * Search: Make search icon keyboard navigable.\n * Template variables: Keyboard navigation improvements.\n * Tooltip: Display ms within minute time range.\n * Alerting: Fix saving LINE contact point.\n * Annotations: Fix alerting annotation coloring.\n * Annotations: Alert annotations are now visible in the correct\n Panel.\n * Auth: Hide SigV4 config UI and disable middleware when its\n config flag is disabled.\n * Dashboard: Prevent incorrect panel layout by comparing window\n width against theme breakpoints.\n * Explore: Fix showing of full log context.\n * PanelEdit: Fix 'Actual' size by passing the correct panel\n size to Dashboard.\n * Plugins: Fix TLS datasource settings.\n * Variables: Fix issue with empty drop downs on navigation.\n * Variables: Fix URL util converting false into true.\n * Toolkit: Fix matchMedia not found error.\n- Update to version 8.1.1\n * CloudWatch Logs: Fix crash when no region is selected.\n- Update to version 8.1.0\n * Alerting: Deduplicate receivers during migration.\n * ColorPicker: Display colors as RGBA.\n * Select: Make portalling the menu opt-in, but opt-in\n everywhere.\n * TimeRangePicker: Improve accessibility.\n * Annotations: Correct annotations that are displayed upon page\n refresh.\n * Annotations: Fix Enabled button that disappeared from Grafana\n v8.0.6.\n * Annotations: Fix data source template variable that was not\n available for annotations.\n * AzureMonitor: Fix annotations query editor that does not\n load.\n * Geomap: Fix scale calculations.\n * GraphNG: Fix y-axis autosizing.\n * Live: Display stream rate and fix duplicate channels in list\n * Loki: Update labels in log browser when time range changes in\n dashboard.\n * NGAlert: Send resolve signal to alertmanager on alerting ->\n Normal.\n * PasswordField: Prevent a password from being displayed when\n you click the Enter button.\n * Renderer: Remove debug.log file when Grafana is stopped.\n * Security: Update dependencies to fix CVE-2021-36222.\n- Update to version 8.1.0-beta3\n * Alerting: Support label matcher syntax in alert rule list\n filter.\n * IconButton: Put tooltip text as aria-label.\n * Live: Experimental HA with Redis.\n * UI: FileDropzone component.\n * CloudWatch: Add AWS LookoutMetrics.\n * Docker: Fix builds by delaying go mod verify until all\n required files are copied over.\n * Exemplars: Fix disable exemplars only on the query that\n failed.\n * SQL: Fix SQL dataframe resampling (fill mode + time\n intervals).\n- Update to version 8.1.0-beta2\n * Alerting: Expand the value string in alert annotations and\n * Auth: Add Azure HTTP authentication middleware.\n * Auth: Auth: Pass user role when using the authentication\n proxy.\n * Gazetteer: Update countries.json file to allow for linking to\n 3-letter country codes.\n * Config: Fix Docker builds by correcting formatting in\n sample.ini.\n * Explore: Fix encoding of internal URLs.\n- Update to version 8.1.0-beta1\n * Alerting: Add Alertmanager notifications tab.\n * Alerting: Add button to deactivate current Alertmanager\n * Alerting: Add toggle in Loki/Prometheus data source\n configuration to opt out of alerting UI.\n * Alerting: Allow any 'evaluate for' value >=0 in the alert\n rule form.\n * Alerting: Load default configuration from status endpoint, if\n Cortex Alertmanager returns empty user configuration. \n * Alerting: view to display alert rule and its underlying data.\n * Annotation panel: Release the annotation panel.\n * Annotations: Add typeahead support for tags in built-in\n annotations.\n * AzureMonitor: Add curated dashboards for Azure services.\n * AzureMonitor: Add support for deep links to Microsoft Azure\n portal for Metrics.\n * AzureMonitor: Remove support for different credentials for\n Azure Monitor Logs.\n * AzureMonitor: Support querying any Resource for Logs queries.\n * Elasticsearch: Add frozen indices search support.\n * Elasticsearch: Name fields after template variables values\n instead of their name.\n * Elasticsearch: add rate aggregation.\n * Email: Allow configuration of content types for email\n notifications.\n * Explore: Add more meta information when line limit is hit.\n * Explore: UI improvements to trace view.\n * FieldOverrides: Added support to change display name in an\n override field and have it be matched by a later rule.\n * HTTP Client: Introduce dataproxy_max_idle_connections config\n variable.\n * InfluxDB: InfluxQL: adds tags to timeseries data.\n * InfluxDB: InfluxQL: make measurement search case insensitive.\n Legacy Alerting: Replace simplejson with a struct in webhook\n notification channel.\n * Legend: Updates display name for Last (not null) to just\n Last*.\n * Logs panel: Add option to show common labels.\n * Loki: Add $__range variable.\n * Loki: Add support for 'label_values(log stream selector,\n label)' in templating.\n * Loki: Add support for ad-hoc filtering in dashboard.\n * MySQL Datasource: Add timezone parameter.\n * NodeGraph: Show gradient fields in legend.\n * PanelOptions: Don't mutate panel options/field config object\n when updating.\n * PieChart: Make pie gradient more subtle to match other\n charts.\n * Prometheus: Update PromQL typeahead and highlighting.\n * Prometheus: interpolate variable for step field.\n * Provisioning: Improve validation by validating across all\n dashboard providers.\n * SQL Datasources: Allow multiple string/labels columns with\n time series.\n * Select: Portal select menu to document.body.\n * Team Sync: Add group mapping to support team sync in the\n Generic OAuth provider.\n * Tooltip: Make active series more noticeable.\n * Tracing: Add support to configure trace to logs start and end\n time.\n * Transformations: Skip merge when there is only a single data\n frame.\n * ValueMapping: Added support for mapping text to color,\n boolean values, NaN and Null. Improved UI for value mapping.\n * Visualizations: Dynamically set any config (min, max, unit,\n color, thresholds) from query results.\n * live: Add support to handle origin without a value for the\n port when matching with root_url.\n * Alerting: Handle marshaling Inf values.\n * AzureMonitor: Fix macro resolution for template variables.\n * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes\n resources.\n * AzureMonitor: Request and concat subsequent resource pages.\n * Bug: Fix parse duration for day.\n * Datasources: Improve error handling for error messages.\n * Explore: Correct the functionality of shift-enter shortcut\n across all uses.\n * Explore: Show all dataFrames in data tab in Inspector.\n * GraphNG: Fix Tooltip mode 'All' for XYChart.\n * Loki: Fix highlight of logs when using filter expressions\n with backticks.\n * Modal: Force modal content to overflow with scroll.\n * Plugins: Ignore symlinked folders when verifying plugin\n signature.\n * Toolkit: Improve error messages when tasks fail.\n- Update to version 8.0.7\n- Update to version 8.0.6\n * Alerting: Add annotation upon alert state change.\n * Alerting: Allow space in label and annotation names.\n * InfluxDB: Improve legend labels for InfluxDB query results.\n * Alerting: Fix improper alert by changing the handling of\n empty labels.\n * CloudWatch/Logs: Reestablish Cloud Watch alert behavior.\n * Dashboard: Avoid migration breaking on fieldConfig without\n defaults field in folded panel.\n * DashboardList: Fix issue not re-fetching dashboard list after\n variable change.\n * Database: Fix incorrect format of isolation level\n configuration parameter for MySQL.\n * InfluxDB: Correct tag filtering on InfluxDB data.\n * Links: Fix links that caused a full page reload.\n * Live: Fix HTTP error when InfluxDB metrics have an incomplete\n or asymmetrical field set.\n * Postgres/MySQL/MSSQL: Change time field to 'Time' for time\n series queries.\n * Postgres: Fix the handling of a null return value in query\n * Tempo: Show hex strings instead of uints for IDs.\n * TimeSeries: Improve tooltip positioning when tooltip\n overflows.\n * Transformations: Add 'prepare time series' transformer.\n- Update to version 8.0.5\n * Cloudwatch Logs: Send error down to client.\n * Folders: Return 409 Conflict status when folder already\n exists.\n * TimeSeries: Do not show series in tooltip if it's hidden in\n the viz.\n * AzureMonitor: Fix issue where resource group name is missing\n on the resource picker button.\n * Chore: Fix AWS auth assuming role with workspace IAM.\n * DashboardQueryRunner: Fixes unrestrained subscriptions being\n * DateFormats: Fix reading correct setting key for\n use_browser_locale.\n * Links: Fix links to other apps outside Grafana when under sub\n path.\n * Snapshots: Fix snapshot absolute time range issue.\n * Table: Fix data link color.\n * Time Series: Fix X-axis time format when tick increment is\n larger than a year.\n * Tooltip Plugin: Prevent tooltip render if field is undefined.\n- Update to version 8.0.4\n * Live: Rely on app url for origin check.\n * PieChart: Sort legend descending, update placeholder.\n * TimeSeries panel: Do not reinitialize plot when thresholds\n mode change.\n * Elasticsearch: Allow case sensitive custom options in\n date_histogram interval.\n * Elasticsearch: Restore previous field naming strategy when\n using variables.\n * Explore: Fix import of queries between SQL data sources.\n * InfluxDB: InfluxQL query editor: fix retention policy\n handling.\n * Loki: Send correct time range in template variable queries.\n * TimeSeries: Preserve RegExp series overrides when migrating\n from old graph panel.\n- Update to version 8.0.3\n * Alerting: Increase alertmanager_conf column if MySQL.\n * Time series/Bar chart panel: Handle infinite numbers as nulls\n when converting to plot array.\n * TimeSeries: Ensure series overrides that contain color are\n migrated, and migrate the previous fieldConfig when changing\n the panel type.\n * ValueMappings: Improve singlestat value mappings migration.\n * Annotations: Fix annotation line and marker colors.\n * AzureMonitor: Fix KQL template variable queries without\n default workspace.\n * CloudWatch/Logs: Fix missing response data for log queries.\n * LibraryPanels: Fix crash in library panels list when panel\n plugin is not found.\n * LogsPanel: Fix performance drop when moving logs panel in\n * Loki: Parse log levels when ANSI coloring is enabled.\n * MSSQL: Fix issue with hidden queries still being executed.\n * PanelEdit: Display the VisualizationPicker that was not\n displayed if a panel has an unknown panel plugin.\n * Plugins: Fix loading symbolically linked plugins.\n * Prometheus: Fix issue where legend name was replaced with\n name Value in stat and gauge panels.\n * State Timeline: Fix crash when hovering over panel.\n- Update to version 8.0.2\n * Datasource: Add support for max_conns_per_host in dataproxy\n settings.\n * Configuration: Fix changing org preferences in FireFox.\n * PieChart: Fix legend dimension limits.\n * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.\n * Variables: Hide default data source if missing from regex.\n- Update to version 8.0.1\n * Alerting/SSE: Fix 'count_non_null' reducer validation.\n * Cloudwatch: Fix duplicated time series.\n * Cloudwatch: Fix missing defaultRegion.\n * Dashboard: Fix Dashboard init failed error on dashboards with\n old singlestat panels in collapsed rows.\n * Datasource: Fix storing timeout option as numeric.\n * Postgres/MySQL/MSSQL: Fix annotation parsing for empty\n * Postgres/MySQL/MSSQL: Numeric/non-string values are now\n returned from query variables.\n * Postgres: Fix an error that was thrown when the annotation\n query did not return any results.\n * StatPanel: Fix an issue with the appearance of the graph when\n switching color mode.\n * Visualizations: Fix an issue in the\n Stat/BarGauge/Gauge/PieChart panels where all values mode\n were showing the same name if they had the same value.\n * Toolkit: Resolve external fonts when Grafana is served from a\n sub path.\n- Update to version 8.0.0\n * The following endpoints were deprecated for Grafana v5.0 and\n support for them has now been removed:\n GET /dashboards/db/:slug\n GET /dashboard-solo/db/:slug\n GET /api/dashboard/db/:slug\n DELETE /api/dashboards/db/:slug\n * AzureMonitor: Require default subscription for workspaces()\n template variable query.\n * AzureMonitor: Use resource type display names in the UI.\n * Dashboard: Remove support for loading and deleting dashboard\n by slug.\n * InfluxDB: Deprecate direct browser access in data source.\n * VizLegend: Add a read-only property.\n * AzureMonitor: Fix Azure Resource Graph queries in Azure\n China.\n * Checkbox: Fix vertical layout issue with checkboxes due to\n fixed height.\n * Dashboard: Fix Table view when editing causes the panel data\n to not update.\n * Dashboard: Fix issues where unsaved-changes warning is not\n displayed.\n * Login: Fixes Unauthorized message showing when on login page\n or snapshot page.\n * NodeGraph: Fix sorting markers in grid view.\n * Short URL: Include orgId in generated short URLs.\n * Variables: Support raw values of boolean type.\n- Update to version 8.0.0-beta3\n * The default HTTP method for Prometheus data source is now\n POST.\n * API: Support folder UID in dashboards API.\n * Alerting: Add support for configuring avatar URL for the\n Discord notifier.\n * Alerting: Clarify that Threema Gateway Alerts support only\n Basic IDs.\n * Azure: Expose Azure settings to external plugins.\n * AzureMonitor: Deprecate using separate credentials for Azure\n Monitor Logs.\n * AzureMonitor: Display variables in resource picker for Azure\n * AzureMonitor: Hide application insights for data sources not\n using it.\n * AzureMonitor: Support querying subscriptions and resource\n groups in Azure Monitor Logs.\n * AzureMonitor: remove requirement for default subscription.\n * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.\n * CloudWatch: Add missing AWS AppSync metrics.\n * ConfirmModal: Auto focus delete button.\n * Explore: Add caching for queries that are run from logs\n * Loki: Add formatting for annotations.\n * Loki: Bring back processed bytes as meta information.\n * NodeGraph: Display node graph collapsed by default with trace\n view.\n * Overrides: Include a manual override option to hide something\n from visualization.\n * PieChart: Support row data in pie charts.\n * Prometheus: Update default HTTP method to POST for existing\n data sources.\n * Time series panel: Position tooltip correctly when window is\n scrolled or resized.\n * Admin: Fix infinite loading edit on the profile page.\n * Color: Fix issues with random colors in string and date\n * Dashboard: Fix issue with title or folder change has no\n effect after exiting settings view.\n * DataLinks: Fix an issue __series.name is not working in data\n link.\n * Datasource: Fix dataproxy timeout should always be applied\n for outgoing data source HTTP requests.\n * Elasticsearch: Fix NewClient not passing httpClientProvider\n to client impl.\n * Explore: Fix Browser title not updated on Navigation to\n Explore.\n * GraphNG: Remove fieldName and hideInLegend properties from\n UPlotSeriesBuilder.\n * OAuth: Fix fallback to auto_assign_org_role setting for Azure\n AD OAuth when no role claims exists.\n * PanelChrome: Fix issue with empty panel after adding a non\n data panel and coming back from panel edit.\n * StatPanel: Fix data link tooltip not showing for single\n value.\n * Table: Fix sorting for number fields.\n * Table: Have text underline for datalink, and add support for\n image datalink.\n * Transformations: Prevent FilterByValue transform from\n crashing panel edit.\n- Update to version 8.0.0-beta2\n * AppPlugins: Expose react-router to apps.\n * AzureMonitor: Add Azure Resource Graph.\n * AzureMonitor: Managed Identity configuration UI.\n * AzureMonitor: Token provider with support for Managed\n Identities.\n * AzureMonitor: Update Logs workspace() template variable query\n to return resource URIs.\n * BarChart: Value label sizing.\n * CloudMonitoring: Add support for preprocessing.\n * CloudWatch: Add AWS/EFS StorageBytes metric.\n * CloudWatch: Allow use of missing AWS namespaces using custom\n * Datasource: Shared HTTP client provider for core backend data\n sources and any data source using the data source proxy.\n * InfluxDB: InfluxQL: allow empty tag values in the query\n editor.\n * Instrumentation: Instrument incoming HTTP request with\n histograms by default.\n * Library Panels: Add name endpoint & unique name validation to\n AddLibraryPanelModal.\n * Logs panel: Support details view.\n * PieChart: Always show the calculation options dropdown in the\n * PieChart: Remove beta flag.\n * Plugins: Enforce signing for all plugins.\n * Plugins: Remove support for deprecated backend plugin\n protocol version.\n * Tempo/Jaeger: Add better display name to legend.\n * Timeline: Add time range zoom.\n * Timeline: Adds opacity & line width option.\n * Timeline: Value text alignment option.\n * ValueMappings: Add duplicate action, and disable dismiss on\n backdrop click.\n * Zipkin: Add node graph view to trace response.\n * Annotations panel: Remove subpath from dashboard links.\n * Content Security Policy: Allow all image sources by default.\n * Content Security Policy: Relax default template wrt. loading\n of scripts, due to nonces not working.\n * Datasource: Fix tracing propagation for alert execution by\n introducing HTTP client outgoing tracing middleware.\n * InfluxDB: InfluxQL always apply time interval end.\n * Library Panels: Fixes 'error while loading library panels'.\n * NewsPanel: Fixes rendering issue in Safari.\n * PanelChrome: Fix queries being issued again when scrolling in\n and out of view.\n * Plugins: Fix Azure token provider cache panic and auth param\n nil value.\n * Snapshots: Fix key and deleteKey being ignored when creating\n an external snapshot.\n * Table: Fix issue with cell border not showing with colored\n background cells.\n * Table: Makes tooltip scrollable for long JSON values.\n * TimeSeries: Fix for Connected null values threshold toggle\n during panel editing.\n * Variables: Fixes inconsistent selected states on dashboard\n * Variables: Refreshes all panels even if panel is full screen.\n * QueryField: Remove carriage return character from pasted text.\n- Update to version 8.0.0-beta1\n + License update:\n * AGPL License: Update license from Apache 2.0 to the GNU\n Affero General Public License (AGPL).\n * Removes the never refresh option for Query variables.\n * Removes the experimental Tags feature for Variables.\n + Deprecations:\n * The InfoBox & FeatureInfoBox are now deprecated please use\n the Alert component instead with severity info.\n * API: Add org users with pagination.\n * API: Return 404 when deleting nonexistent API key.\n * API: Return query results as JSON rather than base64 encoded\n Arrow.\n * Alerting: Allow sending notification tags to Opsgenie as\n extra properties.\n * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with\n Alert.\n * Auth: Add support for JWT Authentication.\n * AzureMonitor: Add support for\n Microsoft.SignalRService/SignalR metrics.\n * AzureMonitor: Azure settings in Grafana server config.\n * AzureMonitor: Migrate Metrics query editor to React.\n * BarChart panel: enable series toggling via legend.\n * BarChart panel: Adds support for Tooltip in BarChartPanel.\n * PieChart panel: Change look of highlighted pie slices.\n * CloudMonitoring: Migrate config editor from angular to react.\n * CloudWatch: Add Amplify Console metrics and dimensions.\n * CloudWatch: Add missing Redshift metrics to CloudWatch data\n * CloudWatch: Add metrics for managed RabbitMQ service.\n * DashboardList: Enable templating on search tag input.\n * Datasource config: correctly remove single custom http\n header.\n * Elasticsearch: Add generic support for template variables.\n * Elasticsearch: Allow omitting field when metric supports\n inline script.\n * Elasticsearch: Allow setting a custom limit for log queries.\n * Elasticsearch: Guess field type from first non-empty value.\n * Elasticsearch: Use application/x-ndjson content type for\n multisearch requests.\n * Elasticsearch: Use semver strings to identify ES version.\n * Explore: Add logs navigation to request more logs.\n * Explore: Map Graphite queries to Loki.\n * Explore: Scroll split panes in Explore independently.\n * Explore: Wrap each panel in separate error boundary.\n * FieldDisplay: Smarter naming of stat values when visualising\n row values (all values) in stat panels.\n * Graphite: Expand metric names for variables.\n * Graphite: Handle unknown Graphite functions without breaking\n the visual editor.\n * Graphite: Show graphite functions descriptions.\n * Graphite: Support request cancellation properly (Uses new\n backendSrv.fetch Observable request API).\n * InfluxDB: Flux: Improve handling of complex\n response-structures.\n * InfluxDB: Support region annotations.\n * Inspector: Download logs for manual processing.\n * Jaeger: Add node graph view for trace.\n * Jaeger: Search traces.\n * Loki: Use data source settings for alerting queries.\n * NodeGraph: Exploration mode.\n * OAuth: Add support for empty scopes.\n * PanelChrome: New logic-less emotion based component with no\n dependency on PanelModel or DashboardModel.\n * PanelEdit: Adds a table view toggle to quickly view data in\n table form.\n * PanelEdit: Highlight matched words when searching options.\n * PanelEdit: UX improvements.\n * Plugins: PanelRenderer and simplified QueryRunner to be used\n from plugins.\n * Plugins: AuthType in route configuration and params\n interpolation.\n * Plugins: Enable plugin runtime install/uninstall\n capabilities.\n * Plugins: Support set body content in plugin routes.\n * Plugins: Introduce marketplace app.\n * Plugins: Moving the DataSourcePicker to grafana/runtime so it\n can be reused in plugins.\n * Prometheus: Add custom query params for alert and exemplars\n * Prometheus: Use fuzzy string matching to autocomplete metric\n names and label.\n * Routing: Replace Angular routing with react-router.\n * Slack: Use chat.postMessage API by default.\n * Tempo: Search for Traces by querying Loki directly from\n Tempo.\n * Tempo: Show graph view of the trace.\n * Themes: Switch theme without reload using global shortcut.\n * TimeSeries panel: Add support for shared cursor.\n * TimeSeries panel: Do not crash the panel if there is no time\n series data in the response.\n * Variables: Do not save repeated panels, rows and scopedVars.\n * Variables: Removes experimental Tags feature.\n * Variables: Removes the never refresh option.\n * Visualizations: Unify tooltip options across visualizations.\n * Visualizations: Refactor and unify option creation between\n new visualizations.\n * Visualizations: Remove singlestat panel.\n * APIKeys: Fixes issue with adding first api key.\n * Alerting: Add checks for non supported units - disable\n defaulting to seconds.\n * Alerting: Fix issue where Slack notifications won't link to\n user IDs.\n * Alerting: Omit empty message in PagerDuty notifier.\n * AzureMonitor: Fix migration error from older versions of App\n Insights queries.\n * CloudWatch: Fix AWS/Connect dimensions.\n * CloudWatch: Fix broken AWS/MediaTailor dimension name.\n * Dashboards: Allow string manipulation as advanced variable\n format option.\n * DataLinks: Includes harmless extended characters like\n Cyrillic characters.\n * Drawer: Fixes title overflowing its container.\n * Explore: Fix issue when some query errors were not shown.\n * Generic OAuth: Prevent adding duplicated users.\n * Graphite: Handle invalid annotations.\n * Graphite: Fix autocomplete when tags are not available.\n * InfluxDB: Fix Cannot read property 'length' of undefined in\n when parsing response.\n * Instrumentation: Enable tracing when Jaeger host and port are\n * Instrumentation: Prefix metrics with grafana.\n * MSSQL: By default let driver choose port.\n * OAuth: Add optional strict parsing of role_attribute_path.\n * Panel: Fixes description markdown with inline code being\n rendered on newlines and full width.\n * PanelChrome: Ignore data updates & errors for non data\n panels.\n * Permissions: Fix inherited folder permissions can prevent new\n permissions being added to a dashboard.\n * Plugins: Remove pre-existing plugin installs when installing\n with grafana-cli.\n * Plugins: Support installing to folders with whitespace and\n fix pluginUrl trailing and leading whitespace failures.\n * Postgres/MySQL/MSSQL: Don't return connection failure details\n to the client.\n * Postgres: Fix ms precision of interval in time group macro\n when TimescaleDB is enabled.\n * Provisioning: Use dashboard checksum field as change\n indicator.\n * SQL: Fix so that all captured errors are returned from sql\n engine.\n * Shortcuts: Fixes panel shortcuts so they always work.\n * Table: Fixes so border is visible for cells with links.\n * Variables: Clear query when data source type changes.\n * Variables: Filters out builtin variables from unknown list.\n * Button: Introduce buttonStyle prop.\n * DataQueryRequest: Remove deprecated props showingGraph and\n showingTabel and exploreMode.\n * grafana/ui: Update React Hook Form to v7.\n * IconButton: Introduce variant for red and blue icon buttons.\n * Plugins: Expose the getTimeZone function to be able to get\n the current selected timeZone.\n * TagsInput: Add className to TagsInput.\n * VizLegend: Move onSeriesColorChanged to PanelContext\n (breaking change).\n- Update to version 7.5.13\n * Alerting: Fix NoDataFound for alert rules using AND operator.\n\nmgr-cfg:\n\n- Version 4.2.8-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15 (bsc#1197579)\n- Version 4.2.7-1\n * Fix installation problem for SLE15SP4 due missing python-selinux\n\nmgr-osad:\n\n- Version 4.2.8-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nmgr-push:\n\n- Version 4.2.5-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nmgr-virtualization:\n\n- Version 4.2.4-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nprometheus-postgres_exporter:\n\n- Version 0.10.0\n * Added hardening to systemd service(s) with changes to `prometheus-postgres_exporter.service` (bsc#1181400)\n * Package rename from golang-github-wrouesnel-postgres_exporter (jsc#SLE-23051)\n\nrhnlib:\n\n- Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nspacecmd:\n\n- Version 4.2.16-1\n * implement system.bootstrap (bsc#1194909)\n * Fix interactive mode for 'system_applyerrata' and 'errata_apply' (bsc#1194363)\n\nspacewalk-client-tools:\n\n- Version 4.2.18-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n- Version 4.2.17-1\n * Update translation strings\n\nspacewalk-koan:\n\n- Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nspacewalk-oscap:\n\n- Version 4.2.4-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\nsuseRegisterInfo:\n\n- Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage\n for SLE15\n\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-1396,SUSE-SLE-Manager-Tools-15-2022-1396,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1396,openSUSE-SLE-15.3-2022-1396,openSUSE-SLE-15.4-2022-1396", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1396-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:1396-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20221396-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:1396-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010822.html", }, { category: "self", summary: "SUSE Bug 1181400", url: "https://bugzilla.suse.com/1181400", }, { category: "self", summary: "SUSE Bug 1194363", url: "https://bugzilla.suse.com/1194363", }, { category: "self", summary: "SUSE Bug 1194873", url: "https://bugzilla.suse.com/1194873", }, { category: "self", summary: "SUSE Bug 1194909", url: "https://bugzilla.suse.com/1194909", }, { category: "self", summary: "SUSE Bug 1195726", url: "https://bugzilla.suse.com/1195726", }, { category: "self", summary: "SUSE Bug 1195727", url: "https://bugzilla.suse.com/1195727", }, { category: "self", summary: "SUSE Bug 1195728", url: "https://bugzilla.suse.com/1195728", }, { category: "self", summary: "SUSE Bug 1197579", url: "https://bugzilla.suse.com/1197579", }, { category: "self", summary: "SUSE CVE CVE-2021-36222 page", url: "https://www.suse.com/security/cve/CVE-2021-36222/", }, { category: "self", summary: "SUSE CVE CVE-2021-3711 page", url: "https://www.suse.com/security/cve/CVE-2021-3711/", }, { category: "self", summary: "SUSE CVE CVE-2021-39226 page", url: "https://www.suse.com/security/cve/CVE-2021-39226/", }, { category: "self", summary: "SUSE CVE CVE-2021-41174 page", url: "https://www.suse.com/security/cve/CVE-2021-41174/", }, { category: "self", summary: "SUSE CVE CVE-2021-41244 page", url: "https://www.suse.com/security/cve/CVE-2021-41244/", }, { category: "self", summary: "SUSE CVE CVE-2021-43798 page", url: "https://www.suse.com/security/cve/CVE-2021-43798/", }, { category: "self", summary: "SUSE CVE CVE-2021-43813 page", url: "https://www.suse.com/security/cve/CVE-2021-43813/", }, { category: "self", summary: "SUSE CVE CVE-2021-43815 page", url: "https://www.suse.com/security/cve/CVE-2021-43815/", }, { category: "self", summary: "SUSE CVE CVE-2022-21673 page", url: "https://www.suse.com/security/cve/CVE-2022-21673/", }, { category: "self", summary: "SUSE CVE CVE-2022-21702 page", url: "https://www.suse.com/security/cve/CVE-2022-21702/", }, { category: "self", summary: "SUSE CVE CVE-2022-21703 page", url: "https://www.suse.com/security/cve/CVE-2022-21703/", }, { category: "self", summary: "SUSE CVE CVE-2022-21713 page", url: "https://www.suse.com/security/cve/CVE-2022-21713/", }, ], title: "Security update for SUSE Manager Client Tools", tracking: { current_release_date: "2022-04-25T14:43:36Z", generator: { date: "2022-04-25T14:43:36Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:1396-1", initial_release_date: "2022-04-25T14:43:36Z", revision_history: [ { date: "2022-04-25T14:43:36Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-8.3.5-150000.1.30.1.aarch64", product: { name: "grafana-8.3.5-150000.1.30.1.aarch64", product_id: "grafana-8.3.5-150000.1.30.1.aarch64", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", product: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", product_id: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", }, }, { category: "product_version", name: "uyuni-base-common-4.2.3-150000.1.6.1.aarch64", product: { name: "uyuni-base-common-4.2.3-150000.1.6.1.aarch64", product_id: "uyuni-base-common-4.2.3-150000.1.6.1.aarch64", }, }, { category: "product_version", name: "uyuni-base-proxy-4.2.3-150000.1.6.1.aarch64", product: { name: "uyuni-base-proxy-4.2.3-150000.1.6.1.aarch64", product_id: "uyuni-base-proxy-4.2.3-150000.1.6.1.aarch64", }, }, { category: "product_version", name: "uyuni-base-server-4.2.3-150000.1.6.1.aarch64", product: { name: "uyuni-base-server-4.2.3-150000.1.6.1.aarch64", product_id: "uyuni-base-server-4.2.3-150000.1.6.1.aarch64", }, }, { category: "product_version", name: "wire-0.5.0-150000.1.3.1.aarch64", product: { name: "wire-0.5.0-150000.1.3.1.aarch64", product_id: "wire-0.5.0-150000.1.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-150000.1.30.1.i586", product: { name: "grafana-8.3.5-150000.1.30.1.i586", product_id: "grafana-8.3.5-150000.1.30.1.i586", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.i586", product: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.i586", product_id: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.i586", }, }, { category: "product_version", name: "uyuni-base-common-4.2.3-150000.1.6.1.i586", product: { name: "uyuni-base-common-4.2.3-150000.1.6.1.i586", product_id: "uyuni-base-common-4.2.3-150000.1.6.1.i586", }, }, { category: "product_version", name: "uyuni-base-proxy-4.2.3-150000.1.6.1.i586", product: { name: "uyuni-base-proxy-4.2.3-150000.1.6.1.i586", product_id: "uyuni-base-proxy-4.2.3-150000.1.6.1.i586", }, }, { category: "product_version", name: "uyuni-base-server-4.2.3-150000.1.6.1.i586", product: { name: "uyuni-base-server-4.2.3-150000.1.6.1.i586", product_id: "uyuni-base-server-4.2.3-150000.1.6.1.i586", }, }, { category: "product_version", name: "wire-0.5.0-150000.1.3.1.i586", product: { name: "wire-0.5.0-150000.1.3.1.i586", product_id: "wire-0.5.0-150000.1.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "mgr-cfg-4.2.8-150000.1.24.1.noarch", product: { name: "mgr-cfg-4.2.8-150000.1.24.1.noarch", product_id: "mgr-cfg-4.2.8-150000.1.24.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", product: { name: "mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", product_id: "mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-client-4.2.8-150000.1.24.1.noarch", product: { name: "mgr-cfg-client-4.2.8-150000.1.24.1.noarch", product_id: "mgr-cfg-client-4.2.8-150000.1.24.1.noarch", }, }, { category: "product_version", name: "mgr-cfg-management-4.2.8-150000.1.24.1.noarch", product: { name: "mgr-cfg-management-4.2.8-150000.1.24.1.noarch", product_id: "mgr-cfg-management-4.2.8-150000.1.24.1.noarch", }, }, { category: "product_version", name: "mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch", product: { name: "mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch", product_id: "mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch", }, }, { category: "product_version", name: "mgr-osad-4.2.8-150000.1.36.1.noarch", product: { name: "mgr-osad-4.2.8-150000.1.36.1.noarch", product_id: "mgr-osad-4.2.8-150000.1.36.1.noarch", }, }, { category: "product_version", name: "mgr-push-4.2.5-150000.1.18.2.noarch", product: { name: "mgr-push-4.2.5-150000.1.18.2.noarch", product_id: "mgr-push-4.2.5-150000.1.18.2.noarch", }, }, { category: "product_version", name: "mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", product: { name: "mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", product_id: "mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", product: { name: "python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", product_id: "python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", product: { name: "python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", product_id: "python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", product: { name: "python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", product_id: "python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", }, }, { category: "product_version", name: "python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", product: { name: "python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", product_id: "python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", }, }, { category: "product_version", name: "python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", product: { name: "python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", product_id: "python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", }, }, { category: "product_version", name: "python3-mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch", product: { name: "python3-mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch", product_id: "python3-mgr-osa-dispatcher-4.2.8-150000.1.36.1.noarch", }, }, { category: "product_version", name: "python3-mgr-osad-4.2.8-150000.1.36.1.noarch", product: { name: "python3-mgr-osad-4.2.8-150000.1.36.1.noarch", product_id: "python3-mgr-osad-4.2.8-150000.1.36.1.noarch", }, }, { category: "product_version", name: "python3-mgr-push-4.2.5-150000.1.18.2.noarch", product: { name: "python3-mgr-push-4.2.5-150000.1.18.2.noarch", product_id: "python3-mgr-push-4.2.5-150000.1.18.2.noarch", }, }, { category: "product_version", name: "python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", product: { name: "python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", product_id: "python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", }, }, { category: "product_version", name: "python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", product: { name: "python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", product_id: "python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", }, }, { category: "product_version", name: "python3-rhnlib-4.2.6-150000.3.34.1.noarch", product: { name: "python3-rhnlib-4.2.6-150000.3.34.1.noarch", product_id: "python3-rhnlib-4.2.6-150000.3.34.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", product: { name: "python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", product_id: "python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", product: { name: "python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", product_id: "python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", product: { name: "python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", product_id: "python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", product: { name: "python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", product_id: "python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", product: { name: "python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", product_id: "python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", }, }, { category: "product_version", name: "python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", product: { name: "python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", product_id: "python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", }, }, { category: "product_version", name: "spacecmd-4.2.16-150000.3.77.1.noarch", product: { name: "spacecmd-4.2.16-150000.3.77.1.noarch", product_id: "spacecmd-4.2.16-150000.3.77.1.noarch", }, }, { category: "product_version", name: "spacewalk-check-4.2.18-150000.3.59.1.noarch", product: { name: "spacewalk-check-4.2.18-150000.3.59.1.noarch", product_id: "spacewalk-check-4.2.18-150000.3.59.1.noarch", }, }, { category: "product_version", name: "spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", product: { name: "spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", product_id: "spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", }, }, { category: "product_version", name: "spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", product: { name: "spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", product_id: "spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", }, }, { category: "product_version", name: "spacewalk-koan-4.2.6-150000.3.27.1.noarch", product: { name: "spacewalk-koan-4.2.6-150000.3.27.1.noarch", product_id: "spacewalk-koan-4.2.6-150000.3.27.1.noarch", }, }, { category: "product_version", name: "spacewalk-oscap-4.2.4-150000.3.18.1.noarch", product: { name: "spacewalk-oscap-4.2.4-150000.3.18.1.noarch", product_id: "spacewalk-oscap-4.2.4-150000.3.18.1.noarch", }, }, { category: "product_version", name: "suseRegisterInfo-4.2.6-150000.3.21.1.noarch", product: { name: "suseRegisterInfo-4.2.6-150000.3.21.1.noarch", product_id: "suseRegisterInfo-4.2.6-150000.3.21.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-150000.1.30.1.ppc64le", product: { name: "grafana-8.3.5-150000.1.30.1.ppc64le", product_id: "grafana-8.3.5-150000.1.30.1.ppc64le", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", product: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", product_id: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", }, }, { category: "product_version", name: "uyuni-base-common-4.2.3-150000.1.6.1.ppc64le", product: { name: "uyuni-base-common-4.2.3-150000.1.6.1.ppc64le", product_id: "uyuni-base-common-4.2.3-150000.1.6.1.ppc64le", }, }, { category: "product_version", name: "uyuni-base-proxy-4.2.3-150000.1.6.1.ppc64le", product: { name: "uyuni-base-proxy-4.2.3-150000.1.6.1.ppc64le", product_id: "uyuni-base-proxy-4.2.3-150000.1.6.1.ppc64le", }, }, { category: "product_version", name: "uyuni-base-server-4.2.3-150000.1.6.1.ppc64le", product: { name: "uyuni-base-server-4.2.3-150000.1.6.1.ppc64le", product_id: "uyuni-base-server-4.2.3-150000.1.6.1.ppc64le", }, }, { category: "product_version", name: "wire-0.5.0-150000.1.3.1.ppc64le", product: { name: "wire-0.5.0-150000.1.3.1.ppc64le", product_id: "wire-0.5.0-150000.1.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-150000.1.30.1.s390x", product: { name: "grafana-8.3.5-150000.1.30.1.s390x", product_id: "grafana-8.3.5-150000.1.30.1.s390x", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", product: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", product_id: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", }, }, { category: "product_version", name: "uyuni-base-common-4.2.3-150000.1.6.1.s390x", product: { name: "uyuni-base-common-4.2.3-150000.1.6.1.s390x", product_id: "uyuni-base-common-4.2.3-150000.1.6.1.s390x", }, }, { category: "product_version", name: "uyuni-base-proxy-4.2.3-150000.1.6.1.s390x", product: { name: "uyuni-base-proxy-4.2.3-150000.1.6.1.s390x", product_id: "uyuni-base-proxy-4.2.3-150000.1.6.1.s390x", }, }, { category: "product_version", name: "uyuni-base-server-4.2.3-150000.1.6.1.s390x", product: { name: "uyuni-base-server-4.2.3-150000.1.6.1.s390x", product_id: "uyuni-base-server-4.2.3-150000.1.6.1.s390x", }, }, { category: "product_version", name: "wire-0.5.0-150000.1.3.1.s390x", product: { name: "wire-0.5.0-150000.1.3.1.s390x", product_id: "wire-0.5.0-150000.1.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-150000.1.30.1.x86_64", product: { name: "grafana-8.3.5-150000.1.30.1.x86_64", product_id: "grafana-8.3.5-150000.1.30.1.x86_64", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", product: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", product_id: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", }, }, { category: "product_version", name: "uyuni-base-common-4.2.3-150000.1.6.1.x86_64", product: { name: "uyuni-base-common-4.2.3-150000.1.6.1.x86_64", product_id: "uyuni-base-common-4.2.3-150000.1.6.1.x86_64", }, }, { category: "product_version", name: "uyuni-base-proxy-4.2.3-150000.1.6.1.x86_64", product: { name: "uyuni-base-proxy-4.2.3-150000.1.6.1.x86_64", product_id: "uyuni-base-proxy-4.2.3-150000.1.6.1.x86_64", }, }, { category: "product_version", name: "uyuni-base-server-4.2.3-150000.1.6.1.x86_64", product: { name: "uyuni-base-server-4.2.3-150000.1.6.1.x86_64", product_id: "uyuni-base-server-4.2.3-150000.1.6.1.x86_64", }, }, { category: "product_version", name: "wire-0.5.0-150000.1.3.1.x86_64", product: { name: "wire-0.5.0-150000.1.3.1.x86_64", product_id: "wire-0.5.0-150000.1.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Client Tools 15", product: { name: "SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15", }, }, { category: "product_name", name: "SUSE Manager Server Module 4.2", product: { name: "SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-server:4.2", }, }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150000.1.30.1.aarch64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", }, product_reference: "grafana-8.3.5-150000.1.30.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150000.1.30.1.ppc64le as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", }, product_reference: "grafana-8.3.5-150000.1.30.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150000.1.30.1.s390x as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", }, product_reference: "grafana-8.3.5-150000.1.30.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150000.1.30.1.x86_64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", }, product_reference: "grafana-8.3.5-150000.1.30.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", }, product_reference: "mgr-cfg-4.2.8-150000.1.24.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-actions-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", }, product_reference: "mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-client-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", }, product_reference: "mgr-cfg-client-4.2.8-150000.1.24.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-management-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", }, product_reference: "mgr-cfg-management-4.2.8-150000.1.24.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-osad-4.2.8-150000.1.36.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", }, product_reference: "mgr-osad-4.2.8-150000.1.36.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-push-4.2.5-150000.1.18.2.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", }, product_reference: "mgr-push-4.2.5-150000.1.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgr-virtualization-host-4.2.4-150000.1.26.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", }, product_reference: "mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", }, product_reference: "python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", }, product_reference: "python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", }, product_reference: "python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", }, product_reference: "python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", }, product_reference: "python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-osad-4.2.8-150000.1.36.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", }, product_reference: "python3-mgr-osad-4.2.8-150000.1.36.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-push-4.2.5-150000.1.18.2.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", }, product_reference: "python3-mgr-push-4.2.5-150000.1.18.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", }, product_reference: "python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", }, product_reference: "python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-rhnlib-4.2.6-150000.3.34.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", }, product_reference: "python3-rhnlib-4.2.6-150000.3.34.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-check-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", }, product_reference: "python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", }, product_reference: "python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", }, product_reference: "python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", }, product_reference: "python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", }, product_reference: "python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", }, product_reference: "python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.2.16-150000.3.77.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", }, product_reference: "spacecmd-4.2.16-150000.3.77.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-check-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", }, product_reference: "spacewalk-check-4.2.18-150000.3.59.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-setup-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", }, product_reference: "spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.2.18-150000.3.59.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", }, product_reference: "spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-koan-4.2.6-150000.3.27.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", }, product_reference: "spacewalk-koan-4.2.6-150000.3.27.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacewalk-oscap-4.2.4-150000.3.18.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", }, product_reference: "spacewalk-oscap-4.2.4-150000.3.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "suseRegisterInfo-4.2.6-150000.3.21.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", }, product_reference: "suseRegisterInfo-4.2.6-150000.3.21.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", }, product_reference: "prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "python3-rhnlib-4.2.6-150000.3.34.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", }, product_reference: "python3-rhnlib-4.2.6-150000.3.34.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.2.16-150000.3.77.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", }, product_reference: "spacecmd-4.2.16-150000.3.77.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-36222", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-36222", }, ], notes: [ { category: "general", text: "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-36222", url: "https://www.suse.com/security/cve/CVE-2021-36222", }, { category: "external", summary: "SUSE Bug 1188571 for CVE-2021-36222", url: "https://bugzilla.suse.com/1188571", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "important", }, ], title: "CVE-2021-36222", }, { cve: "CVE-2021-3711", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3711", }, ], notes: [ { category: "general", text: "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-3711", url: "https://www.suse.com/security/cve/CVE-2021-3711", }, { category: "external", summary: "SUSE Bug 1189520 for CVE-2021-3711", url: "https://bugzilla.suse.com/1189520", }, { category: "external", summary: "SUSE Bug 1190129 for CVE-2021-3711", url: "https://bugzilla.suse.com/1190129", }, { category: "external", summary: "SUSE Bug 1192100 for CVE-2021-3711", url: "https://bugzilla.suse.com/1192100", }, { category: "external", summary: "SUSE Bug 1205663 for CVE-2021-3711", url: "https://bugzilla.suse.com/1205663", }, { category: "external", summary: "SUSE Bug 1225628 for CVE-2021-3711", url: "https://bugzilla.suse.com/1225628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "critical", }, ], title: "CVE-2021-3711", }, { cve: "CVE-2021-39226", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-39226", }, ], notes: [ { category: "general", text: "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-39226", url: "https://www.suse.com/security/cve/CVE-2021-39226", }, { category: "external", summary: "SUSE Bug 1191454 for CVE-2021-39226", url: "https://bugzilla.suse.com/1191454", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "important", }, ], title: "CVE-2021-39226", }, { cve: "CVE-2021-41174", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41174", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor('alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-41174", url: "https://www.suse.com/security/cve/CVE-2021-41174", }, { category: "external", summary: "SUSE Bug 1192383 for CVE-2021-41174", url: "https://bugzilla.suse.com/1192383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "moderate", }, ], title: "CVE-2021-41174", }, { cve: "CVE-2021-41244", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41244", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-41244", url: "https://www.suse.com/security/cve/CVE-2021-41244", }, { category: "external", summary: "SUSE Bug 1192763 for CVE-2021-41244", url: "https://bugzilla.suse.com/1192763", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "critical", }, ], title: "CVE-2021-41244", }, { cve: "CVE-2021-43798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43798", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-43798", url: "https://www.suse.com/security/cve/CVE-2021-43798", }, { category: "external", summary: "SUSE Bug 1193492 for CVE-2021-43798", url: "https://bugzilla.suse.com/1193492", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "important", }, ], title: "CVE-2021-43798", }, { cve: "CVE-2021-43813", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43813", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-43813", url: "https://www.suse.com/security/cve/CVE-2021-43813", }, { category: "external", summary: "SUSE Bug 1193686 for CVE-2021-43813", url: "https://bugzilla.suse.com/1193686", }, { category: "external", summary: "SUSE Bug 1193688 for CVE-2021-43813", url: "https://bugzilla.suse.com/1193688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "moderate", }, ], title: "CVE-2021-43813", }, { cve: "CVE-2021-43815", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43815", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-43815", url: "https://www.suse.com/security/cve/CVE-2021-43815", }, { category: "external", summary: "SUSE Bug 1193686 for CVE-2021-43815", url: "https://bugzilla.suse.com/1193686", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "moderate", }, ], title: "CVE-2021-43815", }, { cve: "CVE-2022-21673", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21673", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-21673", url: "https://www.suse.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "SUSE Bug 1194873 for CVE-2022-21673", url: "https://bugzilla.suse.com/1194873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "moderate", }, ], title: "CVE-2022-21673", }, { cve: "CVE-2022-21702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21702", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-21702", url: "https://www.suse.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "SUSE Bug 1195726 for CVE-2022-21702", url: "https://bugzilla.suse.com/1195726", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "moderate", }, ], title: "CVE-2022-21702", }, { cve: "CVE-2022-21703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21703", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-21703", url: "https://www.suse.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "SUSE Bug 1195727 for CVE-2022-21703", url: "https://bugzilla.suse.com/1195727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "moderate", }, ], title: "CVE-2022-21703", }, { cve: "CVE-2022-21713", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21713", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-21713", url: "https://www.suse.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "SUSE Bug 1195728 for CVE-2022-21713", url: "https://bugzilla.suse.com/1195728", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.aarch64", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.ppc64le", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.s390x", "SUSE Manager Client Tools 15:grafana-8.3.5-150000.1.30.1.x86_64", "SUSE Manager Client Tools 15:mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Client Tools 15:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "SUSE Manager Client Tools 15:python3-mgr-cfg-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-actions-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-client-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-cfg-management-4.2.8-150000.1.24.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osa-common-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-osad-4.2.8-150000.1.36.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-push-4.2.5-150000.1.18.2.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-common-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-mgr-virtualization-host-4.2.4-150000.1.26.1.noarch", "SUSE Manager Client Tools 15:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:python3-spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:python3-suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Client Tools 15:spacecmd-4.2.16-150000.3.77.1.noarch", "SUSE Manager Client Tools 15:spacewalk-check-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-setup-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-client-tools-4.2.18-150000.3.59.1.noarch", "SUSE Manager Client Tools 15:spacewalk-koan-4.2.6-150000.3.27.1.noarch", "SUSE Manager Client Tools 15:spacewalk-oscap-4.2.4-150000.3.18.1.noarch", "SUSE Manager Client Tools 15:suseRegisterInfo-4.2.6-150000.3.21.1.noarch", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "SUSE Manager Server Module 4.2:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.aarch64", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.ppc64le", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.s390x", "openSUSE Leap 15.3:prometheus-postgres_exporter-0.10.0-150000.1.3.1.x86_64", "openSUSE Leap 15.3:python3-rhnlib-4.2.6-150000.3.34.1.noarch", "openSUSE Leap 15.3:spacecmd-4.2.16-150000.3.77.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-04-25T14:43:36Z", details: "moderate", }, ], title: "CVE-2022-21713", }, ], }
suse-su-2022:3676-1
Vulnerability from csaf_suse
Published
2022-10-20 11:40
Modified
2022-10-20 11:40
Summary
Security update for grafana
Notes
Title of the patch
Security update for grafana
Description of the patch
This update for grafana fixes the following issues:
Updated to version 8.5.13 (jsc#PED-2145, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565):
- CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation (bsc#1203596).
- CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is used (bsc#1203597).
- CVE-2022-31107: Fixed OAuth account takeover (bsc#1201539).
- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535).
- CVE-2022-21702: Fixed XSS vulnerability in handling data sources (bsc#1195726).
- CVE-2022-21703: Fixed cross-origin request forgery vulnerability (bsc#1195727).
- CVE-2022-21713: Fixed Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728).
- CVE-2022-21673: Fixed missing error return in GetUserInfo if no user was found (bsc#1194873).
- CVE-2021-43815: Fixed directory traversal for .csv files (bsc#1193686).
- CVE-2021-41244: Fixed incorrect access control vulnerability(bsc#1192763).
- CVE-2021-41174: Fixed XSS vulnerability on unauthenticated pages through interpolation binding expressions for AngularJS in URL (bsc#1192383).
- CVE-2021-3711: Fixed SM2 Decryption Buffer Overflow (bsc#1189520).
- CVE-2021-36222: Fixed a null pointer dereference in the KDC (bsc#1188571).
- CVE-2021-43798: Fixed arbitrary file read in the graph native plugin (bsc#1193492).
Patchnames
SUSE-2022-3676,SUSE-Storage-6-2022-3676
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grafana", title: "Title of the patch", }, { category: "description", text: "This update for grafana fixes the following issues:\n\nUpdated to version 8.5.13 (jsc#PED-2145, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565): \n \n- CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation (bsc#1203596). \n- CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is used (bsc#1203597). \n- CVE-2022-31107: Fixed OAuth account takeover (bsc#1201539). \n- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535). \n- CVE-2022-21702: Fixed XSS vulnerability in handling data sources (bsc#1195726). \n- CVE-2022-21703: Fixed cross-origin request forgery vulnerability (bsc#1195727). \n- CVE-2022-21713: Fixed Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728). \n- CVE-2022-21673: Fixed missing error return in GetUserInfo if no user was found (bsc#1194873). \n- CVE-2021-43815: Fixed directory traversal for .csv files (bsc#1193686). \n- CVE-2021-41244: Fixed incorrect access control vulnerability(bsc#1192763). \n- CVE-2021-41174: Fixed XSS vulnerability on unauthenticated pages through interpolation binding expressions for AngularJS in URL (bsc#1192383). \n- CVE-2021-3711: Fixed SM2 Decryption Buffer Overflow (bsc#1189520). \n- CVE-2021-36222: Fixed a null pointer dereference in the KDC (bsc#1188571). \n- CVE-2021-43798: Fixed arbitrary file read in the graph native plugin (bsc#1193492). \n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-3676,SUSE-Storage-6-2022-3676", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3676-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:3676-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223676-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:3676-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012594.html", }, { category: "self", summary: "SUSE Bug 1188571", url: "https://bugzilla.suse.com/1188571", }, { category: "self", summary: "SUSE Bug 1189520", url: "https://bugzilla.suse.com/1189520", }, { category: "self", summary: "SUSE Bug 1192383", url: "https://bugzilla.suse.com/1192383", }, { category: "self", summary: "SUSE Bug 1192763", url: "https://bugzilla.suse.com/1192763", }, { category: "self", summary: "SUSE Bug 1193492", url: "https://bugzilla.suse.com/1193492", }, { category: "self", summary: "SUSE Bug 1193686", url: "https://bugzilla.suse.com/1193686", }, { category: "self", summary: "SUSE Bug 1194873", url: "https://bugzilla.suse.com/1194873", }, { category: "self", summary: "SUSE Bug 1195726", url: "https://bugzilla.suse.com/1195726", }, { category: "self", summary: "SUSE Bug 1195727", url: "https://bugzilla.suse.com/1195727", }, { category: "self", summary: "SUSE Bug 1195728", url: "https://bugzilla.suse.com/1195728", }, { category: "self", summary: "SUSE Bug 1201535", url: "https://bugzilla.suse.com/1201535", }, { category: "self", summary: "SUSE Bug 1201539", url: "https://bugzilla.suse.com/1201539", }, { category: "self", summary: "SUSE Bug 1203596", url: "https://bugzilla.suse.com/1203596", }, { category: "self", summary: "SUSE Bug 1203597", url: "https://bugzilla.suse.com/1203597", }, { category: "self", summary: "SUSE CVE CVE-2021-36222 page", url: "https://www.suse.com/security/cve/CVE-2021-36222/", }, { category: "self", summary: "SUSE CVE CVE-2021-3711 page", url: "https://www.suse.com/security/cve/CVE-2021-3711/", }, { category: "self", summary: "SUSE CVE CVE-2021-41174 page", url: "https://www.suse.com/security/cve/CVE-2021-41174/", }, { category: "self", summary: "SUSE CVE CVE-2021-41244 page", url: "https://www.suse.com/security/cve/CVE-2021-41244/", }, { category: "self", summary: "SUSE CVE CVE-2021-43798 page", url: "https://www.suse.com/security/cve/CVE-2021-43798/", }, { category: "self", summary: "SUSE CVE CVE-2021-43815 page", url: "https://www.suse.com/security/cve/CVE-2021-43815/", }, { category: "self", summary: "SUSE CVE CVE-2022-21673 page", url: "https://www.suse.com/security/cve/CVE-2022-21673/", }, { category: "self", summary: "SUSE CVE CVE-2022-21702 page", url: "https://www.suse.com/security/cve/CVE-2022-21702/", }, { category: "self", summary: "SUSE CVE CVE-2022-21703 page", url: "https://www.suse.com/security/cve/CVE-2022-21703/", }, { category: "self", summary: "SUSE CVE CVE-2022-21713 page", url: "https://www.suse.com/security/cve/CVE-2022-21713/", }, { category: "self", summary: "SUSE CVE CVE-2022-31097 page", url: "https://www.suse.com/security/cve/CVE-2022-31097/", }, { category: "self", summary: "SUSE CVE CVE-2022-31107 page", url: "https://www.suse.com/security/cve/CVE-2022-31107/", }, { category: "self", summary: "SUSE CVE CVE-2022-35957 page", url: "https://www.suse.com/security/cve/CVE-2022-35957/", }, { category: "self", summary: "SUSE CVE CVE-2022-36062 page", url: "https://www.suse.com/security/cve/CVE-2022-36062/", }, ], title: "Security update for grafana", tracking: { current_release_date: "2022-10-20T11:40:04Z", generator: { date: "2022-10-20T11:40:04Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:3676-1", initial_release_date: "2022-10-20T11:40:04Z", revision_history: [ { date: "2022-10-20T11:40:04Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-8.5.13-150100.3.12.1.aarch64", product: { name: "grafana-8.5.13-150100.3.12.1.aarch64", product_id: "grafana-8.5.13-150100.3.12.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-8.5.13-150100.3.12.1.x86_64", product: { name: "grafana-8.5.13-150100.3.12.1.x86_64", product_id: "grafana-8.5.13-150100.3.12.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Enterprise Storage 6", product: { name: "SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6", product_identification_helper: { cpe: "cpe:/o:suse:ses:6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-8.5.13-150100.3.12.1.aarch64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", }, product_reference: "grafana-8.5.13-150100.3.12.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "grafana-8.5.13-150100.3.12.1.x86_64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", }, product_reference: "grafana-8.5.13-150100.3.12.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-36222", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-36222", }, ], notes: [ { category: "general", text: "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-36222", url: "https://www.suse.com/security/cve/CVE-2021-36222", }, { category: "external", summary: "SUSE Bug 1188571 for CVE-2021-36222", url: "https://bugzilla.suse.com/1188571", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "important", }, ], title: "CVE-2021-36222", }, { cve: "CVE-2021-3711", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3711", }, ], notes: [ { category: "general", text: "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3711", url: "https://www.suse.com/security/cve/CVE-2021-3711", }, { category: "external", summary: "SUSE Bug 1189520 for CVE-2021-3711", url: "https://bugzilla.suse.com/1189520", }, { category: "external", summary: "SUSE Bug 1190129 for CVE-2021-3711", url: "https://bugzilla.suse.com/1190129", }, { category: "external", summary: "SUSE Bug 1192100 for CVE-2021-3711", url: "https://bugzilla.suse.com/1192100", }, { category: "external", summary: "SUSE Bug 1205663 for CVE-2021-3711", url: "https://bugzilla.suse.com/1205663", }, { category: "external", summary: "SUSE Bug 1225628 for CVE-2021-3711", url: "https://bugzilla.suse.com/1225628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "critical", }, ], title: "CVE-2021-3711", }, { cve: "CVE-2021-41174", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41174", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor('alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41174", url: "https://www.suse.com/security/cve/CVE-2021-41174", }, { category: "external", summary: "SUSE Bug 1192383 for CVE-2021-41174", url: "https://bugzilla.suse.com/1192383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "moderate", }, ], title: "CVE-2021-41174", }, { cve: "CVE-2021-41244", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41244", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41244", url: "https://www.suse.com/security/cve/CVE-2021-41244", }, { category: "external", summary: "SUSE Bug 1192763 for CVE-2021-41244", url: "https://bugzilla.suse.com/1192763", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "critical", }, ], title: "CVE-2021-41244", }, { cve: "CVE-2021-43798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43798", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43798", url: "https://www.suse.com/security/cve/CVE-2021-43798", }, { category: "external", summary: "SUSE Bug 1193492 for CVE-2021-43798", url: "https://bugzilla.suse.com/1193492", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "important", }, ], title: "CVE-2021-43798", }, { cve: "CVE-2021-43815", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43815", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43815", url: "https://www.suse.com/security/cve/CVE-2021-43815", }, { category: "external", summary: "SUSE Bug 1193686 for CVE-2021-43815", url: "https://bugzilla.suse.com/1193686", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "moderate", }, ], title: "CVE-2021-43815", }, { cve: "CVE-2022-21673", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21673", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21673", url: "https://www.suse.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "SUSE Bug 1194873 for CVE-2022-21673", url: "https://bugzilla.suse.com/1194873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "moderate", }, ], title: "CVE-2022-21673", }, { cve: "CVE-2022-21702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21702", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21702", url: "https://www.suse.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "SUSE Bug 1195726 for CVE-2022-21702", url: "https://bugzilla.suse.com/1195726", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "moderate", }, ], title: "CVE-2022-21702", }, { cve: "CVE-2022-21703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21703", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21703", url: "https://www.suse.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "SUSE Bug 1195727 for CVE-2022-21703", url: "https://bugzilla.suse.com/1195727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "moderate", }, ], title: "CVE-2022-21703", }, { cve: "CVE-2022-21713", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21713", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21713", url: "https://www.suse.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "SUSE Bug 1195728 for CVE-2022-21713", url: "https://bugzilla.suse.com/1195728", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "moderate", }, ], title: "CVE-2022-21713", }, { cve: "CVE-2022-31097", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31097", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-31097", url: "https://www.suse.com/security/cve/CVE-2022-31097", }, { category: "external", summary: "SUSE Bug 1201535 for CVE-2022-31097", url: "https://bugzilla.suse.com/1201535", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "important", }, ], title: "CVE-2022-31097", }, { cve: "CVE-2022-31107", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31107", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-31107", url: "https://www.suse.com/security/cve/CVE-2022-31107", }, { category: "external", summary: "SUSE Bug 1201539 for CVE-2022-31107", url: "https://bugzilla.suse.com/1201539", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "important", }, ], title: "CVE-2022-31107", }, { cve: "CVE-2022-35957", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-35957", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-35957", url: "https://www.suse.com/security/cve/CVE-2022-35957", }, { category: "external", summary: "SUSE Bug 1203597 for CVE-2022-35957", url: "https://bugzilla.suse.com/1203597", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "moderate", }, ], title: "CVE-2022-35957", }, { cve: "CVE-2022-36062", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-36062", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-36062", url: "https://www.suse.com/security/cve/CVE-2022-36062", }, { category: "external", summary: "SUSE Bug 1203596 for CVE-2022-36062", url: "https://bugzilla.suse.com/1203596", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.aarch64", "SUSE Enterprise Storage 6:grafana-8.5.13-150100.3.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-20T11:40:04Z", details: "moderate", }, ], title: "CVE-2022-36062", }, ], }
suse-su-2022:3765-1
Vulnerability from csaf_suse
Published
2022-10-26 09:17
Modified
2022-10-26 09:17
Summary
Security update for grafana
Notes
Title of the patch
Security update for grafana
Description of the patch
This update for grafana fixes the following issues:
Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439):
- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535).
- CVE-2022-31107: Fixed OAuth account takeover vulnerability (bsc#1201539).
- CVE-2022-21702: Fixed XSS through attacker-controlled data source (bsc#1195726).
- CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727).
- CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728).
Patchnames
SUSE-2022-3765,SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3765,openSUSE-SLE-15.3-2022-3765,openSUSE-SLE-15.4-2022-3765
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for grafana", title: "Title of the patch", }, { category: "description", text: "This update for grafana fixes the following issues:\n\n Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439):\n\n - CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535).\n - CVE-2022-31107: Fixed OAuth account takeover vulnerability (bsc#1201539).\n - CVE-2022-21702: Fixed XSS through attacker-controlled data source (bsc#1195726).\n - CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727).\n - CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728).\n\n ", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-3765,SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3765,openSUSE-SLE-15.3-2022-3765,openSUSE-SLE-15.4-2022-3765", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3765-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:3765-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223765-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:3765-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012701.html", }, { category: "self", summary: "SUSE Bug 1195726", url: "https://bugzilla.suse.com/1195726", }, { category: "self", summary: "SUSE Bug 1195727", url: "https://bugzilla.suse.com/1195727", }, { category: "self", summary: "SUSE Bug 1195728", url: "https://bugzilla.suse.com/1195728", }, { category: "self", summary: "SUSE Bug 1201535", url: "https://bugzilla.suse.com/1201535", }, { category: "self", summary: "SUSE Bug 1201539", url: "https://bugzilla.suse.com/1201539", }, { category: "self", summary: "SUSE CVE CVE-2022-21702 page", url: "https://www.suse.com/security/cve/CVE-2022-21702/", }, { category: "self", summary: "SUSE CVE CVE-2022-21703 page", url: "https://www.suse.com/security/cve/CVE-2022-21703/", }, { category: "self", summary: "SUSE CVE CVE-2022-21713 page", url: "https://www.suse.com/security/cve/CVE-2022-21713/", }, { category: "self", summary: "SUSE CVE CVE-2022-31097 page", url: "https://www.suse.com/security/cve/CVE-2022-31097/", }, { category: "self", summary: "SUSE CVE CVE-2022-31107 page", url: "https://www.suse.com/security/cve/CVE-2022-31107/", }, ], title: "Security update for grafana", tracking: { current_release_date: "2022-10-26T09:17:37Z", generator: { date: "2022-10-26T09:17:37Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:3765-1", initial_release_date: "2022-10-26T09:17:37Z", revision_history: [ { date: "2022-10-26T09:17:37Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-8.3.10-150200.3.26.1.aarch64", product: { name: "grafana-8.3.10-150200.3.26.1.aarch64", product_id: "grafana-8.3.10-150200.3.26.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-8.3.10-150200.3.26.1.i586", product: { name: "grafana-8.3.10-150200.3.26.1.i586", product_id: "grafana-8.3.10-150200.3.26.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grafana-8.3.10-150200.3.26.1.ppc64le", product: { name: "grafana-8.3.10-150200.3.26.1.ppc64le", product_id: "grafana-8.3.10-150200.3.26.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-8.3.10-150200.3.26.1.s390x", product: { name: "grafana-8.3.10-150200.3.26.1.s390x", product_id: "grafana-8.3.10-150200.3.26.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grafana-8.3.10-150200.3.26.1.x86_64", product: { name: "grafana-8.3.10-150200.3.26.1.x86_64", product_id: "grafana-8.3.10-150200.3.26.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP4", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP4", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP4", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", }, product_reference: "grafana-8.3.10-150200.3.26.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP4", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", }, product_reference: "grafana-8.3.10-150200.3.26.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP4", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", }, product_reference: "grafana-8.3.10-150200.3.26.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP4", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", }, product_reference: "grafana-8.3.10-150200.3.26.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", }, product_reference: "grafana-8.3.10-150200.3.26.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", }, product_reference: "grafana-8.3.10-150200.3.26.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", }, product_reference: "grafana-8.3.10-150200.3.26.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", }, product_reference: "grafana-8.3.10-150200.3.26.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", }, product_reference: "grafana-8.3.10-150200.3.26.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", }, product_reference: "grafana-8.3.10-150200.3.26.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", }, product_reference: "grafana-8.3.10-150200.3.26.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.10-150200.3.26.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", }, product_reference: "grafana-8.3.10-150200.3.26.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, ], }, vulnerabilities: [ { cve: "CVE-2022-21702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21702", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21702", url: "https://www.suse.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "SUSE Bug 1195726 for CVE-2022-21702", url: "https://bugzilla.suse.com/1195726", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-26T09:17:37Z", details: "moderate", }, ], title: "CVE-2022-21702", }, { cve: "CVE-2022-21703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21703", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21703", url: "https://www.suse.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "SUSE Bug 1195727 for CVE-2022-21703", url: "https://bugzilla.suse.com/1195727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-26T09:17:37Z", details: "moderate", }, ], title: "CVE-2022-21703", }, { cve: "CVE-2022-21713", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21713", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21713", url: "https://www.suse.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "SUSE Bug 1195728 for CVE-2022-21713", url: "https://bugzilla.suse.com/1195728", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-26T09:17:37Z", details: "moderate", }, ], title: "CVE-2022-21713", }, { cve: "CVE-2022-31097", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31097", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-31097", url: "https://www.suse.com/security/cve/CVE-2022-31097", }, { category: "external", summary: "SUSE Bug 1201535 for CVE-2022-31097", url: "https://bugzilla.suse.com/1201535", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-26T09:17:37Z", details: "important", }, ], title: "CVE-2022-31097", }, { cve: "CVE-2022-31107", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31107", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-31107", url: "https://www.suse.com/security/cve/CVE-2022-31107", }, { category: "external", summary: "SUSE Bug 1201539 for CVE-2022-31107", url: "https://bugzilla.suse.com/1201539", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP4:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.3:grafana-8.3.10-150200.3.26.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.s390x", "openSUSE Leap 15.4:grafana-8.3.10-150200.3.26.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-26T09:17:37Z", details: "important", }, ], title: "CVE-2022-31107", }, ], }
suse-fu-2022:1419-1
Vulnerability from csaf_suse
Published
2022-04-27 07:20
Modified
2022-04-27 07:20
Summary
Feature update for grafana
Notes
Title of the patch
Feature update for grafana
Description of the patch
This update for grafana fixes the following issues:
Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23422)
- Security:
* CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726)
* CVE-2022-21703: cross-origin request forgery vulnerability (bsc#1195727)
* CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728)
* CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873)
* CVE-2021-43813, CVE-2021-43815, CVE-2021-41244, CVE-2021-41174, CVE-2021-43798, CVE-2021-39226.
* Upgrade Docker base image to Alpine 3.14.3.
* CVE-2021-3711: Docker: Force use of libcrypto1.1 and libssl1.1 versions
* Update dependencies to fix CVE-2021-36222.
* Upgrade Go to 1.17.2.
* Fix stylesheet injection vulnerability.
* Fix short URL vulnerability.
- License update:
* AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL).
- Breaking changes:
* Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting.
* Fix No Data behaviour in Legacy Alerting.
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
* `GET /dashboards/db/:slug`
* `GET /dashboard-solo/db/:slug`
* `GET /api/dashboard/db/:slug`
* `DELETE /api/dashboards/db/:slug`
* The default HTTP method for Prometheus data source is now POST.
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
- Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
- Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group bys.
* Configuration: You can now see your expired API keys if you have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single field.
* Export: Fix error when exporting dashboards using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of `$__rate_interval` variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin.
* Variables: Fix so data source variables are added to adhoc configuration.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with multiple fields.
* TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed variables.
* Variables: Fix so queryparam option works for scoped variables.
* Alerting: Clear alerting rule evaluation errors after intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only sets color.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring spanIDs.
* Tracing: Show start time of trace with milliseconds precision.
* Variables: Make renamed or missing variable section expandable.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data source.
* Azure monitor: Make sure alert rule editor is not enabled when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor.
* Dashboard: Remove the current panel from the list of options in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS field.
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series.
* Alerting: Fix a bug where the metric in the evaluation string was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL queries.
* Dashboards: 'Copy' is no longer added to new dashboard titles.
* DataProxy: Fix overriding response body when response is a WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field for date_histogram aggregations.
* Explore: Fix running queries without a datasource property set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
* Alerting: Fix panic when Slack's API sends unexpected response.
* Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is parsed to an object.
* Prometheus: the system did not reuse TCP connections when querying from Grafana alerting.
* Prometheus: error when a user created a query with a `$__interval` min step.
* RowsToFields: the system was not properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data min = data max.
* Table panel: You can now create a filter that includes special characters.
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not found.
* Packaging: Remove systemcallfilters sections from systemd unit files.
* Prometheus: Add Headers to HTTP client options.
* CodeEditor: Ensure that we trigger the latest onSave callback provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8 alert rules.
* Alerting: Fixed the silence file content generated during migration.
* Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use resultFormat.
* Loki: Fixed creating context query for logs with parsed labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable
input.
* Variables: Panel no longer crash when using the adhoc variable in data links.
* Admin: Prevent user from deleting user's current/active organization.
* LibraryPanels: Fix library panel getting saved in the dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All.
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
* BarChart: Fixes panel error that happens on second refresh.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly.
* Prometheus: Fix validate selector in metrics browser.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Elasticsearch: Fix metric names for alert queries.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* CloudWatch Logs: Fix crash when no region is selected.
* Annotations: Correct annotations that are displayed upon page refresh.
* Annotations: Fix Enabled button that disappeared from Grafana v8.0.6.
* Annotations: Fix data source template variable that was not available for annotations.
* AzureMonitor: Fix annotations query editor that does not load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list response.
* Loki: Update labels in log browser when time range changes in dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting -> Normal.
* PasswordField: Prevent a password from being displayed when you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Docker: Fix builds by delaying go mod verify until all required files are copied over.
* Exemplars: Fix disable exemplars only on the query that failed.
* SQL: Fix SQL dataframe resampling (fill mode + time intervals).
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
results.
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
created.
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
dashboard.
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
responses.
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
fields.
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
load.
* Variables: Refreshes all panels even if panel is full screen.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
set.
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Variables: Refreshes all panels even if panel is full screen.
* Alerting: Fix NoDataFound for alert rules using AND operator.
- Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource migration.
* BarChart: Use new data error view component to show actions in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic
* Alerting: Prevent folders from being deleted when they contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit panel.
* Visualizations: Limit y label width to 40% of visualization width.
* Alerting: Create DatasourceError alert if evaluation returns error.
* Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data sources and to the changelog.
* Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo and Zipkin.
* Alerting: Add UI for contact point testing with custom annotations and labels.
* Alerting: Make alert state indicator in panel header work with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time fields.
* Variables: Only update panels that are impacted by variable change.
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource filter query.
* Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in
LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations.
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation.
* Alerting: Allows more characters in label names so notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using `/api/v1/rules` endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with special characters.
* AccessControl: Document new permissions restricting data source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using configuration options.
* Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and
disabling them for specific organisations.
* CloudWatch: Introduced new math expression where it is necessary to specify the period field.
* InfluxDB: Added support for `$__interval` and `$__interval_ms` inFlux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them easier to locate.
* Alerting: Support org level isolation of notification configuration.
* AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request fails in ConfigEditor.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs.
* CloudWatch Logs: Disable query path using websockets (Live) feature.
* CloudWatch/Logs: Don't group dataframes for non time series queries.
* Cloudwatch: Migrate queries that use multiple stats to one query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource responses.
* Explore: Add filter by trace or span ID to trace to logs feature.
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing library elements.
* LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a
library panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Add stricter systemd unit options.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in everywhere.
* TimeRangePicker: Improve accessibility.
* Alerting: Support label matcher syntax in alert rule list filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Alerting: Expand the value string in alert annotations and labels.
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication proxy.
* Gazetteer: Update countries.json file to allow for linking to 3-letter country codes.
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
configuration.
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
Monitor Logs.
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
navigation.
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
metrics.
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
editor.
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
source.
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
queries.
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
- Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing.
* Select: Select menus now properly scroll during keyboard navigation.
* grafana/ui: Enable slider marks display.
* Plugins: Create a mock icon component to prevent console errors.
* Grafana UI: Fix TS error property css is missing in type.
* Toolkit: Fix matchMedia not found error.
* Toolkit: Improve error messages when tasks fail.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
* QueryField: Remove carriage return character from pasted text.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext (breaking change).
- Other changes:
* Update to Go 1.17.
* Add build-time dependency on `wire`.
Patchnames
SUSE-2022-1419,openSUSE-SLE-15.3-2022-1419,openSUSE-SLE-15.4-2022-1419
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Feature update for grafana", title: "Title of the patch", }, { category: "description", text: "This update for grafana fixes the following issues:\n\nUpdate from version 7.5.12 to version 8.3.5 (jsc#SLE-23422)\n\n- Security:\n\n * CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726)\n * CVE-2022-21703: cross-origin request forgery vulnerability (bsc#1195727)\n * CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728)\n * CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873)\n * CVE-2021-43813, CVE-2021-43815, CVE-2021-41244, CVE-2021-41174, CVE-2021-43798, CVE-2021-39226.\n * Upgrade Docker base image to Alpine 3.14.3.\n * CVE-2021-3711: Docker: Force use of libcrypto1.1 and libssl1.1 versions\n * Update dependencies to fix CVE-2021-36222.\n * Upgrade Go to 1.17.2.\n * Fix stylesheet injection vulnerability.\n * Fix short URL vulnerability.\n\n- License update:\n * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL).\n\n- Breaking changes:\n * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.\n * Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting.\n * Fix No Data behaviour in Legacy Alerting.\n * The following endpoints were deprecated for Grafana v5.0 and\n support for them has now been removed:\n * `GET /dashboards/db/:slug`\n * `GET /dashboard-solo/db/:slug`\n * `GET /api/dashboard/db/:slug`\n * `DELETE /api/dashboards/db/:slug`\n * The default HTTP method for Prometheus data source is now POST.\n * Removes the never refresh option for Query variables.\n * Removes the experimental Tags feature for Variables.\n\n- Deprecations:\n * The InfoBox & FeatureInfoBox are now deprecated please use\n the Alert component instead with severity info.\n\n- Bug fixes:\n * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns.\n * Azure Monitor: Improved error messages for variable queries.\n * CloudMonitoring: Fixes broken variable queries that use group bys.\n * Configuration: You can now see your expired API keys if you have no active ones.\n * Elasticsearch: Fix handling multiple datalinks for a single field.\n * Export: Fix error when exporting dashboards using query variables that reference the default datasource.\n * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid.\n * Login: Page no longer overflows on mobile.\n * Plugins: Set backend metadata property for core plugins.\n * Prometheus: Fill missing steps with null values.\n * Prometheus: Fix interpolation of `$__rate_interval` variable.\n * Prometheus: Interpolate variables with curly brackets syntax.\n * Prometheus: Respect the http-method data source setting.\n * Table: Fixes issue with field config applied to wrong fields when hiding columns.\n * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin.\n * Variables: Fix so data source variables are added to adhoc configuration.\n * AnnoListPanel: Fix interpolation of variables in tags.\n * CloudWatch: Allow queries to have no dimensions specified.\n * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0.\n * CloudWatch: Make sure MatchExact flag gets the right value.\n * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page.\n * InfluxDB: Improve handling of metadata query errors in InfluxQL.\n * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions.\n * Prometheus: Fix running of exemplar queries for non-histogram metrics.\n * Prometheus: Interpolate template variables in interval.\n * StateTimeline: Fix toolitp not showing when for frames with multiple fields.\n * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore.\n * Variables: Fix repeating panels for on time range changed variables.\n * Variables: Fix so queryparam option works for scoped variables.\n * Alerting: Clear alerting rule evaluation errors after intermittent failures.\n * Alerting: Fix refresh on legacy Alert List panel.\n * Dashboard: Fix queries for panels with non-integer widths.\n * Explore: Fix url update inconsistency.\n * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second.\n * ValueMappings: Fixes issue with regex value mapping that only sets color.\n * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1.\n * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor.\n * CodeEditor: Prevent suggestions from being clipped.\n * Dashboard: Fix cache timeout persistence.\n * Datasource: Fix stable sort order of query responses.\n * Explore: Fix error in query history when removing last item.\n * Logs: Fix requesting of older logs when flipped order.\n * Prometheus: Fix running of health check query based on access mode.\n * TextPanel: Fix suggestions for existing panels.\n * Tracing: Fix incorrect indentations due to reoccurring spanIDs.\n * Tracing: Show start time of trace with milliseconds precision.\n * Variables: Make renamed or missing variable section expandable.\n * API: Fix dashboard quota limit for imports.\n * Alerting: Fix rule editor issues with Azure Monitor data source.\n * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used.\n * CloudMonitoring: Fix annotation queries.\n * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor.\n * Dashboard: Remove the current panel from the list of options in the Dashboard datasource.\n * Encryption: Fix decrypting secrets in alerting migration.\n * InfluxDB: Fix corner case where index is too large in ALIAS field.\n * NavBar: Order App plugins alphabetically.\n * NodeGraph: Fix zooming sensitivity on touchpads.\n * Plugins: Add OAuth pass-through logic to api/ds/query endpoint.\n * Snapshots: Fix panel inspector for snapshot data.\n * Tempo: Fix basic auth password reset on adding tag.\n * ValueMapping: Fixes issue with regex mappings.\n * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series.\n * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated.\n * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator.\n * CloudMonitoring: Ignore min and max aggregation in MQL queries.\n * Dashboards: 'Copy' is no longer added to new dashboard titles.\n * DataProxy: Fix overriding response body when response is a WebSocket upgrade.\n * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations.\n * Explore: Fix running queries without a datasource property set.\n * InfluxDB: Fix numeric aliases in queries.\n * Plugins: Ensure consistent plugin settings list response.\n * Tempo: Fix validation of float durations.\n * Tracing: Correct tags for each span are shown.\n * Alerting: Fix panic when Slack's API sends unexpected response.\n * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default \n datasource.\n * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no \n results.\n * Graph: You can now see annotation descriptions on hover.\n * Logs: The system now uses the JSON parser only if the line is parsed to an object.\n * Prometheus: the system did not reuse TCP connections when querying from Grafana alerting.\n * Prometheus: error when a user created a query with a `$__interval` min step.\n * RowsToFields: the system was not properly interpreting number values.\n * Scale: We fixed how the system handles NaN percent when data min = data max.\n * Table panel: You can now create a filter that includes special characters.\n * Dashboard: Fix rendering of repeating panels.\n * Datasources: Fix deletion of data source if plugin is not found.\n * Packaging: Remove systemcallfilters sections from systemd unit files.\n * Prometheus: Add Headers to HTTP client options.\n * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component.\n * DashboardList/AlertList: Fix for missing All folder value.\n * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set.\n * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules.\n * Alerting: Fixed the silence file content generated during migration.\n * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights.\n * BarGauge: Fixed an issue where the cell color was lit even though there was no data.\n * BarGauge: Improved handling of streaming data.\n * CloudMonitoring: Fixed INT64 label unmarshal error.\n * ConfirmModal: Fixes confirm button focus on modal open.\n * Dashboard: Add option to generate short URL for variables with values containing spaces.\n * Explore: No longer hides errors containing refId property.\n * Fixed an issue that produced State timeline panel tooltip error when data was not in sync.\n * InfluxDB: InfluxQL query editor is set to always use resultFormat.\n * Loki: Fixed creating context query for logs with parsed labels.\n * PageToolbar: Fixed alignment of titles.\n * Plugins Catalog: Update to the list of available panels after an install, update or uninstall.\n * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel.\n * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable \n input.\n * Variables: Panel no longer crash when using the adhoc variable in data links.\n * Admin: Prevent user from deleting user's current/active organization.\n * LibraryPanels: Fix library panel getting saved in the dashboard's folder.\n * OAuth: Make generic teams URL and JMES path configurable.\n * QueryEditor: Fix broken copy-paste for mouse middle-click\n * Thresholds: Fix undefined color in 'Add threshold'.\n * Timeseries: Add wide-to-long, and fix multi-frame output.\n * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All.\n * Alerting: Fix alerts with evaluation interval more than 30\n seconds resolving before notification.\n * Elasticsearch/Prometheus: Fix usage of proper SigV4 service\n namespace.\n * BarChart: Fixes panel error that happens on second refresh.\n * Alerting: Fix notification channel migration.\n * Annotations: Fix blank panels for queries with unknown data\n sources.\n * BarChart: Fix stale values and x axis labels.\n * Graph: Make old graph panel thresholds work even if ngalert\n is enabled.\n * InfluxDB: Fix regex to identify / as separator.\n * LibraryPanels: Fix update issues related to library panels in\n rows.\n * Variables: Fix variables not updating inside a Panel when the\n preceding Row uses 'Repeat For'.\n * Alerting: Fix alert flapping in the internal alertmanager.\n * Alerting: Fix request handler failed to convert dataframe\n 'results' to plugins.DataTimeSeriesSlice: input frame is not\n recognized as a time series.\n * Dashboard: Fix UIDs are not preserved when importing/creating\n dashboards thru importing .json file.\n * Dashboard: Forces panel re-render when exiting panel edit.\n * Dashboard: Prevent folder from changing when navigating to\n general settings.\n * Elasticsearch: Fix metric names for alert queries.\n * Elasticsearch: Limit Histogram field parameter to numeric values.\n * Elasticsearch: Prevent pipeline aggregations to show up in\n terms order by options.\n * LibraryPanels: Prevent duplicate repeated panels from being created.\n * Loki: Fix ad-hoc filter in dashboard when used with parser.\n * Plugins: Track signed files + add warn log for plugin assets\n which are not signed.\n * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly.\n * Prometheus: Fix validate selector in metrics browser.\n * Alerting: Fix saving LINE contact point.\n * Annotations: Fix alerting annotation coloring.\n * Annotations: Alert annotations are now visible in the correct\n Panel.\n * Auth: Hide SigV4 config UI and disable middleware when its\n config flag is disabled.\n * Dashboard: Prevent incorrect panel layout by comparing window\n width against theme breakpoints.\n * Elasticsearch: Fix metric names for alert queries.\n * Explore: Fix showing of full log context.\n * PanelEdit: Fix 'Actual' size by passing the correct panel\n size to Dashboard.\n * Plugins: Fix TLS datasource settings.\n * Variables: Fix issue with empty drop downs on navigation.\n * Variables: Fix URL util converting false into true.\n * CloudWatch Logs: Fix crash when no region is selected.\n * Annotations: Correct annotations that are displayed upon page refresh.\n * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6.\n * Annotations: Fix data source template variable that was not available for annotations.\n * AzureMonitor: Fix annotations query editor that does not load.\n * Geomap: Fix scale calculations.\n * GraphNG: Fix y-axis autosizing.\n * Live: Display stream rate and fix duplicate channels in list response.\n * Loki: Update labels in log browser when time range changes in dashboard.\n * NGAlert: Send resolve signal to alertmanager on alerting -> Normal.\n * PasswordField: Prevent a password from being displayed when you click the Enter button.\n * Renderer: Remove debug.log file when Grafana is stopped.\n * Docker: Fix builds by delaying go mod verify until all required files are copied over.\n * Exemplars: Fix disable exemplars only on the query that failed.\n * SQL: Fix SQL dataframe resampling (fill mode + time intervals).\n * Alerting: Handle marshaling Inf values.\n * AzureMonitor: Fix macro resolution for template variables.\n * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes\n resources.\n * AzureMonitor: Request and concat subsequent resource pages.\n * Bug: Fix parse duration for day.\n * Datasources: Improve error handling for error messages.\n * Explore: Correct the functionality of shift-enter shortcut\n across all uses.\n * Explore: Show all dataFrames in data tab in Inspector.\n * GraphNG: Fix Tooltip mode 'All' for XYChart.\n * Loki: Fix highlight of logs when using filter expressions\n with backticks.\n * Modal: Force modal content to overflow with scroll.\n * Plugins: Ignore symlinked folders when verifying plugin\n signature.\n * Alerting: Fix improper alert by changing the handling of\n empty labels.\n * CloudWatch/Logs: Reestablish Cloud Watch alert behavior.\n * Dashboard: Avoid migration breaking on fieldConfig without\n defaults field in folded panel.\n * DashboardList: Fix issue not re-fetching dashboard list after\n variable change.\n * Database: Fix incorrect format of isolation level\n configuration parameter for MySQL.\n * InfluxDB: Correct tag filtering on InfluxDB data.\n * Links: Fix links that caused a full page reload.\n * Live: Fix HTTP error when InfluxDB metrics have an incomplete\n or asymmetrical field set.\n * Postgres/MySQL/MSSQL: Change time field to 'Time' for time\n series queries.\n * Postgres: Fix the handling of a null return value in query\n results.\n * Tempo: Show hex strings instead of uints for IDs.\n * TimeSeries: Improve tooltip positioning when tooltip\n overflows.\n * Transformations: Add 'prepare time series' transformer.\n * AzureMonitor: Fix issue where resource group name is missing\n on the resource picker button.\n * Chore: Fix AWS auth assuming role with workspace IAM.\n * DashboardQueryRunner: Fixes unrestrained subscriptions being\n created.\n * DateFormats: Fix reading correct setting key for\n use_browser_locale.\n * Links: Fix links to other apps outside Grafana when under sub\n path.\n * Snapshots: Fix snapshot absolute time range issue.\n * Table: Fix data link color.\n * Time Series: Fix X-axis time format when tick increment is\n larger than a year.\n * Tooltip Plugin: Prevent tooltip render if field is undefined.\n * Elasticsearch: Allow case sensitive custom options in\n date_histogram interval.\n * Elasticsearch: Restore previous field naming strategy when\n using variables.\n * Explore: Fix import of queries between SQL data sources.\n * InfluxDB: InfluxQL query editor: fix retention policy\n handling.\n * Loki: Send correct time range in template variable queries.\n * TimeSeries: Preserve RegExp series overrides when migrating\n from old graph panel.\n * Annotations: Fix annotation line and marker colors.\n * AzureMonitor: Fix KQL template variable queries without\n default workspace.\n * CloudWatch/Logs: Fix missing response data for log queries.\n * Elasticsearch: Restore previous field naming strategy when\n using variables.\n * LibraryPanels: Fix crash in library panels list when panel\n plugin is not found.\n * LogsPanel: Fix performance drop when moving logs panel in\n dashboard.\n * Loki: Parse log levels when ANSI coloring is enabled.\n * MSSQL: Fix issue with hidden queries still being executed.\n * PanelEdit: Display the VisualizationPicker that was not\n displayed if a panel has an unknown panel plugin.\n * Plugins: Fix loading symbolically linked plugins.\n * Prometheus: Fix issue where legend name was replaced with\n name Value in stat and gauge panels.\n * State Timeline: Fix crash when hovering over panel.\n * Configuration: Fix changing org preferences in FireFox.\n * PieChart: Fix legend dimension limits.\n * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.\n * Variables: Hide default data source if missing from regex.\n * Alerting/SSE: Fix 'count_non_null' reducer validation.\n * Cloudwatch: Fix duplicated time series.\n * Cloudwatch: Fix missing defaultRegion.\n * Dashboard: Fix Dashboard init failed error on dashboards with\n old singlestat panels in collapsed rows.\n * Datasource: Fix storing timeout option as numeric.\n * Postgres/MySQL/MSSQL: Fix annotation parsing for empty\n responses.\n * Postgres/MySQL/MSSQL: Numeric/non-string values are now\n returned from query variables.\n * Postgres: Fix an error that was thrown when the annotation\n query did not return any results.\n * StatPanel: Fix an issue with the appearance of the graph when\n switching color mode.\n * Visualizations: Fix an issue in the\n Stat/BarGauge/Gauge/PieChart panels where all values mode\n were showing the same name if they had the same value.\n * AzureMonitor: Fix Azure Resource Graph queries in Azure\n China.\n * Checkbox: Fix vertical layout issue with checkboxes due to\n fixed height.\n * Dashboard: Fix Table view when editing causes the panel data\n to not update.\n * Dashboard: Fix issues where unsaved-changes warning is not\n displayed.\n * Login: Fixes Unauthorized message showing when on login page\n or snapshot page.\n * NodeGraph: Fix sorting markers in grid view.\n * Short URL: Include orgId in generated short URLs.\n * Variables: Support raw values of boolean type.\n * Admin: Fix infinite loading edit on the profile page.\n * Color: Fix issues with random colors in string and date\n fields.\n * Dashboard: Fix issue with title or folder change has no\n effect after exiting settings view.\n * DataLinks: Fix an issue __series.name is not working in data\n link.\n * Datasource: Fix dataproxy timeout should always be applied\n for outgoing data source HTTP requests.\n * Elasticsearch: Fix NewClient not passing httpClientProvider\n to client impl.\n * Explore: Fix Browser title not updated on Navigation to\n Explore.\n * GraphNG: Remove fieldName and hideInLegend properties from\n UPlotSeriesBuilder.\n * OAuth: Fix fallback to auto_assign_org_role setting for Azure\n AD OAuth when no role claims exists.\n * PanelChrome: Fix issue with empty panel after adding a non\n data panel and coming back from panel edit.\n * StatPanel: Fix data link tooltip not showing for single\n value.\n * Table: Fix sorting for number fields.\n * Table: Have text underline for datalink, and add support for\n image datalink.\n * Time series panel: Position tooltip correctly when window is\n scrolled or resized.\n * Transformations: Prevent FilterByValue transform from\n crashing panel edit.\n * Annotations panel: Remove subpath from dashboard links.\n * Content Security Policy: Allow all image sources by default.\n * Content Security Policy: Relax default template wrt. loading\n of scripts, due to nonces not working.\n * Datasource: Fix tracing propagation for alert execution by\n introducing HTTP client outgoing tracing middleware.\n * InfluxDB: InfluxQL always apply time interval end.\n * Library Panels: Fixes 'error while loading library panels'.\n * NewsPanel: Fixes rendering issue in Safari.\n * PanelChrome: Fix queries being issued again when scrolling in\n and out of view.\n * Plugins: Fix Azure token provider cache panic and auth param\n nil value.\n * Snapshots: Fix key and deleteKey being ignored when creating\n an external snapshot.\n * Table: Fix issue with cell border not showing with colored\n background cells.\n * Table: Makes tooltip scrollable for long JSON values.\n * TimeSeries: Fix for Connected null values threshold toggle\n during panel editing.\n * Variables: Fixes inconsistent selected states on dashboard\n load.\n * Variables: Refreshes all panels even if panel is full screen.\n * APIKeys: Fixes issue with adding first api key.\n * Alerting: Add checks for non supported units - disable\n defaulting to seconds.\n * Alerting: Fix issue where Slack notifications won't link to\n user IDs.\n * Alerting: Omit empty message in PagerDuty notifier.\n * AzureMonitor: Fix migration error from older versions of App\n Insights queries.\n * CloudWatch: Fix AWS/Connect dimensions.\n * CloudWatch: Fix broken AWS/MediaTailor dimension name.\n * Dashboards: Allow string manipulation as advanced variable\n format option.\n * DataLinks: Includes harmless extended characters like\n Cyrillic characters.\n * Drawer: Fixes title overflowing its container.\n * Explore: Fix issue when some query errors were not shown.\n * Generic OAuth: Prevent adding duplicated users.\n * Graphite: Handle invalid annotations.\n * Graphite: Fix autocomplete when tags are not available.\n * InfluxDB: Fix Cannot read property 'length' of undefined in\n when parsing response.\n * Instrumentation: Enable tracing when Jaeger host and port are\n set.\n * Instrumentation: Prefix metrics with grafana.\n * MSSQL: By default let driver choose port.\n * OAuth: Add optional strict parsing of role_attribute_path.\n * Panel: Fixes description markdown with inline code being\n rendered on newlines and full width.\n * PanelChrome: Ignore data updates & errors for non data\n panels.\n * Permissions: Fix inherited folder permissions can prevent new\n permissions being added to a dashboard.\n * Plugins: Remove pre-existing plugin installs when installing\n with grafana-cli.\n * Plugins: Support installing to folders with whitespace and\n fix pluginUrl trailing and leading whitespace failures.\n * Postgres/MySQL/MSSQL: Don't return connection failure details\n to the client.\n * Postgres: Fix ms precision of interval in time group macro\n when TimescaleDB is enabled.\n * Provisioning: Use dashboard checksum field as change\n indicator.\n * SQL: Fix so that all captured errors are returned from sql\n engine.\n * Shortcuts: Fixes panel shortcuts so they always work.\n * Table: Fixes so border is visible for cells with links.\n * Variables: Clear query when data source type changes.\n * Variables: Filters out builtin variables from unknown list.\n * Variables: Refreshes all panels even if panel is full screen.\n * Alerting: Fix NoDataFound for alert rules using AND operator.\n\n- Features and enhancements:\n * Alerting: Allow configuration of non-ready alertmanagers.\n * Alerting: Allow customization of Google chat message.\n * AppPlugins: Support app plugins with only default nav.\n * InfluxDB: query editor: skip fields in metadata queries.\n * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana.\n * Prometheus: Forward oauth tokens after prometheus datasource migration.\n * BarChart: Use new data error view component to show actions in panel edit.\n * CloudMonitor: Iterate over pageToken for resources.\n * Macaron: Prevent WriteHeader invalid HTTP status code panic\n * Alerting: Prevent folders from being deleted when they contain alerts.\n * Alerting: Show full preview value in tooltip.\n * BarGauge: Limit title width when name is really long.\n * CloudMonitoring: Avoid to escape regexps in filters.\n * CloudWatch: Add support for AWS Metric Insights.\n * TooltipPlugin: Remove other panels' shared tooltip in edit panel.\n * Visualizations: Limit y label width to 40% of visualization width.\n * Alerting: Create DatasourceError alert if evaluation returns error.\n * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting.\n * Alerting: Support mute timings configuration through the api for the embedded alert manager.\n * CloudWatch: Add missing AWS/Events metrics.\n * Docs: Add easier to find deprecation notices to certain data sources and to the changelog.\n * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag.\n * Table: Add space between values for the DefaultCell and JSONViewCell.\n * Tracing: Make query editors available in dashboard for Tempo and Zipkin.\n * Alerting: Add UI for contact point testing with custom annotations and labels.\n * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts.\n * Alerting: Option for Discord notifier to use webhook name.\n * Annotations: Deprecate AnnotationsSrv.\n * Auth: Omit all base64 paddings in JWT tokens for the JWT auth.\n * Azure Monitor: Clean up fields when editing Metrics.\n * AzureMonitor: Add new starter dashboards.\n * AzureMonitor: Add starter dashboard for app monitoring with Application Insights.\n * Barchart/Time series: Allow x axis label.\n * CLI: Improve error handling for installing plugins.\n * CloudMonitoring: Migrate to use backend plugin SDK contracts.\n * CloudWatch Logs: Add retry strategy for hitting max concurrent queries.\n * CloudWatch: Add AWS RoboMaker metrics and dimension.\n * CloudWatch: Add AWS Transfer metrics and dimension.\n * Dashboard: replace datasource name with a reference object.\n * Dashboards: Show logs on time series when hovering.\n * Elasticsearch: Add support for Elasticsearch 8.0 (Beta).\n * Elasticsearch: Add time zone setting to Date Histogram aggregation.\n * Elasticsearch: Enable full range log volume histogram.\n * Elasticsearch: Full range logs volume.\n * Explore: Allow changing the graph type.\n * Explore: Show ANSI colors when highlighting matched words in the logs panel.\n * Graph(old) panel: Listen to events from Time series panel.\n * Import: Load gcom dashboards from URL.\n * LibraryPanels: Improves export and import of library panels between orgs.\n * OAuth: Support PKCE.\n * Panel edit: Overrides now highlight correctly when searching.\n * PanelEdit: Display drag indicators on draggable sections.\n * Plugins: Refactor Plugin Management.\n * Prometheus: Add custom query parameters when creating PromLink url.\n * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser.\n * StateTimeline: Share cursor with rest of the panels.\n * Tempo: Add error details when json upload fails.\n * Tempo: Add filtering for service graph query.\n * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics.\n * Time series/Bar chart panel: Add ability to sort series via legend.\n * TimeSeries: Allow multiple axes for the same unit.\n * TraceView: Allow span links defined on dataFrame.\n * Transformations: Support a rows mode in labels to fields.\n * ValueMappings: Don't apply field config defaults to time fields.\n * Variables: Only update panels that are impacted by variable change.\n * Annotations: We have improved tag search performance.\n * Application: You can now configure an error-template title.\n * AzureMonitor: We removed a restriction from the resource filter query.\n * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in \n LXC environments.\n * Prometheus: We removed the autocomplete limit for metrics.\n * Table: We improved the styling of the type icons to make them more distinct from column / field name.\n * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations.\n * AWS: Updated AWS authentication documentation.\n * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation.\n * Alerting: Allows more characters in label names so notifications are sent.\n * Alerting: Get alert rules for a dashboard or a panel using `/api/v1/rules` endpoints.\n * Annotations: Improved rendering performance of event markers.\n * CloudWatch Logs: Skip caching for log queries.\n * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo.\n * Packaging: Add stricter systemd unit options.\n * Prometheus: Metrics browser can now handle label values with special characters.\n * AccessControl: Document new permissions restricting data source access.\n * TimePicker: Add fiscal years and search to time picker.\n * Alerting: Added support for Unified Alerting with Grafana HA.\n * Alerting: Added support for tune rule evaluation using configuration options.\n * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts.\n * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and \n disabling them for specific organisations.\n * CloudWatch: Introduced new math expression where it is necessary to specify the period field.\n * InfluxDB: Added support for `$__interval` and `$__interval_ms` inFlux queries for alerting.\n * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision.\n * Plugins Catalog: Make the catalog the default way to interact with plugins.\n * Prometheus: Removed autocomplete limit for metrics.\n * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration.\n * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval.\n * Alerting: Add a Test button to test contact point.\n * Alerting: Allow creating/editing recording rules for Loki and Cortex.\n * Alerting: Metrics should have the label org instead of user.\n * Alerting: Sort notification channels by name to make them easier to locate.\n * Alerting: Support org level isolation of notification configuration.\n * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph.\n * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services.\n * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor.\n * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs.\n * CloudWatch Logs: Disable query path using websockets (Live) feature.\n * CloudWatch/Logs: Don't group dataframes for non time series queries.\n * Cloudwatch: Migrate queries that use multiple stats to one query per stat.\n * Dashboard: Keep live timeseries moving left (v2).\n * Datasources: Introduce response_limit for datasource responses.\n * Explore: Add filter by trace or span ID to trace to logs feature.\n * Explore: Download traces as JSON in Explore Inspector.\n * Explore: Reuse Dashboard's QueryRows component.\n * Explore: Support custom display label for derived fields buttons for Loki datasource.\n * Grafana UI: Update monaco-related dependencies.\n * Graphite: Deprecate browser access mode.\n * InfluxDB: Improve handling of intervals in alerting.\n * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better.\n * Jaeger: Add ability to upload JSON file for trace data.\n * LibraryElements: Enable specifying UID for new and existing library elements.\n * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a \n library panel from the dashboard view.\n * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order.\n * Loki: Add fuzzy search to label browser.\n * Navigation: Implement active state for items in the Sidemenu.\n * Packaging: Add stricter systemd unit options.\n * Packaging: Update PID file location from /var/run to /run.\n * Plugins: Add Hide OAuth Forward config option.\n * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed.\n * Prometheus: Add browser access mode deprecation warning.\n * Prometheus: Add interpolation for built-in-time variables to backend.\n * Tempo: Add ability to upload trace data in JSON format.\n * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels.\n * Transformations: Convert field types to time string number or boolean.\n * Value mappings: Add regular-expression based value mapping.\n * Zipkin: Add ability to upload trace JSON.\n * Explore: Ensure logs volume bar colors match legend colors.\n * LDAP: Search all DNs for users.\n * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers.\n * Datasource: Change HTTP status code for failed datasource\n health check to 400.\n * Explore: Add span duration to left panel in trace viewer.\n * Plugins: Use file extension allowlist when serving plugin\n assets instead of checking for UNIX executable.\n * Profiling: Add support for binding pprof server to custom\n network interfaces.\n * Search: Make search icon keyboard navigable.\n * Template variables: Keyboard navigation improvements.\n * Tooltip: Display ms within minute time range.\n * Alerting: Deduplicate receivers during migration.\n * ColorPicker: Display colors as RGBA.\n * Select: Make portalling the menu opt-in, but opt-in everywhere.\n * TimeRangePicker: Improve accessibility.\n * Alerting: Support label matcher syntax in alert rule list filter.\n * IconButton: Put tooltip text as aria-label.\n * Live: Experimental HA with Redis.\n * UI: FileDropzone component.\n * CloudWatch: Add AWS LookoutMetrics.\n * Alerting: Expand the value string in alert annotations and labels.\n * Auth: Add Azure HTTP authentication middleware.\n * Auth: Auth: Pass user role when using the authentication proxy.\n * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes.\n * Alerting: Add Alertmanager notifications tab.\n * Alerting: Add button to deactivate current Alertmanager\n configuration.\n * Alerting: Add toggle in Loki/Prometheus data source\n configuration to opt out of alerting UI.\n * Alerting: Allow any 'evaluate for' value >=0 in the alert\n rule form.\n * Alerting: Load default configuration from status endpoint, if\n Cortex Alertmanager returns empty user configuration. \n * Alerting: view to display alert rule and its underlying data.\n * Annotation panel: Release the annotation panel.\n * Annotations: Add typeahead support for tags in built-in\n annotations.\n * AzureMonitor: Add curated dashboards for Azure services.\n * AzureMonitor: Add support for deep links to Microsoft Azure\n portal for Metrics.\n * AzureMonitor: Remove support for different credentials for\n Azure Monitor Logs.\n * AzureMonitor: Support querying any Resource for Logs queries.\n * Elasticsearch: Add frozen indices search support.\n * Elasticsearch: Name fields after template variables values\n instead of their name.\n * Elasticsearch: add rate aggregation.\n * Email: Allow configuration of content types for email\n notifications.\n * Explore: Add more meta information when line limit is hit.\n * Explore: UI improvements to trace view.\n * FieldOverrides: Added support to change display name in an\n override field and have it be matched by a later rule.\n * HTTP Client: Introduce dataproxy_max_idle_connections config\n variable.\n * InfluxDB: InfluxQL: adds tags to timeseries data.\n * InfluxDB: InfluxQL: make measurement search case insensitive.\n Legacy Alerting: Replace simplejson with a struct in webhook\n notification channel.\n * Legend: Updates display name for Last (not null) to just\n Last*.\n * Logs panel: Add option to show common labels.\n * Loki: Add $__range variable.\n * Loki: Add support for 'label_values(log stream selector,\n label)' in templating.\n * Loki: Add support for ad-hoc filtering in dashboard.\n * MySQL Datasource: Add timezone parameter.\n * NodeGraph: Show gradient fields in legend.\n * PanelOptions: Don't mutate panel options/field config object\n when updating.\n * PieChart: Make pie gradient more subtle to match other\n charts.\n * Prometheus: Update PromQL typeahead and highlighting.\n * Prometheus: interpolate variable for step field.\n * Provisioning: Improve validation by validating across all\n dashboard providers.\n * SQL Datasources: Allow multiple string/labels columns with\n time series.\n * Select: Portal select menu to document.body.\n * Team Sync: Add group mapping to support team sync in the\n Generic OAuth provider.\n * Tooltip: Make active series more noticeable.\n * Tracing: Add support to configure trace to logs start and end\n time.\n * Transformations: Skip merge when there is only a single data\n frame.\n * ValueMapping: Added support for mapping text to color,\n boolean values, NaN and Null. Improved UI for value mapping.\n * Visualizations: Dynamically set any config (min, max, unit,\n color, thresholds) from query results.\n * live: Add support to handle origin without a value for the\n port when matching with root_url.\n * Alerting: Add annotation upon alert state change.\n * Alerting: Allow space in label and annotation names.\n * InfluxDB: Improve legend labels for InfluxDB query results.\n * Cloudwatch Logs: Send error down to client.\n * Folders: Return 409 Conflict status when folder already\n exists.\n * TimeSeries: Do not show series in tooltip if it's hidden in\n the viz.\n * Live: Rely on app url for origin check.\n * PieChart: Sort legend descending, update placeholder.\n * TimeSeries panel: Do not reinitialize plot when thresholds\n mode change.\n * Alerting: Increase alertmanager_conf column if MySQL.\n * Time series/Bar chart panel: Handle infinite numbers as nulls\n when converting to plot array.\n * TimeSeries: Ensure series overrides that contain color are\n migrated, and migrate the previous fieldConfig when changing\n the panel type.\n * ValueMappings: Improve singlestat value mappings migration.\n * Datasource: Add support for max_conns_per_host in dataproxy\n settings.\n * AzureMonitor: Require default subscription for workspaces()\n template variable query.\n * AzureMonitor: Use resource type display names in the UI.\n * Dashboard: Remove support for loading and deleting dashboard\n by slug.\n * InfluxDB: Deprecate direct browser access in data source.\n * VizLegend: Add a read-only property.\n * API: Support folder UID in dashboards API.\n * Alerting: Add support for configuring avatar URL for the\n Discord notifier.\n * Alerting: Clarify that Threema Gateway Alerts support only\n Basic IDs.\n * Azure: Expose Azure settings to external plugins.\n * AzureMonitor: Deprecate using separate credentials for Azure\n Monitor Logs.\n * AzureMonitor: Display variables in resource picker for Azure\n Monitor Logs.\n * AzureMonitor: Hide application insights for data sources not\n using it.\n * AzureMonitor: Support querying subscriptions and resource\n groups in Azure Monitor Logs.\n * AzureMonitor: remove requirement for default subscription.\n * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.\n * CloudWatch: Add missing AWS AppSync metrics.\n * ConfirmModal: Auto focus delete button.\n * Explore: Add caching for queries that are run from logs\n navigation.\n * Loki: Add formatting for annotations.\n * Loki: Bring back processed bytes as meta information.\n * NodeGraph: Display node graph collapsed by default with trace\n view.\n * Overrides: Include a manual override option to hide something\n from visualization.\n * PieChart: Support row data in pie charts.\n * Prometheus: Update default HTTP method to POST for existing\n data sources.\n * Time series panel: Position tooltip correctly when window is\n scrolled or resized.\n * AppPlugins: Expose react-router to apps.\n * AzureMonitor: Add Azure Resource Graph.\n * AzureMonitor: Managed Identity configuration UI.\n * AzureMonitor: Token provider with support for Managed\n Identities.\n * AzureMonitor: Update Logs workspace() template variable query\n to return resource URIs.\n * BarChart: Value label sizing.\n * CloudMonitoring: Add support for preprocessing.\n * CloudWatch: Add AWS/EFS StorageBytes metric.\n * CloudWatch: Allow use of missing AWS namespaces using custom\n metrics.\n * Datasource: Shared HTTP client provider for core backend data\n sources and any data source using the data source proxy.\n * InfluxDB: InfluxQL: allow empty tag values in the query\n editor.\n * Instrumentation: Instrument incoming HTTP request with\n histograms by default.\n * Library Panels: Add name endpoint & unique name validation to\n AddLibraryPanelModal.\n * Logs panel: Support details view.\n * PieChart: Always show the calculation options dropdown in the\n editor.\n * PieChart: Remove beta flag.\n * Plugins: Enforce signing for all plugins.\n * Plugins: Remove support for deprecated backend plugin\n protocol version.\n * Tempo/Jaeger: Add better display name to legend.\n * Timeline: Add time range zoom.\n * Timeline: Adds opacity & line width option.\n * Timeline: Value text alignment option.\n * ValueMappings: Add duplicate action, and disable dismiss on\n backdrop click.\n * Zipkin: Add node graph view to trace response.\n * API: Add org users with pagination.\n * API: Return 404 when deleting nonexistent API key.\n * API: Return query results as JSON rather than base64 encoded\n Arrow.\n * Alerting: Allow sending notification tags to Opsgenie as\n extra properties.\n * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with\n Alert.\n * Auth: Add support for JWT Authentication.\n * AzureMonitor: Add support for\n Microsoft.SignalRService/SignalR metrics.\n * AzureMonitor: Azure settings in Grafana server config.\n * AzureMonitor: Migrate Metrics query editor to React.\n * BarChart panel: enable series toggling via legend.\n * BarChart panel: Adds support for Tooltip in BarChartPanel.\n * PieChart panel: Change look of highlighted pie slices.\n * CloudMonitoring: Migrate config editor from angular to react.\n * CloudWatch: Add Amplify Console metrics and dimensions.\n * CloudWatch: Add missing Redshift metrics to CloudWatch data\n source.\n * CloudWatch: Add metrics for managed RabbitMQ service.\n * DashboardList: Enable templating on search tag input.\n * Datasource config: correctly remove single custom http\n header.\n * Elasticsearch: Add generic support for template variables.\n * Elasticsearch: Allow omitting field when metric supports\n inline script.\n * Elasticsearch: Allow setting a custom limit for log queries.\n * Elasticsearch: Guess field type from first non-empty value.\n * Elasticsearch: Use application/x-ndjson content type for\n multisearch requests.\n * Elasticsearch: Use semver strings to identify ES version.\n * Explore: Add logs navigation to request more logs.\n * Explore: Map Graphite queries to Loki.\n * Explore: Scroll split panes in Explore independently.\n * Explore: Wrap each panel in separate error boundary.\n * FieldDisplay: Smarter naming of stat values when visualising\n row values (all values) in stat panels.\n * Graphite: Expand metric names for variables.\n * Graphite: Handle unknown Graphite functions without breaking\n the visual editor.\n * Graphite: Show graphite functions descriptions.\n * Graphite: Support request cancellation properly (Uses new\n backendSrv.fetch Observable request API).\n * InfluxDB: Flux: Improve handling of complex\n response-structures.\n * InfluxDB: Support region annotations.\n * Inspector: Download logs for manual processing.\n * Jaeger: Add node graph view for trace.\n * Jaeger: Search traces.\n * Loki: Use data source settings for alerting queries.\n * NodeGraph: Exploration mode.\n * OAuth: Add support for empty scopes.\n * PanelChrome: New logic-less emotion based component with no\n dependency on PanelModel or DashboardModel.\n * PanelEdit: Adds a table view toggle to quickly view data in\n table form.\n * PanelEdit: Highlight matched words when searching options.\n * PanelEdit: UX improvements.\n * Plugins: PanelRenderer and simplified QueryRunner to be used\n from plugins.\n * Plugins: AuthType in route configuration and params\n interpolation.\n * Plugins: Enable plugin runtime install/uninstall\n capabilities.\n * Plugins: Support set body content in plugin routes.\n * Plugins: Introduce marketplace app.\n * Plugins: Moving the DataSourcePicker to grafana/runtime so it\n can be reused in plugins.\n * Prometheus: Add custom query params for alert and exemplars\n queries.\n * Prometheus: Use fuzzy string matching to autocomplete metric\n names and label.\n * Routing: Replace Angular routing with react-router.\n * Slack: Use chat.postMessage API by default.\n * Tempo: Search for Traces by querying Loki directly from\n Tempo.\n * Tempo: Show graph view of the trace.\n * Themes: Switch theme without reload using global shortcut.\n * TimeSeries panel: Add support for shared cursor.\n * TimeSeries panel: Do not crash the panel if there is no time\n series data in the response.\n * Variables: Do not save repeated panels, rows and scopedVars.\n * Variables: Removes experimental Tags feature.\n * Variables: Removes the never refresh option.\n * Visualizations: Unify tooltip options across visualizations.\n * Visualizations: Refactor and unify option creation between\n new visualizations.\n * Visualizations: Remove singlestat panel.\n\n- Plugin development fixes & changes:\n * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing.\n * Select: Select menus now properly scroll during keyboard navigation.\n * grafana/ui: Enable slider marks display.\n * Plugins: Create a mock icon component to prevent console errors.\n * Grafana UI: Fix TS error property css is missing in type.\n * Toolkit: Fix matchMedia not found error.\n * Toolkit: Improve error messages when tasks fail.\n * Toolkit: Resolve external fonts when Grafana is served from a\n sub path.\n * QueryField: Remove carriage return character from pasted text.\n * Button: Introduce buttonStyle prop.\n * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode.\n * grafana/ui: Update React Hook Form to v7.\n * IconButton: Introduce variant for red and blue icon buttons.\n * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone.\n * TagsInput: Add className to TagsInput.\n * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change).\n\n- Other changes:\n\n * Update to Go 1.17.\n * Add build-time dependency on `wire`.\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-1419,openSUSE-SLE-15.3-2022-1419,openSUSE-SLE-15.4-2022-1419", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-fu-2022_1419-1.json", }, { category: "self", summary: "URL for SUSE-FU-2022:1419-1", url: "https://www.suse.com/support/update/announcement//suse-fu-20221419-1/", }, { category: "self", summary: "E-Mail link for SUSE-FU-2022:1419-1", url: "https://lists.suse.com/pipermail/sle-updates/2022-April/022823.html", }, { category: "self", summary: "SUSE Bug 1194873", url: "https://bugzilla.suse.com/1194873", }, { category: "self", summary: "SUSE Bug 1195726", url: "https://bugzilla.suse.com/1195726", }, { category: "self", summary: "SUSE Bug 1195727", url: "https://bugzilla.suse.com/1195727", }, { category: "self", summary: "SUSE Bug 1195728", url: "https://bugzilla.suse.com/1195728", }, { category: "self", summary: "SUSE CVE CVE-2021-36222 page", url: "https://www.suse.com/security/cve/CVE-2021-36222/", }, { category: "self", summary: "SUSE CVE CVE-2021-3711 page", url: "https://www.suse.com/security/cve/CVE-2021-3711/", }, { category: "self", summary: "SUSE CVE CVE-2021-39226 page", url: "https://www.suse.com/security/cve/CVE-2021-39226/", }, { category: "self", summary: "SUSE CVE CVE-2021-41174 page", url: "https://www.suse.com/security/cve/CVE-2021-41174/", }, { category: "self", summary: "SUSE CVE CVE-2021-41244 page", url: "https://www.suse.com/security/cve/CVE-2021-41244/", }, { category: "self", summary: "SUSE CVE CVE-2021-43798 page", url: "https://www.suse.com/security/cve/CVE-2021-43798/", }, { category: "self", summary: "SUSE CVE CVE-2021-43813 page", url: "https://www.suse.com/security/cve/CVE-2021-43813/", }, { category: "self", summary: "SUSE CVE CVE-2021-43815 page", url: "https://www.suse.com/security/cve/CVE-2021-43815/", }, { category: "self", summary: "SUSE CVE CVE-2022-21673 page", url: "https://www.suse.com/security/cve/CVE-2022-21673/", }, { category: "self", summary: "SUSE CVE CVE-2022-21702 page", url: "https://www.suse.com/security/cve/CVE-2022-21702/", }, { category: "self", summary: "SUSE CVE CVE-2022-21703 page", url: "https://www.suse.com/security/cve/CVE-2022-21703/", }, { category: "self", summary: "SUSE CVE CVE-2022-21713 page", url: "https://www.suse.com/security/cve/CVE-2022-21713/", }, ], title: "Feature update for grafana", tracking: { current_release_date: "2022-04-27T07:20:15Z", generator: { date: "2022-04-27T07:20:15Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-FU-2022:1419-1", initial_release_date: "2022-04-27T07:20:15Z", revision_history: [ { date: "2022-04-27T07:20:15Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-8.3.5-150200.3.21.1.aarch64", product: { name: "grafana-8.3.5-150200.3.21.1.aarch64", product_id: "grafana-8.3.5-150200.3.21.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-150200.3.21.1.i586", product: { name: "grafana-8.3.5-150200.3.21.1.i586", product_id: "grafana-8.3.5-150200.3.21.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-150200.3.21.1.ppc64le", product: { name: "grafana-8.3.5-150200.3.21.1.ppc64le", product_id: "grafana-8.3.5-150200.3.21.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-150200.3.21.1.s390x", product: { name: "grafana-8.3.5-150200.3.21.1.s390x", product_id: "grafana-8.3.5-150200.3.21.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-150200.3.21.1.x86_64", product: { name: "grafana-8.3.5-150200.3.21.1.x86_64", product_id: "grafana-8.3.5-150200.3.21.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150200.3.21.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", }, product_reference: "grafana-8.3.5-150200.3.21.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150200.3.21.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", }, product_reference: "grafana-8.3.5-150200.3.21.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150200.3.21.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", }, product_reference: "grafana-8.3.5-150200.3.21.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150200.3.21.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", }, product_reference: "grafana-8.3.5-150200.3.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150200.3.21.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", }, product_reference: "grafana-8.3.5-150200.3.21.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150200.3.21.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", }, product_reference: "grafana-8.3.5-150200.3.21.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150200.3.21.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", }, product_reference: "grafana-8.3.5-150200.3.21.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-150200.3.21.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", }, product_reference: "grafana-8.3.5-150200.3.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-36222", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-36222", }, ], notes: [ { category: "general", text: "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-36222", url: "https://www.suse.com/security/cve/CVE-2021-36222", }, { category: "external", summary: "SUSE Bug 1188571 for CVE-2021-36222", url: "https://bugzilla.suse.com/1188571", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "important", }, ], title: "CVE-2021-36222", }, { cve: "CVE-2021-3711", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3711", }, ], notes: [ { category: "general", text: "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3711", url: "https://www.suse.com/security/cve/CVE-2021-3711", }, { category: "external", summary: "SUSE Bug 1189520 for CVE-2021-3711", url: "https://bugzilla.suse.com/1189520", }, { category: "external", summary: "SUSE Bug 1190129 for CVE-2021-3711", url: "https://bugzilla.suse.com/1190129", }, { category: "external", summary: "SUSE Bug 1192100 for CVE-2021-3711", url: "https://bugzilla.suse.com/1192100", }, { category: "external", summary: "SUSE Bug 1205663 for CVE-2021-3711", url: "https://bugzilla.suse.com/1205663", }, { category: "external", summary: "SUSE Bug 1225628 for CVE-2021-3711", url: "https://bugzilla.suse.com/1225628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "critical", }, ], title: "CVE-2021-3711", }, { cve: "CVE-2021-39226", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-39226", }, ], notes: [ { category: "general", text: "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-39226", url: "https://www.suse.com/security/cve/CVE-2021-39226", }, { category: "external", summary: "SUSE Bug 1191454 for CVE-2021-39226", url: "https://bugzilla.suse.com/1191454", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "important", }, ], title: "CVE-2021-39226", }, { cve: "CVE-2021-41174", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41174", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor('alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41174", url: "https://www.suse.com/security/cve/CVE-2021-41174", }, { category: "external", summary: "SUSE Bug 1192383 for CVE-2021-41174", url: "https://bugzilla.suse.com/1192383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "moderate", }, ], title: "CVE-2021-41174", }, { cve: "CVE-2021-41244", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41244", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41244", url: "https://www.suse.com/security/cve/CVE-2021-41244", }, { category: "external", summary: "SUSE Bug 1192763 for CVE-2021-41244", url: "https://bugzilla.suse.com/1192763", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "critical", }, ], title: "CVE-2021-41244", }, { cve: "CVE-2021-43798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43798", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43798", url: "https://www.suse.com/security/cve/CVE-2021-43798", }, { category: "external", summary: "SUSE Bug 1193492 for CVE-2021-43798", url: "https://bugzilla.suse.com/1193492", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "important", }, ], title: "CVE-2021-43798", }, { cve: "CVE-2021-43813", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43813", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43813", url: "https://www.suse.com/security/cve/CVE-2021-43813", }, { category: "external", summary: "SUSE Bug 1193686 for CVE-2021-43813", url: "https://bugzilla.suse.com/1193686", }, { category: "external", summary: "SUSE Bug 1193688 for CVE-2021-43813", url: "https://bugzilla.suse.com/1193688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "moderate", }, ], title: "CVE-2021-43813", }, { cve: "CVE-2021-43815", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43815", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43815", url: "https://www.suse.com/security/cve/CVE-2021-43815", }, { category: "external", summary: "SUSE Bug 1193686 for CVE-2021-43815", url: "https://bugzilla.suse.com/1193686", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "moderate", }, ], title: "CVE-2021-43815", }, { cve: "CVE-2022-21673", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21673", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21673", url: "https://www.suse.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "SUSE Bug 1194873 for CVE-2022-21673", url: "https://bugzilla.suse.com/1194873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "moderate", }, ], title: "CVE-2022-21673", }, { cve: "CVE-2022-21702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21702", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21702", url: "https://www.suse.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "SUSE Bug 1195726 for CVE-2022-21702", url: "https://bugzilla.suse.com/1195726", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "moderate", }, ], title: "CVE-2022-21702", }, { cve: "CVE-2022-21703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21703", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21703", url: "https://www.suse.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "SUSE Bug 1195727 for CVE-2022-21703", url: "https://bugzilla.suse.com/1195727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "moderate", }, ], title: "CVE-2022-21703", }, { cve: "CVE-2022-21713", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21713", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21713", url: "https://www.suse.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "SUSE Bug 1195728 for CVE-2022-21713", url: "https://bugzilla.suse.com/1195728", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.3:grafana-8.3.5-150200.3.21.1.x86_64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.aarch64", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.ppc64le", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.s390x", "openSUSE Leap 15.4:grafana-8.3.5-150200.3.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-27T07:20:15Z", details: "moderate", }, ], title: "CVE-2022-21713", }, ], }
suse-su-2022:2134-1
Vulnerability from csaf_suse
Published
2022-06-20 11:42
Modified
2022-06-20 11:42
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Adapted to build on Enterprise Linux.
- Fix build for RedHat 7
- Require Go >= 1.14 also for CentOS
- Add support for CentOS
- Replace %{?systemd_requires} with %{?systemd_ordering}
golang-github-prometheus-alertmanager:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
- Update required Go version to 1.16
- Update to version 0.23.0:
* amtool: Detect version drift and warn users (#2672)
* Add ability to skip TLS verification for amtool (#2663)
* Fix empty isEqual in amtool. (#2668)
* Fix main tests (#2670)
* cli: add new template render command (#2538)
* OpsGenie: refer to alert instead of incident (#2609)
* Docs: target_match and source_match are DEPRECATED (#2665)
* Fix test not waiting for cluster member to be ready
- Added hardening to systemd service(s) (bsc#1181400)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
* Update vendor tarball with prometheus/client_golang 1.11.1
(bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes
Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed
Remove obsolete capture permission denied error patch that is already included upstream
Fix zoneinfo parsing prometheus/procfs#386
Fix nvme collector log noise #2091
Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes
Rename filesystem collector flags to match other collectors #2012
Make node_exporter print usage to STDOUT #203
* Features
Add conntrack statistics metrics #1155
Add ethtool stats collector #1832
Add flag to ignore network speed if it is unknown #1989
Add tapestats collector for Linux #2044
Add nvme collector #2062
* Enhancements
Add ErrorLog plumbing to promhttp #1887
Add more Infiniband counters #2019
netclass: retrieve interface names and filter before parsing #2033
Add time zone offset metric #2060
Handle errors from disabled PSI subsystem #1983
Fix panic when using backwards compatible flags #2000
Fix wrong value for OpenBSD memory buffer cache #2015
Only initiate collectors once #2048
Handle small backwards jumps in CPU idle #2067
- Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535)
grafana:
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)
+ Security:
* Fixes XSS vulnerability in handling data sources
(bsc#1195726, CVE-2022-21702)
* Fixes cross-origin request forgery vulnerability
(bsc#1195727, CVE-2022-21703)
* Fixes Insecure Direct Object Reference vulnerability in Teams
API (bsc#1195728, CVE-2022-21713)
- Update to Go 1.17.
- Add build-time dependency on `wire`.
- Update license to GNU Affero General Public License v3.0.
- Update to version 8.3.4
* GetUserInfo: return an error if no user was found
(bsc#1194873, CVE-2022-21673)
+ Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user
cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource
migration.
+ Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics
dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group
bys.
* Configuration: You can now see your expired API keys if you
have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single
field.
* Export: Fix error being thrown when exporting dashboards
using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and
name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of $__rate_interval variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields
when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when
signing a private plugin.
* Variables: Fix so data source variables are added to adhoc
configuration.
+ Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins
to prevent plugins from crashing.
- Update to version 8.3.3:
* BarChart: Use new data error view component to show actions
in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from
8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the
manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in
InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser
and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram
metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with
multiple fields.
* TraceView: Fix virtualized scrolling when trace view is
opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed
variables.
* Variables: Fix so queryparam option works for scoped
- Update to version 8.3.2
+ Security: Fixes CVE-2021-43813 and CVE-2021-43815.
- Update to version 8.3.1
+ Security: Fixes CVE-2021-43798.
- Update to version 8.3.0
* Alerting: Prevent folders from being deleted when they
contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit
panel.
* Visualizations: Limit y label width to 40% of visualization
width.
* Alerting: Clear alerting rule evaluation errors after
intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges
smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only
sets color.
- Update to version 8.3.0-beta2
+ Breaking changes:
* Grafana 8 Alerting enabled by default for installations that
do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when
upgrading to Grafana 8 alerting.
* Alerting: Create DatasourceError alert if evaluation returns
error.
* Alerting: Make Unified Alerting enabled by default for those
who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api
for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data
sources and to the changelog.
* Plugins Catalog: Enable install controls based on the
pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and
JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo
and Zipkin.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader
introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and
other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access
mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring
spanIDs.
* Tracing: Show start time of trace with milliseconds
precision.
* Variables: Make renamed or missing variable section
expandable.
* Select: Select menus now properly scroll during keyboard
navigation.
- Update to version 8.3.0-beta1
* Alerting: Add UI for contact point testing with custom
annotations and labels.
* Alerting: Make alert state indicator in panel header work
with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT
auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with
Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max
concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram
aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in
the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels
between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating
PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in
Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to
Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via
legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time
fields.
* Variables: Only update panels that are impacted by variable
change.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data
source.
* Azure monitor: Make sure alert rule editor is not enabled
when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to
CodeEditor.
* Dashboard: Remove the current panel from the list of options
in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query
endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* grafana/ui: Enable slider marks display.
- Update to version 8.2.7
- Update to version 8.2.6
* Security: Upgrade Docker base image to Alpine 3.14.3.
* Security: Upgrade Go to 1.17.2.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of
unrelated series.
- Update to version 8.2.5
* Fix No Data behaviour in Legacy Alerting.
* Alerting: Fix a bug where the metric in the evaluation string
was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert
rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL
queries.
* Dashboards: 'Copy' is no longer added to new dashboard
titles.
* DataProxy: Fix overriding response body when response is a
WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field
for date_histogram aggregations.
* Explore: Fix running queries without a datasource property
set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
- Update to version 8.2.4
+ Security: Fixes CVE-2021-41244.
- Update to version 8.2.3
+ Security: Fixes CVE-2021-41174.
- Update to version 8.2.2
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource
filter query.
* Packaging: We removed the ProcSubset option in systemd. This
option prevented Grafana from starting in LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them
more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge,
bar gauge, and pie chart visualizations.
* Alerting: Fix panic when Slack's API sends unexpected
response.
* Alerting: The Create Alert button now appears on the
dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel
disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is
parsed to an object.
* Prometheus: We fixed the issue where the system did not reuse
TCP connections when querying from Grafana alerting.
* Prometheus: We fixed the problem that resulted in an error
when a user created a query with a $__interval min step.
* RowsToFields: We fixed the issue where the system was not
properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data
min = data max.
* Table panel: You can now create a filter that includes
special characters.
- Update to version 8.2.1
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not
found.
* Packaging: Remove systemcallfilters sections from systemd
unit files.
* Prometheus: Add Headers to HTTP client options.
- Update to version 8.2.0
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream
Prometheus AM implementation.
* Alerting: Allows more characters in label names so
notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using
/api/v1/rules endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in
Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with
* CodeEditor: Ensure that we trigger the latest onSave callback
provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Plugins: Create a mock icon component to prevent console
errors.
- Update to version 8.2.0-beta2
* AccessControl: Document new permissions restricting data
source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using
configuration options.
* Alerting: Cleanups alertmanager namespace from key-value
store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new
settings for enabling Grafana 8 alerts and disabling them for
specific organisations.
* CloudWatch: Introduced new math expression where it is
necessary to specify the period field.
* InfluxDB: Added support for $__interval and $__interval_ms in
Flux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end
timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact
with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* Alerting: Fixed an issue where the edit page crashes if you
tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8
alert rules.
* Alerting: Fixed the silence file content generated during
* Analytics: Fixed an issue related to interaction event
propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even
though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables
with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip
error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use
resultFormat.
* Loki: Fixed creating context query for logs with parsed
labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after
an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not
showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh
pages when pressing enter in a text box variable input.
* Variables: Panel no longer crash when using the adhoc
variable in data links.
- Update to version 8.2.0-beta1
* AccessControl: Introduce new permissions to restrict access
for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names,
and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and
Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them
easier to locate.
* Alerting: Support org level isolation of notification
* AzureMonitor: Add data links to deep link to Azure Portal
Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor
Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request
fails in ConfigEditor.
* Chore: Update to Golang 1.16.7.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs
in logs.
* CloudWatch Logs: Disable query path using websockets (Live)
feature.
* CloudWatch/Logs: Don't group dataframes for non time series
* Cloudwatch: Migrate queries that use multiple stats to one
query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource
responses.
* Explore: Add filter by trace or span ID to trace to logs
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields
buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in
tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing
library elements.
* LibraryPanels: Remove library panel icon from the panel
header so you can no longer tell that a panel is a library
panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting
in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number
of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to
backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in
XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or
boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Admin: Prevent user from deleting user's current/active
organization.
* LibraryPanels: Fix library panel getting saved in the
dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip
is set to All.
* Grafana UI: Fix TS error property css is missing in type.
- Update to version 8.1.8
- Update to version 8.1.7
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
- Update to version 8.1.6
+ Security: Fixes CVE-2021-39226.
- Update to version 8.1.5
* BarChart: Fixes panel error that happens on second refresh.
- Update to version 8.1.4
+ Features and enhancements
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
- Update to version 8.1.3
+ Bug fixes
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Docker: Force use of libcrypto1.1 and libssl1.1 versions to
fix CVE-2021-3711.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric
values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being
created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed
correctly.
* Prometheus: Fix validate selector in metrics browser.
* Security: Fix stylesheet injection vulnerability.
* Security: Fix short URL vulnerability.
- Update to version 8.1.2
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible
Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* Toolkit: Fix matchMedia not found error.
- Update to version 8.1.1
* CloudWatch Logs: Fix crash when no region is selected.
- Update to version 8.1.0
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in
everywhere.
* TimeRangePicker: Improve accessibility.
* Annotations: Correct annotations that are displayed upon page
refresh.
* Annotations: Fix Enabled button that disappeared from Grafana
v8.0.6.
* Annotations: Fix data source template variable that was not
available for annotations.
* AzureMonitor: Fix annotations query editor that does not
load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list
* Loki: Update labels in log browser when time range changes in
dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting ->
Normal.
* PasswordField: Prevent a password from being displayed when
you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Security: Update dependencies to fix CVE-2021-36222.
- Update to version 8.1.0-beta3
* Alerting: Support label matcher syntax in alert rule list
filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Docker: Fix builds by delaying go mod verify until all
required files are copied over.
* Exemplars: Fix disable exemplars only on the query that
failed.
* SQL: Fix SQL dataframe resampling (fill mode + time
intervals).
- Update to version 8.1.0-beta2
* Alerting: Expand the value string in alert annotations and
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication
proxy.
* Gazetteer: Update countries.json file to allow for linking to
3-letter country codes.
* Config: Fix Docker builds by correcting formatting in
sample.ini.
* Explore: Fix encoding of internal URLs.
- Update to version 8.1.0-beta1
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Toolkit: Improve error messages when tasks fail.
- Update to version 8.0.7
- Update to version 8.0.6
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
- Update to version 8.0.5
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
- Update to version 8.0.4
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
- Update to version 8.0.3
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
- Update to version 8.0.2
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
- Update to version 8.0.1
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
- Update to version 8.0.0
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
GET /dashboards/db/:slug
GET /dashboard-solo/db/:slug
GET /api/dashboard/db/:slug
DELETE /api/dashboards/db/:slug
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
- Update to version 8.0.0-beta3
* The default HTTP method for Prometheus data source is now
POST.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
- Update to version 8.0.0-beta2
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
* Variables: Refreshes all panels even if panel is full screen.
* QueryField: Remove carriage return character from pasted text.
- Update to version 8.0.0-beta1
+ License update:
* AGPL License: Update license from Apache 2.0 to the GNU
Affero General Public License (AGPL).
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
+ Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and
showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get
the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext
(breaking change).
- Update to version 7.5.13
* Alerting: Fix NoDataFound for alert rules using AND operator.
mgr-cfg:
- Version 4.3.6-1
* Corrected source URL in spec file
* Fix installation problem for SLE15SP4 due missing python-selinux
* Fix python selinux package name depending on build target (bsc#1193600)
* Do not build python 2 package for SLE15SP4 and higher
* Remove unused legacy code
mgr-custom-info:
- Version 4.3.3-1
* Remove unused legacy code
mgr-daemon:
- Version 4.3.4-1
* Corrected source URLs in spec file
* Update translation strings
mgr-osad:
- Version 4.3.6-1
* Corrected source URL in spec file.
* Do not build python 2 package for SLE15SP4 and higher
* Removed spacewalk-selinux dependencies.
* Updated source url.
mgr-push:
- Version 4.3.4-1
* Corrected source URLs in spec file
mgr-virtualization:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
prometheus-blackbox_exporter:
- Enhanced to build on Enterprise Linux 8
prometheus-postgres_exporter:
- Updated for RHEL8.
python-hwdata:
- Require python macros for building
rhnlib:
- Version 4.3.4-1
* Reorganize python files
spacecmd:
- Version 4.3.11-1
* on full system update call schedulePackageUpdate API (bsc#1197507)
* parse boolean paramaters correctly (bsc#1197689)
* Add parameter to set containerized proxy SSH port
* Add proxy config generation subcommand
* Option 'org_createfirst' added to perform initial organization and user creation
* Added gettext build requirement for RHEL.
* Removed RHEL 5 references.
* Include group formulas configuration in spacecmd group_backup and
spacecmd group_restore. This changes backup format to json,
previously used plain text is still supported for reading (bsc#1190462)
* Update translation strings
* Improved event history listing and added new system_eventdetails
command to retrieve the details of an event
* Make schedule_deletearchived to get all actions without display limit
* Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
spacewalk-client-tools:
- Version 4.3.9-1
* Corrected source URLs in spec file.
* do not build python 2 package for SLE15
* Remove unused legacy code
* Update translation strings
spacewalk-koan:
- Version 4.3.5-1
* Corrected source URLs in spec file.
spacewalk-oscap:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
spacewalk-remote-utils:
- Version 4.3.3-1
* Adapt the package for changes in rhnlib
supportutils-plugin-susemanager-client:
- Version 4.3.2-1
* Add proxy containers config and logs
suseRegisterInfo:
- Version 4.3.3-1
* Bump version to 4.3.0
supportutils-plugin-salt:
- Add support for Salt Bundle
uyuni-common-libs:
- Version 4.3.4-1
* implement more decompression algorithms for reposync (bsc#1196704)
* Reorganize python files
* Add decompression of zck files to fileutils
Patchnames
HPE-Helion-OpenStack-8-2022-2134,SUSE-2022-2134,SUSE-OpenStack-Cloud-8-2022-2134,SUSE-OpenStack-Cloud-9-2022-2134,SUSE-OpenStack-Cloud-Crowbar-8-2022-2134,SUSE-OpenStack-Cloud-Crowbar-9-2022-2134,SUSE-SLE-Manager-Tools-12-2022-2134,SUSE-SLE-SAP-12-SP3-2022-2134,SUSE-SLE-SAP-12-SP4-2022-2134,SUSE-SLE-SERVER-12-SP3-2022-2134,SUSE-SLE-SERVER-12-SP3-BCL-2022-2134,SUSE-SLE-SERVER-12-SP4-LTSS-2022-2134,SUSE-SLE-SERVER-12-SP5-2022-2134
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "This update fixes the following issues:\n\ngolang-github-QubitProducts-exporter_exporter:\n\n- Adapted to build on Enterprise Linux.\n- Fix build for RedHat 7\n- Require Go >= 1.14 also for CentOS\n- Add support for CentOS\n- Replace %{?systemd_requires} with %{?systemd_ordering}\n\ngolang-github-prometheus-alertmanager:\n\n- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.\n * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)\n- Update required Go version to 1.16\n- Update to version 0.23.0:\n * amtool: Detect version drift and warn users (#2672)\n * Add ability to skip TLS verification for amtool (#2663)\n * Fix empty isEqual in amtool. (#2668)\n * Fix main tests (#2670)\n * cli: add new template render command (#2538)\n * OpsGenie: refer to alert instead of incident (#2609)\n * Docs: target_match and source_match are DEPRECATED (#2665)\n * Fix test not waiting for cluster member to be ready\n- Added hardening to systemd service(s) (bsc#1181400)\n\ngolang-github-prometheus-node_exporter:\n\n- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.\n * Update vendor tarball with prometheus/client_golang 1.11.1\n (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)\n- Update to 1.3.0\n * [CHANGE] Add path label to rapl collector #2146\n * [CHANGE] Exclude filesystems under /run/credentials #2157\n * [CHANGE] Add TCPTimeouts to netstat default filter #2189\n * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771\n * [FEATURE] Add darwin powersupply collector #1777\n * [FEATURE] Add support for monitoring GPUs on Linux #1998\n * [FEATURE] Add Darwin thermal collector #2032\n * [FEATURE] Add os release collector #2094\n * [FEATURE] Add netdev.address-info collector #2105\n * [FEATURE] Add clocksource metrics to time collector #2197\n * [ENHANCEMENT] Support glob textfile collector directories #1985\n * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080\n * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165\n * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123\n * [ENHANCEMENT] Add DMI collector #2131\n * [ENHANCEMENT] Add threads metrics to processes collector #2164\n * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169\n * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189\n * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208\n * [BUGFIX] ethtool: Sanitize metric names #2093\n * [BUGFIX] Fix ethtool collector for multiple interfaces #2126\n * [BUGFIX] Fix possible panic on macOS #2133\n * [BUGFIX] Collect flag_info and bug_info only for one core #2156\n * [BUGFIX] Prevent duplicate ethtool metric names #2187\n- Update to 1.2.2\n * Bug fixes\n Fix processes collector long int parsing #2112\n- Update to 1.2.1\n * Removed\n Remove obsolete capture permission denied error patch that is already included upstream\n Fix zoneinfo parsing prometheus/procfs#386\n Fix nvme collector log noise #2091\n Fix rapl collector log noise #2092\n- Update to 1.2.0\n * Changes\n Rename filesystem collector flags to match other collectors #2012\n Make node_exporter print usage to STDOUT #203\n * Features\n Add conntrack statistics metrics #1155\n Add ethtool stats collector #1832\n Add flag to ignore network speed if it is unknown #1989\n Add tapestats collector for Linux #2044\n Add nvme collector #2062\n * Enhancements\n Add ErrorLog plumbing to promhttp #1887\n Add more Infiniband counters #2019\n netclass: retrieve interface names and filter before parsing #2033\n Add time zone offset metric #2060\n Handle errors from disabled PSI subsystem #1983\n Fix panic when using backwards compatible flags #2000\n Fix wrong value for OpenBSD memory buffer cache #2015\n Only initiate collectors once #2048\n Handle small backwards jumps in CPU idle #2067\n- Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535)\n\ngrafana:\n\n- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422)\n + Security:\n * Fixes XSS vulnerability in handling data sources\n (bsc#1195726, CVE-2022-21702)\n * Fixes cross-origin request forgery vulnerability\n (bsc#1195727, CVE-2022-21703)\n * Fixes Insecure Direct Object Reference vulnerability in Teams\n API (bsc#1195728, CVE-2022-21713)\n- Update to Go 1.17.\n- Add build-time dependency on `wire`.\n- Update license to GNU Affero General Public License v3.0.\n- Update to version 8.3.4\n * GetUserInfo: return an error if no user was found\n (bsc#1194873, CVE-2022-21673)\n + Features and enhancements:\n * Alerting: Allow configuration of non-ready alertmanagers.\n * Alerting: Allow customization of Google chat message.\n * AppPlugins: Support app plugins with only default nav.\n * InfluxDB: query editor: skip fields in metadata queries.\n * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user\n cancels query in grafana.\n * Prometheus: Forward oauth tokens after prometheus datasource\n migration.\n + Bug fixes:\n * Azure Monitor: Bug fix for variable interpolations in metrics\n dropdowns.\n * Azure Monitor: Improved error messages for variable queries.\n * CloudMonitoring: Fixes broken variable queries that use group\n bys.\n * Configuration: You can now see your expired API keys if you\n have no active ones.\n * Elasticsearch: Fix handling multiple datalinks for a single\n field.\n * Export: Fix error being thrown when exporting dashboards\n using query variables that reference the default datasource.\n * ImportDashboard: Fixes issue with importing dashboard and\n name ending up in uid.\n * Login: Page no longer overflows on mobile.\n * Plugins: Set backend metadata property for core plugins.\n * Prometheus: Fill missing steps with null values.\n * Prometheus: Fix interpolation of $__rate_interval variable.\n * Prometheus: Interpolate variables with curly brackets syntax.\n * Prometheus: Respect the http-method data source setting.\n * Table: Fixes issue with field config applied to wrong fields\n when hiding columns.\n * Toolkit: Fix bug with rootUrls not being properly parsed when\n signing a private plugin.\n * Variables: Fix so data source variables are added to adhoc\n configuration.\n + Plugin development fixes & changes:\n * Toolkit: Revert build config so tslib is bundled with plugins\n to prevent plugins from crashing.\n- Update to version 8.3.3:\n * BarChart: Use new data error view component to show actions\n in panel edit.\n * CloudMonitor: Iterate over pageToken for resources.\n * Macaron: Prevent WriteHeader invalid HTTP status code panic.\n * AnnoListPanel: Fix interpolation of variables in tags.\n * CloudWatch: Allow queries to have no dimensions specified.\n * CloudWatch: Fix broken queries for users migrating from\n 8.2.4/8.2.5 to 8.3.0.\n * CloudWatch: Make sure MatchExact flag gets the right value.\n * Dashboards: Fix so that empty folders can be deleted from the\n manage dashboards/folders page.\n * InfluxDB: Improve handling of metadata query errors in\n InfluxQL.\n * Loki: Fix adding of ad hoc filters for queries with parser\n and line_format expressions.\n * Prometheus: Fix running of exemplar queries for non-histogram\n metrics.\n * Prometheus: Interpolate template variables in interval.\n * StateTimeline: Fix toolitp not showing when for frames with\n multiple fields.\n * TraceView: Fix virtualized scrolling when trace view is\n opened in right pane in Explore.\n * Variables: Fix repeating panels for on time range changed\n variables.\n * Variables: Fix so queryparam option works for scoped\n- Update to version 8.3.2\n + Security: Fixes CVE-2021-43813 and CVE-2021-43815.\n- Update to version 8.3.1\n + Security: Fixes CVE-2021-43798.\n- Update to version 8.3.0\n * Alerting: Prevent folders from being deleted when they\n contain alerts.\n * Alerting: Show full preview value in tooltip.\n * BarGauge: Limit title width when name is really long.\n * CloudMonitoring: Avoid to escape regexps in filters.\n * CloudWatch: Add support for AWS Metric Insights.\n * TooltipPlugin: Remove other panels' shared tooltip in edit\n panel.\n * Visualizations: Limit y label width to 40% of visualization\n width.\n * Alerting: Clear alerting rule evaluation errors after\n intermittent failures.\n * Alerting: Fix refresh on legacy Alert List panel.\n * Dashboard: Fix queries for panels with non-integer widths.\n * Explore: Fix url update inconsistency.\n * Prometheus: Fix range variables interpolation for time ranges\n smaller than 1 second.\n * ValueMappings: Fixes issue with regex value mapping that only\n sets color.\n- Update to version 8.3.0-beta2\n + Breaking changes:\n * Grafana 8 Alerting enabled by default for installations that\n do not use legacy alerting.\n * Keep Last State for 'If execution error or timeout' when\n upgrading to Grafana 8 alerting.\n * Alerting: Create DatasourceError alert if evaluation returns\n error.\n * Alerting: Make Unified Alerting enabled by default for those\n who do not use legacy alerting.\n * Alerting: Support mute timings configuration through the api\n for the embedded alert manager.\n * CloudWatch: Add missing AWS/Events metrics.\n * Docs: Add easier to find deprecation notices to certain data\n sources and to the changelog.\n * Plugins Catalog: Enable install controls based on the\n pluginAdminEnabled flag.\n * Table: Add space between values for the DefaultCell and\n JSONViewCell.\n * Tracing: Make query editors available in dashboard for Tempo\n and Zipkin.\n * AccessControl: Renamed orgs roles, removed fixed:orgs:reader\n introduced in beta1.\n * Azure Monitor: Add trap focus for modals in grafana/ui and\n other small a11y fixes for Azure Monitor.\n * CodeEditor: Prevent suggestions from being clipped.\n * Dashboard: Fix cache timeout persistence.\n * Datasource: Fix stable sort order of query responses.\n * Explore: Fix error in query history when removing last item.\n * Logs: Fix requesting of older logs when flipped order.\n * Prometheus: Fix running of health check query based on access\n mode.\n * TextPanel: Fix suggestions for existing panels.\n * Tracing: Fix incorrect indentations due to reoccurring\n spanIDs.\n * Tracing: Show start time of trace with milliseconds\n precision.\n * Variables: Make renamed or missing variable section\n expandable.\n * Select: Select menus now properly scroll during keyboard\n navigation.\n- Update to version 8.3.0-beta1\n * Alerting: Add UI for contact point testing with custom\n annotations and labels.\n * Alerting: Make alert state indicator in panel header work\n with Grafana 8 alerts.\n * Alerting: Option for Discord notifier to use webhook name.\n * Annotations: Deprecate AnnotationsSrv.\n * Auth: Omit all base64 paddings in JWT tokens for the JWT\n auth.\n * Azure Monitor: Clean up fields when editing Metrics.\n * AzureMonitor: Add new starter dashboards.\n * AzureMonitor: Add starter dashboard for app monitoring with\n Application Insights.\n * Barchart/Time series: Allow x axis label.\n * CLI: Improve error handling for installing plugins.\n * CloudMonitoring: Migrate to use backend plugin SDK contracts.\n * CloudWatch Logs: Add retry strategy for hitting max\n concurrent queries.\n * CloudWatch: Add AWS RoboMaker metrics and dimension.\n * CloudWatch: Add AWS Transfer metrics and dimension.\n * Dashboard: replace datasource name with a reference object.\n * Dashboards: Show logs on time series when hovering.\n * Elasticsearch: Add support for Elasticsearch 8.0 (Beta).\n * Elasticsearch: Add time zone setting to Date Histogram\n aggregation.\n * Elasticsearch: Enable full range log volume histogram.\n * Elasticsearch: Full range logs volume.\n * Explore: Allow changing the graph type.\n * Explore: Show ANSI colors when highlighting matched words in\n the logs panel.\n * Graph(old) panel: Listen to events from Time series panel.\n * Import: Load gcom dashboards from URL.\n * LibraryPanels: Improves export and import of library panels\n between orgs.\n * OAuth: Support PKCE.\n * Panel edit: Overrides now highlight correctly when searching.\n * PanelEdit: Display drag indicators on draggable sections.\n * Plugins: Refactor Plugin Management.\n * Prometheus: Add custom query parameters when creating\n PromLink url.\n * Prometheus: Remove limits on metrics, labels, and values in\n Metrics Browser.\n * StateTimeline: Share cursor with rest of the panels.\n * Tempo: Add error details when json upload fails.\n * Tempo: Add filtering for service graph query.\n * Tempo: Add links to nodes in Service Graph pointing to\n Prometheus metrics.\n * Time series/Bar chart panel: Add ability to sort series via\n legend.\n * TimeSeries: Allow multiple axes for the same unit.\n * TraceView: Allow span links defined on dataFrame.\n * Transformations: Support a rows mode in labels to fields.\n * ValueMappings: Don't apply field config defaults to time\n fields.\n * Variables: Only update panels that are impacted by variable\n change.\n * API: Fix dashboard quota limit for imports.\n * Alerting: Fix rule editor issues with Azure Monitor data\n source.\n * Azure monitor: Make sure alert rule editor is not enabled\n when template variables are being used.\n * CloudMonitoring: Fix annotation queries.\n * CodeEditor: Trigger the latest getSuggestions() passed to\n CodeEditor.\n * Dashboard: Remove the current panel from the list of options\n in the Dashboard datasource.\n * Encryption: Fix decrypting secrets in alerting migration.\n * InfluxDB: Fix corner case where index is too large in ALIAS\n * NavBar: Order App plugins alphabetically.\n * NodeGraph: Fix zooming sensitivity on touchpads.\n * Plugins: Add OAuth pass-through logic to api/ds/query\n endpoint.\n * Snapshots: Fix panel inspector for snapshot data.\n * Tempo: Fix basic auth password reset on adding tag.\n * ValueMapping: Fixes issue with regex mappings.\n * grafana/ui: Enable slider marks display.\n- Update to version 8.2.7\n- Update to version 8.2.6\n * Security: Upgrade Docker base image to Alpine 3.14.3.\n * Security: Upgrade Go to 1.17.2.\n * TimeSeries: Fix fillBelowTo wrongly affecting fills of\n unrelated series.\n- Update to version 8.2.5\n * Fix No Data behaviour in Legacy Alerting.\n * Alerting: Fix a bug where the metric in the evaluation string\n was not correctly populated.\n * Alerting: Fix no data behaviour in Legacy Alerting for alert\n rules using the AND operator.\n * CloudMonitoring: Ignore min and max aggregation in MQL\n queries.\n * Dashboards: 'Copy' is no longer added to new dashboard\n titles.\n * DataProxy: Fix overriding response body when response is a\n WebSocket upgrade.\n * Elasticsearch: Use field configured in query editor as field\n for date_histogram aggregations.\n * Explore: Fix running queries without a datasource property\n set.\n * InfluxDB: Fix numeric aliases in queries.\n * Plugins: Ensure consistent plugin settings list response.\n * Tempo: Fix validation of float durations.\n * Tracing: Correct tags for each span are shown.\n- Update to version 8.2.4\n + Security: Fixes CVE-2021-41244.\n- Update to version 8.2.3\n + Security: Fixes CVE-2021-41174.\n- Update to version 8.2.2\n * Annotations: We have improved tag search performance.\n * Application: You can now configure an error-template title.\n * AzureMonitor: We removed a restriction from the resource\n filter query.\n * Packaging: We removed the ProcSubset option in systemd. This\n option prevented Grafana from starting in LXC environments.\n * Prometheus: We removed the autocomplete limit for metrics.\n * Table: We improved the styling of the type icons to make them\n more distinct from column / field name.\n * ValueMappings: You can now use value mapping in stat, gauge,\n bar gauge, and pie chart visualizations.\n * Alerting: Fix panic when Slack's API sends unexpected\n response.\n * Alerting: The Create Alert button now appears on the\n dashboard panel when you are working with a default\n datasource.\n * Explore: We fixed the problem where the Explore log panel\n disappears when an Elasticsearch logs query returns no\n results.\n * Graph: You can now see annotation descriptions on hover.\n * Logs: The system now uses the JSON parser only if the line is\n parsed to an object.\n * Prometheus: We fixed the issue where the system did not reuse\n TCP connections when querying from Grafana alerting.\n * Prometheus: We fixed the problem that resulted in an error\n when a user created a query with a $__interval min step.\n * RowsToFields: We fixed the issue where the system was not\n properly interpreting number values.\n * Scale: We fixed how the system handles NaN percent when data\n min = data max.\n * Table panel: You can now create a filter that includes\n special characters.\n- Update to version 8.2.1\n * Dashboard: Fix rendering of repeating panels.\n * Datasources: Fix deletion of data source if plugin is not\n found.\n * Packaging: Remove systemcallfilters sections from systemd\n unit files.\n * Prometheus: Add Headers to HTTP client options.\n- Update to version 8.2.0\n * AWS: Updated AWS authentication documentation.\n * Alerting: Added support Alertmanager data source for upstream\n Prometheus AM implementation.\n * Alerting: Allows more characters in label names so\n notifications are sent.\n * Alerting: Get alert rules for a dashboard or a panel using\n /api/v1/rules endpoints.\n * Annotations: Improved rendering performance of event markers.\n * CloudWatch Logs: Skip caching for log queries.\n * Explore: Added an opt-in configuration for Node Graph in\n Jaeger, Zipkin, and Tempo.\n * Packaging: Add stricter systemd unit options.\n * Prometheus: Metrics browser can now handle label values with\n * CodeEditor: Ensure that we trigger the latest onSave callback\n provided to the component.\n * DashboardList/AlertList: Fix for missing All folder value.\n * Plugins: Create a mock icon component to prevent console\n errors.\n- Update to version 8.2.0-beta2\n * AccessControl: Document new permissions restricting data\n source access.\n * TimePicker: Add fiscal years and search to time picker.\n * Alerting: Added support for Unified Alerting with Grafana HA.\n * Alerting: Added support for tune rule evaluation using\n configuration options.\n * Alerting: Cleanups alertmanager namespace from key-value\n store when disabling Grafana 8 alerts.\n * Alerting: Remove ngalert feature toggle and introduce two new\n settings for enabling Grafana 8 alerts and disabling them for\n specific organisations.\n * CloudWatch: Introduced new math expression where it is\n necessary to specify the period field.\n * InfluxDB: Added support for $__interval and $__interval_ms in\n Flux queries for alerting.\n * InfluxDB: Flux queries can use more precise start and end\n timestamps with nanosecond-precision.\n * Plugins Catalog: Make the catalog the default way to interact\n with plugins.\n * Prometheus: Removed autocomplete limit for metrics.\n * Alerting: Fixed an issue where the edit page crashes if you\n tried to preview an alert without a condition set.\n * Alerting: Fixed rules migration to keep existing Grafana 8\n alert rules.\n * Alerting: Fixed the silence file content generated during\n * Analytics: Fixed an issue related to interaction event\n propagation in Azure Application Insights.\n * BarGauge: Fixed an issue where the cell color was lit even\n though there was no data.\n * BarGauge: Improved handling of streaming data.\n * CloudMonitoring: Fixed INT64 label unmarshal error.\n * ConfirmModal: Fixes confirm button focus on modal open.\n * Dashboard: Add option to generate short URL for variables\n with values containing spaces.\n * Explore: No longer hides errors containing refId property.\n * Fixed an issue that produced State timeline panel tooltip\n error when data was not in sync.\n * InfluxDB: InfluxQL query editor is set to always use\n resultFormat.\n * Loki: Fixed creating context query for logs with parsed\n labels.\n * PageToolbar: Fixed alignment of titles.\n * Plugins Catalog: Update to the list of available panels after\n an install, update or uninstall.\n * TimeSeries: Fixed an issue where the shared cursor was not\n showing when hovering over in old Graph panel.\n * Variables: Fixed issues related to change of focus or refresh\n pages when pressing enter in a text box variable input.\n * Variables: Panel no longer crash when using the adhoc\n variable in data links.\n- Update to version 8.2.0-beta1\n * AccessControl: Introduce new permissions to restrict access\n for reloading provisioning configuration.\n * Alerting: Add UI to edit Cortex/Loki namespace, group names,\n and group evaluation interval.\n * Alerting: Add a Test button to test contact point.\n * Alerting: Allow creating/editing recording rules for Loki and\n Cortex.\n * Alerting: Metrics should have the label org instead of user.\n * Alerting: Sort notification channels by name to make them\n easier to locate.\n * Alerting: Support org level isolation of notification\n * AzureMonitor: Add data links to deep link to Azure Portal\n Azure Resource Graph.\n * AzureMonitor: Add support for annotations from Azure Monitor\n Metrics and Azure Resource Graph services.\n * AzureMonitor: Show error message when subscriptions request\n fails in ConfigEditor.\n * Chore: Update to Golang 1.16.7.\n * CloudWatch Logs: Add link to X-Ray data source for trace IDs\n in logs.\n * CloudWatch Logs: Disable query path using websockets (Live)\n feature.\n * CloudWatch/Logs: Don't group dataframes for non time series\n * Cloudwatch: Migrate queries that use multiple stats to one\n query per stat.\n * Dashboard: Keep live timeseries moving left (v2).\n * Datasources: Introduce response_limit for datasource\n responses.\n * Explore: Add filter by trace or span ID to trace to logs\n * Explore: Download traces as JSON in Explore Inspector.\n * Explore: Reuse Dashboard's QueryRows component.\n * Explore: Support custom display label for derived fields\n buttons for Loki datasource.\n * Grafana UI: Update monaco-related dependencies.\n * Graphite: Deprecate browser access mode.\n * InfluxDB: Improve handling of intervals in alerting.\n * InfluxDB: InfluxQL query editor: Handle unusual characters in\n tag values better.\n * Jaeger: Add ability to upload JSON file for trace data.\n * LibraryElements: Enable specifying UID for new and existing\n library elements.\n * LibraryPanels: Remove library panel icon from the panel\n header so you can no longer tell that a panel is a library\n panel from the dashboard view.\n * Logs panel: Scroll to the bottom on page refresh when sorting\n in ascending order.\n * Loki: Add fuzzy search to label browser.\n * Navigation: Implement active state for items in the Sidemenu.\n * Packaging: Update PID file location from /var/run to /run.\n * Plugins: Add Hide OAuth Forward config option.\n * Postgres/MySQL/MSSQL: Add setting to limit the maximum number\n of rows processed.\n * Prometheus: Add browser access mode deprecation warning.\n * Prometheus: Add interpolation for built-in-time variables to\n backend.\n * Tempo: Add ability to upload trace data in JSON format.\n * TimeSeries/XYChart: Allow grid lines visibility control in\n XYChart and TimeSeries panels.\n * Transformations: Convert field types to time string number or\n boolean.\n * Value mappings: Add regular-expression based value mapping.\n * Zipkin: Add ability to upload trace JSON.\n * Admin: Prevent user from deleting user's current/active\n organization.\n * LibraryPanels: Fix library panel getting saved in the\n dashboard's folder.\n * OAuth: Make generic teams URL and JMES path configurable.\n * QueryEditor: Fix broken copy-paste for mouse middle-click\n * Thresholds: Fix undefined color in 'Add threshold'.\n * Timeseries: Add wide-to-long, and fix multi-frame output.\n * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip\n is set to All.\n * Grafana UI: Fix TS error property css is missing in type.\n- Update to version 8.1.8\n- Update to version 8.1.7\n * Alerting: Fix alerts with evaluation interval more than 30\n seconds resolving before notification.\n * Elasticsearch/Prometheus: Fix usage of proper SigV4 service\n namespace.\n- Update to version 8.1.6\n + Security: Fixes CVE-2021-39226.\n- Update to version 8.1.5\n * BarChart: Fixes panel error that happens on second refresh.\n- Update to version 8.1.4\n + Features and enhancements\n * Explore: Ensure logs volume bar colors match legend colors.\n * LDAP: Search all DNs for users.\n * Alerting: Fix notification channel migration.\n * Annotations: Fix blank panels for queries with unknown data\n sources.\n * BarChart: Fix stale values and x axis labels.\n * Graph: Make old graph panel thresholds work even if ngalert\n is enabled.\n * InfluxDB: Fix regex to identify / as separator.\n * LibraryPanels: Fix update issues related to library panels in\n rows.\n * Variables: Fix variables not updating inside a Panel when the\n preceding Row uses 'Repeat For'.\n- Update to version 8.1.3\n + Bug fixes\n * Alerting: Fix alert flapping in the internal alertmanager.\n * Alerting: Fix request handler failed to convert dataframe\n 'results' to plugins.DataTimeSeriesSlice: input frame is not\n recognized as a time series.\n * Dashboard: Fix UIDs are not preserved when importing/creating\n dashboards thru importing .json file.\n * Dashboard: Forces panel re-render when exiting panel edit.\n * Dashboard: Prevent folder from changing when navigating to\n general settings.\n * Docker: Force use of libcrypto1.1 and libssl1.1 versions to\n fix CVE-2021-3711.\n * Elasticsearch: Fix metric names for alert queries.\n * Elasticsearch: Limit Histogram field parameter to numeric\n values.\n * Elasticsearch: Prevent pipeline aggregations to show up in\n terms order by options.\n * LibraryPanels: Prevent duplicate repeated panels from being\n created.\n * Loki: Fix ad-hoc filter in dashboard when used with parser.\n * Plugins: Track signed files + add warn log for plugin assets\n which are not signed.\n * Postgres/MySQL/MSSQL: Fix region annotations not displayed\n correctly.\n * Prometheus: Fix validate selector in metrics browser.\n * Security: Fix stylesheet injection vulnerability.\n * Security: Fix short URL vulnerability.\n- Update to version 8.1.2\n * AzureMonitor: Add support for PostgreSQL and MySQL Flexible\n Servers.\n * Datasource: Change HTTP status code for failed datasource\n health check to 400.\n * Explore: Add span duration to left panel in trace viewer.\n * Plugins: Use file extension allowlist when serving plugin\n assets instead of checking for UNIX executable.\n * Profiling: Add support for binding pprof server to custom\n network interfaces.\n * Search: Make search icon keyboard navigable.\n * Template variables: Keyboard navigation improvements.\n * Tooltip: Display ms within minute time range.\n * Alerting: Fix saving LINE contact point.\n * Annotations: Fix alerting annotation coloring.\n * Annotations: Alert annotations are now visible in the correct\n Panel.\n * Auth: Hide SigV4 config UI and disable middleware when its\n config flag is disabled.\n * Dashboard: Prevent incorrect panel layout by comparing window\n width against theme breakpoints.\n * Explore: Fix showing of full log context.\n * PanelEdit: Fix 'Actual' size by passing the correct panel\n size to Dashboard.\n * Plugins: Fix TLS datasource settings.\n * Variables: Fix issue with empty drop downs on navigation.\n * Variables: Fix URL util converting false into true.\n * Toolkit: Fix matchMedia not found error.\n- Update to version 8.1.1\n * CloudWatch Logs: Fix crash when no region is selected.\n- Update to version 8.1.0\n * Alerting: Deduplicate receivers during migration.\n * ColorPicker: Display colors as RGBA.\n * Select: Make portalling the menu opt-in, but opt-in\n everywhere.\n * TimeRangePicker: Improve accessibility.\n * Annotations: Correct annotations that are displayed upon page\n refresh.\n * Annotations: Fix Enabled button that disappeared from Grafana\n v8.0.6.\n * Annotations: Fix data source template variable that was not\n available for annotations.\n * AzureMonitor: Fix annotations query editor that does not\n load.\n * Geomap: Fix scale calculations.\n * GraphNG: Fix y-axis autosizing.\n * Live: Display stream rate and fix duplicate channels in list\n * Loki: Update labels in log browser when time range changes in\n dashboard.\n * NGAlert: Send resolve signal to alertmanager on alerting ->\n Normal.\n * PasswordField: Prevent a password from being displayed when\n you click the Enter button.\n * Renderer: Remove debug.log file when Grafana is stopped.\n * Security: Update dependencies to fix CVE-2021-36222.\n- Update to version 8.1.0-beta3\n * Alerting: Support label matcher syntax in alert rule list\n filter.\n * IconButton: Put tooltip text as aria-label.\n * Live: Experimental HA with Redis.\n * UI: FileDropzone component.\n * CloudWatch: Add AWS LookoutMetrics.\n * Docker: Fix builds by delaying go mod verify until all\n required files are copied over.\n * Exemplars: Fix disable exemplars only on the query that\n failed.\n * SQL: Fix SQL dataframe resampling (fill mode + time\n intervals).\n- Update to version 8.1.0-beta2\n * Alerting: Expand the value string in alert annotations and\n * Auth: Add Azure HTTP authentication middleware.\n * Auth: Auth: Pass user role when using the authentication\n proxy.\n * Gazetteer: Update countries.json file to allow for linking to\n 3-letter country codes.\n * Config: Fix Docker builds by correcting formatting in\n sample.ini.\n * Explore: Fix encoding of internal URLs.\n- Update to version 8.1.0-beta1\n * Alerting: Add Alertmanager notifications tab.\n * Alerting: Add button to deactivate current Alertmanager\n * Alerting: Add toggle in Loki/Prometheus data source\n configuration to opt out of alerting UI.\n * Alerting: Allow any 'evaluate for' value >=0 in the alert\n rule form.\n * Alerting: Load default configuration from status endpoint, if\n Cortex Alertmanager returns empty user configuration. \n * Alerting: view to display alert rule and its underlying data.\n * Annotation panel: Release the annotation panel.\n * Annotations: Add typeahead support for tags in built-in\n annotations.\n * AzureMonitor: Add curated dashboards for Azure services.\n * AzureMonitor: Add support for deep links to Microsoft Azure\n portal for Metrics.\n * AzureMonitor: Remove support for different credentials for\n Azure Monitor Logs.\n * AzureMonitor: Support querying any Resource for Logs queries.\n * Elasticsearch: Add frozen indices search support.\n * Elasticsearch: Name fields after template variables values\n instead of their name.\n * Elasticsearch: add rate aggregation.\n * Email: Allow configuration of content types for email\n notifications.\n * Explore: Add more meta information when line limit is hit.\n * Explore: UI improvements to trace view.\n * FieldOverrides: Added support to change display name in an\n override field and have it be matched by a later rule.\n * HTTP Client: Introduce dataproxy_max_idle_connections config\n variable.\n * InfluxDB: InfluxQL: adds tags to timeseries data.\n * InfluxDB: InfluxQL: make measurement search case insensitive.\n Legacy Alerting: Replace simplejson with a struct in webhook\n notification channel.\n * Legend: Updates display name for Last (not null) to just\n Last*.\n * Logs panel: Add option to show common labels.\n * Loki: Add $__range variable.\n * Loki: Add support for 'label_values(log stream selector,\n label)' in templating.\n * Loki: Add support for ad-hoc filtering in dashboard.\n * MySQL Datasource: Add timezone parameter.\n * NodeGraph: Show gradient fields in legend.\n * PanelOptions: Don't mutate panel options/field config object\n when updating.\n * PieChart: Make pie gradient more subtle to match other\n charts.\n * Prometheus: Update PromQL typeahead and highlighting.\n * Prometheus: interpolate variable for step field.\n * Provisioning: Improve validation by validating across all\n dashboard providers.\n * SQL Datasources: Allow multiple string/labels columns with\n time series.\n * Select: Portal select menu to document.body.\n * Team Sync: Add group mapping to support team sync in the\n Generic OAuth provider.\n * Tooltip: Make active series more noticeable.\n * Tracing: Add support to configure trace to logs start and end\n time.\n * Transformations: Skip merge when there is only a single data\n frame.\n * ValueMapping: Added support for mapping text to color,\n boolean values, NaN and Null. Improved UI for value mapping.\n * Visualizations: Dynamically set any config (min, max, unit,\n color, thresholds) from query results.\n * live: Add support to handle origin without a value for the\n port when matching with root_url.\n * Alerting: Handle marshaling Inf values.\n * AzureMonitor: Fix macro resolution for template variables.\n * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes\n resources.\n * AzureMonitor: Request and concat subsequent resource pages.\n * Bug: Fix parse duration for day.\n * Datasources: Improve error handling for error messages.\n * Explore: Correct the functionality of shift-enter shortcut\n across all uses.\n * Explore: Show all dataFrames in data tab in Inspector.\n * GraphNG: Fix Tooltip mode 'All' for XYChart.\n * Loki: Fix highlight of logs when using filter expressions\n with backticks.\n * Modal: Force modal content to overflow with scroll.\n * Plugins: Ignore symlinked folders when verifying plugin\n signature.\n * Toolkit: Improve error messages when tasks fail.\n- Update to version 8.0.7\n- Update to version 8.0.6\n * Alerting: Add annotation upon alert state change.\n * Alerting: Allow space in label and annotation names.\n * InfluxDB: Improve legend labels for InfluxDB query results.\n * Alerting: Fix improper alert by changing the handling of\n empty labels.\n * CloudWatch/Logs: Reestablish Cloud Watch alert behavior.\n * Dashboard: Avoid migration breaking on fieldConfig without\n defaults field in folded panel.\n * DashboardList: Fix issue not re-fetching dashboard list after\n variable change.\n * Database: Fix incorrect format of isolation level\n configuration parameter for MySQL.\n * InfluxDB: Correct tag filtering on InfluxDB data.\n * Links: Fix links that caused a full page reload.\n * Live: Fix HTTP error when InfluxDB metrics have an incomplete\n or asymmetrical field set.\n * Postgres/MySQL/MSSQL: Change time field to 'Time' for time\n series queries.\n * Postgres: Fix the handling of a null return value in query\n * Tempo: Show hex strings instead of uints for IDs.\n * TimeSeries: Improve tooltip positioning when tooltip\n overflows.\n * Transformations: Add 'prepare time series' transformer.\n- Update to version 8.0.5\n * Cloudwatch Logs: Send error down to client.\n * Folders: Return 409 Conflict status when folder already\n exists.\n * TimeSeries: Do not show series in tooltip if it's hidden in\n the viz.\n * AzureMonitor: Fix issue where resource group name is missing\n on the resource picker button.\n * Chore: Fix AWS auth assuming role with workspace IAM.\n * DashboardQueryRunner: Fixes unrestrained subscriptions being\n * DateFormats: Fix reading correct setting key for\n use_browser_locale.\n * Links: Fix links to other apps outside Grafana when under sub\n path.\n * Snapshots: Fix snapshot absolute time range issue.\n * Table: Fix data link color.\n * Time Series: Fix X-axis time format when tick increment is\n larger than a year.\n * Tooltip Plugin: Prevent tooltip render if field is undefined.\n- Update to version 8.0.4\n * Live: Rely on app url for origin check.\n * PieChart: Sort legend descending, update placeholder.\n * TimeSeries panel: Do not reinitialize plot when thresholds\n mode change.\n * Elasticsearch: Allow case sensitive custom options in\n date_histogram interval.\n * Elasticsearch: Restore previous field naming strategy when\n using variables.\n * Explore: Fix import of queries between SQL data sources.\n * InfluxDB: InfluxQL query editor: fix retention policy\n handling.\n * Loki: Send correct time range in template variable queries.\n * TimeSeries: Preserve RegExp series overrides when migrating\n from old graph panel.\n- Update to version 8.0.3\n * Alerting: Increase alertmanager_conf column if MySQL.\n * Time series/Bar chart panel: Handle infinite numbers as nulls\n when converting to plot array.\n * TimeSeries: Ensure series overrides that contain color are\n migrated, and migrate the previous fieldConfig when changing\n the panel type.\n * ValueMappings: Improve singlestat value mappings migration.\n * Annotations: Fix annotation line and marker colors.\n * AzureMonitor: Fix KQL template variable queries without\n default workspace.\n * CloudWatch/Logs: Fix missing response data for log queries.\n * LibraryPanels: Fix crash in library panels list when panel\n plugin is not found.\n * LogsPanel: Fix performance drop when moving logs panel in\n * Loki: Parse log levels when ANSI coloring is enabled.\n * MSSQL: Fix issue with hidden queries still being executed.\n * PanelEdit: Display the VisualizationPicker that was not\n displayed if a panel has an unknown panel plugin.\n * Plugins: Fix loading symbolically linked plugins.\n * Prometheus: Fix issue where legend name was replaced with\n name Value in stat and gauge panels.\n * State Timeline: Fix crash when hovering over panel.\n- Update to version 8.0.2\n * Datasource: Add support for max_conns_per_host in dataproxy\n settings.\n * Configuration: Fix changing org preferences in FireFox.\n * PieChart: Fix legend dimension limits.\n * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.\n * Variables: Hide default data source if missing from regex.\n- Update to version 8.0.1\n * Alerting/SSE: Fix 'count_non_null' reducer validation.\n * Cloudwatch: Fix duplicated time series.\n * Cloudwatch: Fix missing defaultRegion.\n * Dashboard: Fix Dashboard init failed error on dashboards with\n old singlestat panels in collapsed rows.\n * Datasource: Fix storing timeout option as numeric.\n * Postgres/MySQL/MSSQL: Fix annotation parsing for empty\n * Postgres/MySQL/MSSQL: Numeric/non-string values are now\n returned from query variables.\n * Postgres: Fix an error that was thrown when the annotation\n query did not return any results.\n * StatPanel: Fix an issue with the appearance of the graph when\n switching color mode.\n * Visualizations: Fix an issue in the\n Stat/BarGauge/Gauge/PieChart panels where all values mode\n were showing the same name if they had the same value.\n * Toolkit: Resolve external fonts when Grafana is served from a\n sub path.\n- Update to version 8.0.0\n * The following endpoints were deprecated for Grafana v5.0 and\n support for them has now been removed:\n GET /dashboards/db/:slug\n GET /dashboard-solo/db/:slug\n GET /api/dashboard/db/:slug\n DELETE /api/dashboards/db/:slug\n * AzureMonitor: Require default subscription for workspaces()\n template variable query.\n * AzureMonitor: Use resource type display names in the UI.\n * Dashboard: Remove support for loading and deleting dashboard\n by slug.\n * InfluxDB: Deprecate direct browser access in data source.\n * VizLegend: Add a read-only property.\n * AzureMonitor: Fix Azure Resource Graph queries in Azure\n China.\n * Checkbox: Fix vertical layout issue with checkboxes due to\n fixed height.\n * Dashboard: Fix Table view when editing causes the panel data\n to not update.\n * Dashboard: Fix issues where unsaved-changes warning is not\n displayed.\n * Login: Fixes Unauthorized message showing when on login page\n or snapshot page.\n * NodeGraph: Fix sorting markers in grid view.\n * Short URL: Include orgId in generated short URLs.\n * Variables: Support raw values of boolean type.\n- Update to version 8.0.0-beta3\n * The default HTTP method for Prometheus data source is now\n POST.\n * API: Support folder UID in dashboards API.\n * Alerting: Add support for configuring avatar URL for the\n Discord notifier.\n * Alerting: Clarify that Threema Gateway Alerts support only\n Basic IDs.\n * Azure: Expose Azure settings to external plugins.\n * AzureMonitor: Deprecate using separate credentials for Azure\n Monitor Logs.\n * AzureMonitor: Display variables in resource picker for Azure\n * AzureMonitor: Hide application insights for data sources not\n using it.\n * AzureMonitor: Support querying subscriptions and resource\n groups in Azure Monitor Logs.\n * AzureMonitor: remove requirement for default subscription.\n * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.\n * CloudWatch: Add missing AWS AppSync metrics.\n * ConfirmModal: Auto focus delete button.\n * Explore: Add caching for queries that are run from logs\n * Loki: Add formatting for annotations.\n * Loki: Bring back processed bytes as meta information.\n * NodeGraph: Display node graph collapsed by default with trace\n view.\n * Overrides: Include a manual override option to hide something\n from visualization.\n * PieChart: Support row data in pie charts.\n * Prometheus: Update default HTTP method to POST for existing\n data sources.\n * Time series panel: Position tooltip correctly when window is\n scrolled or resized.\n * Admin: Fix infinite loading edit on the profile page.\n * Color: Fix issues with random colors in string and date\n * Dashboard: Fix issue with title or folder change has no\n effect after exiting settings view.\n * DataLinks: Fix an issue __series.name is not working in data\n link.\n * Datasource: Fix dataproxy timeout should always be applied\n for outgoing data source HTTP requests.\n * Elasticsearch: Fix NewClient not passing httpClientProvider\n to client impl.\n * Explore: Fix Browser title not updated on Navigation to\n Explore.\n * GraphNG: Remove fieldName and hideInLegend properties from\n UPlotSeriesBuilder.\n * OAuth: Fix fallback to auto_assign_org_role setting for Azure\n AD OAuth when no role claims exists.\n * PanelChrome: Fix issue with empty panel after adding a non\n data panel and coming back from panel edit.\n * StatPanel: Fix data link tooltip not showing for single\n value.\n * Table: Fix sorting for number fields.\n * Table: Have text underline for datalink, and add support for\n image datalink.\n * Transformations: Prevent FilterByValue transform from\n crashing panel edit.\n- Update to version 8.0.0-beta2\n * AppPlugins: Expose react-router to apps.\n * AzureMonitor: Add Azure Resource Graph.\n * AzureMonitor: Managed Identity configuration UI.\n * AzureMonitor: Token provider with support for Managed\n Identities.\n * AzureMonitor: Update Logs workspace() template variable query\n to return resource URIs.\n * BarChart: Value label sizing.\n * CloudMonitoring: Add support for preprocessing.\n * CloudWatch: Add AWS/EFS StorageBytes metric.\n * CloudWatch: Allow use of missing AWS namespaces using custom\n * Datasource: Shared HTTP client provider for core backend data\n sources and any data source using the data source proxy.\n * InfluxDB: InfluxQL: allow empty tag values in the query\n editor.\n * Instrumentation: Instrument incoming HTTP request with\n histograms by default.\n * Library Panels: Add name endpoint & unique name validation to\n AddLibraryPanelModal.\n * Logs panel: Support details view.\n * PieChart: Always show the calculation options dropdown in the\n * PieChart: Remove beta flag.\n * Plugins: Enforce signing for all plugins.\n * Plugins: Remove support for deprecated backend plugin\n protocol version.\n * Tempo/Jaeger: Add better display name to legend.\n * Timeline: Add time range zoom.\n * Timeline: Adds opacity & line width option.\n * Timeline: Value text alignment option.\n * ValueMappings: Add duplicate action, and disable dismiss on\n backdrop click.\n * Zipkin: Add node graph view to trace response.\n * Annotations panel: Remove subpath from dashboard links.\n * Content Security Policy: Allow all image sources by default.\n * Content Security Policy: Relax default template wrt. loading\n of scripts, due to nonces not working.\n * Datasource: Fix tracing propagation for alert execution by\n introducing HTTP client outgoing tracing middleware.\n * InfluxDB: InfluxQL always apply time interval end.\n * Library Panels: Fixes 'error while loading library panels'.\n * NewsPanel: Fixes rendering issue in Safari.\n * PanelChrome: Fix queries being issued again when scrolling in\n and out of view.\n * Plugins: Fix Azure token provider cache panic and auth param\n nil value.\n * Snapshots: Fix key and deleteKey being ignored when creating\n an external snapshot.\n * Table: Fix issue with cell border not showing with colored\n background cells.\n * Table: Makes tooltip scrollable for long JSON values.\n * TimeSeries: Fix for Connected null values threshold toggle\n during panel editing.\n * Variables: Fixes inconsistent selected states on dashboard\n * Variables: Refreshes all panels even if panel is full screen.\n * QueryField: Remove carriage return character from pasted text.\n- Update to version 8.0.0-beta1\n + License update:\n * AGPL License: Update license from Apache 2.0 to the GNU\n Affero General Public License (AGPL).\n * Removes the never refresh option for Query variables.\n * Removes the experimental Tags feature for Variables.\n + Deprecations:\n * The InfoBox & FeatureInfoBox are now deprecated please use\n the Alert component instead with severity info.\n * API: Add org users with pagination.\n * API: Return 404 when deleting nonexistent API key.\n * API: Return query results as JSON rather than base64 encoded\n Arrow.\n * Alerting: Allow sending notification tags to Opsgenie as\n extra properties.\n * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with\n Alert.\n * Auth: Add support for JWT Authentication.\n * AzureMonitor: Add support for\n Microsoft.SignalRService/SignalR metrics.\n * AzureMonitor: Azure settings in Grafana server config.\n * AzureMonitor: Migrate Metrics query editor to React.\n * BarChart panel: enable series toggling via legend.\n * BarChart panel: Adds support for Tooltip in BarChartPanel.\n * PieChart panel: Change look of highlighted pie slices.\n * CloudMonitoring: Migrate config editor from angular to react.\n * CloudWatch: Add Amplify Console metrics and dimensions.\n * CloudWatch: Add missing Redshift metrics to CloudWatch data\n * CloudWatch: Add metrics for managed RabbitMQ service.\n * DashboardList: Enable templating on search tag input.\n * Datasource config: correctly remove single custom http\n header.\n * Elasticsearch: Add generic support for template variables.\n * Elasticsearch: Allow omitting field when metric supports\n inline script.\n * Elasticsearch: Allow setting a custom limit for log queries.\n * Elasticsearch: Guess field type from first non-empty value.\n * Elasticsearch: Use application/x-ndjson content type for\n multisearch requests.\n * Elasticsearch: Use semver strings to identify ES version.\n * Explore: Add logs navigation to request more logs.\n * Explore: Map Graphite queries to Loki.\n * Explore: Scroll split panes in Explore independently.\n * Explore: Wrap each panel in separate error boundary.\n * FieldDisplay: Smarter naming of stat values when visualising\n row values (all values) in stat panels.\n * Graphite: Expand metric names for variables.\n * Graphite: Handle unknown Graphite functions without breaking\n the visual editor.\n * Graphite: Show graphite functions descriptions.\n * Graphite: Support request cancellation properly (Uses new\n backendSrv.fetch Observable request API).\n * InfluxDB: Flux: Improve handling of complex\n response-structures.\n * InfluxDB: Support region annotations.\n * Inspector: Download logs for manual processing.\n * Jaeger: Add node graph view for trace.\n * Jaeger: Search traces.\n * Loki: Use data source settings for alerting queries.\n * NodeGraph: Exploration mode.\n * OAuth: Add support for empty scopes.\n * PanelChrome: New logic-less emotion based component with no\n dependency on PanelModel or DashboardModel.\n * PanelEdit: Adds a table view toggle to quickly view data in\n table form.\n * PanelEdit: Highlight matched words when searching options.\n * PanelEdit: UX improvements.\n * Plugins: PanelRenderer and simplified QueryRunner to be used\n from plugins.\n * Plugins: AuthType in route configuration and params\n interpolation.\n * Plugins: Enable plugin runtime install/uninstall\n capabilities.\n * Plugins: Support set body content in plugin routes.\n * Plugins: Introduce marketplace app.\n * Plugins: Moving the DataSourcePicker to grafana/runtime so it\n can be reused in plugins.\n * Prometheus: Add custom query params for alert and exemplars\n * Prometheus: Use fuzzy string matching to autocomplete metric\n names and label.\n * Routing: Replace Angular routing with react-router.\n * Slack: Use chat.postMessage API by default.\n * Tempo: Search for Traces by querying Loki directly from\n Tempo.\n * Tempo: Show graph view of the trace.\n * Themes: Switch theme without reload using global shortcut.\n * TimeSeries panel: Add support for shared cursor.\n * TimeSeries panel: Do not crash the panel if there is no time\n series data in the response.\n * Variables: Do not save repeated panels, rows and scopedVars.\n * Variables: Removes experimental Tags feature.\n * Variables: Removes the never refresh option.\n * Visualizations: Unify tooltip options across visualizations.\n * Visualizations: Refactor and unify option creation between\n new visualizations.\n * Visualizations: Remove singlestat panel.\n * APIKeys: Fixes issue with adding first api key.\n * Alerting: Add checks for non supported units - disable\n defaulting to seconds.\n * Alerting: Fix issue where Slack notifications won't link to\n user IDs.\n * Alerting: Omit empty message in PagerDuty notifier.\n * AzureMonitor: Fix migration error from older versions of App\n Insights queries.\n * CloudWatch: Fix AWS/Connect dimensions.\n * CloudWatch: Fix broken AWS/MediaTailor dimension name.\n * Dashboards: Allow string manipulation as advanced variable\n format option.\n * DataLinks: Includes harmless extended characters like\n Cyrillic characters.\n * Drawer: Fixes title overflowing its container.\n * Explore: Fix issue when some query errors were not shown.\n * Generic OAuth: Prevent adding duplicated users.\n * Graphite: Handle invalid annotations.\n * Graphite: Fix autocomplete when tags are not available.\n * InfluxDB: Fix Cannot read property 'length' of undefined in\n when parsing response.\n * Instrumentation: Enable tracing when Jaeger host and port are\n * Instrumentation: Prefix metrics with grafana.\n * MSSQL: By default let driver choose port.\n * OAuth: Add optional strict parsing of role_attribute_path.\n * Panel: Fixes description markdown with inline code being\n rendered on newlines and full width.\n * PanelChrome: Ignore data updates & errors for non data\n panels.\n * Permissions: Fix inherited folder permissions can prevent new\n permissions being added to a dashboard.\n * Plugins: Remove pre-existing plugin installs when installing\n with grafana-cli.\n * Plugins: Support installing to folders with whitespace and\n fix pluginUrl trailing and leading whitespace failures.\n * Postgres/MySQL/MSSQL: Don't return connection failure details\n to the client.\n * Postgres: Fix ms precision of interval in time group macro\n when TimescaleDB is enabled.\n * Provisioning: Use dashboard checksum field as change\n indicator.\n * SQL: Fix so that all captured errors are returned from sql\n engine.\n * Shortcuts: Fixes panel shortcuts so they always work.\n * Table: Fixes so border is visible for cells with links.\n * Variables: Clear query when data source type changes.\n * Variables: Filters out builtin variables from unknown list.\n * Button: Introduce buttonStyle prop.\n * DataQueryRequest: Remove deprecated props showingGraph and\n showingTabel and exploreMode.\n * grafana/ui: Update React Hook Form to v7.\n * IconButton: Introduce variant for red and blue icon buttons.\n * Plugins: Expose the getTimeZone function to be able to get\n the current selected timeZone.\n * TagsInput: Add className to TagsInput.\n * VizLegend: Move onSeriesColorChanged to PanelContext\n (breaking change).\n- Update to version 7.5.13\n * Alerting: Fix NoDataFound for alert rules using AND operator.\n\nmgr-cfg:\n\n- Version 4.3.6-1\n * Corrected source URL in spec file\n * Fix installation problem for SLE15SP4 due missing python-selinux\n * Fix python selinux package name depending on build target (bsc#1193600)\n * Do not build python 2 package for SLE15SP4 and higher\n * Remove unused legacy code\n\nmgr-custom-info:\n\n- Version 4.3.3-1\n * Remove unused legacy code\n\nmgr-daemon:\n\n- Version 4.3.4-1\n * Corrected source URLs in spec file\n * Update translation strings\n\nmgr-osad:\n\n- Version 4.3.6-1\n * Corrected source URL in spec file.\n * Do not build python 2 package for SLE15SP4 and higher\n * Removed spacewalk-selinux dependencies.\n * Updated source url.\n\nmgr-push:\n\n- Version 4.3.4-1\n * Corrected source URLs in spec file\n\nmgr-virtualization:\n\n- Version 4.3.5-1\n * Corrected source URLs in spec file.\n * Do not build python 2 package for SLE15SP4 and higher\n\nprometheus-blackbox_exporter:\n\n- Enhanced to build on Enterprise Linux 8\n\nprometheus-postgres_exporter:\n\n- Updated for RHEL8.\n\npython-hwdata:\n\n- Require python macros for building\n\nrhnlib:\n\n- Version 4.3.4-1\n * Reorganize python files\n\nspacecmd:\n\n- Version 4.3.11-1\n * on full system update call schedulePackageUpdate API (bsc#1197507)\n * parse boolean paramaters correctly (bsc#1197689)\n * Add parameter to set containerized proxy SSH port\n * Add proxy config generation subcommand\n * Option 'org_createfirst' added to perform initial organization and user creation\n * Added gettext build requirement for RHEL.\n * Removed RHEL 5 references.\n * Include group formulas configuration in spacecmd group_backup and\n spacecmd group_restore. This changes backup format to json,\n previously used plain text is still supported for reading (bsc#1190462)\n * Update translation strings\n * Improved event history listing and added new system_eventdetails \n command to retrieve the details of an event\n * Make schedule_deletearchived to get all actions without display limit\n * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)\n\nspacewalk-client-tools:\n\n- Version 4.3.9-1\n * Corrected source URLs in spec file.\n * do not build python 2 package for SLE15\n * Remove unused legacy code\n * Update translation strings\n\nspacewalk-koan:\n\n- Version 4.3.5-1\n * Corrected source URLs in spec file.\n\nspacewalk-oscap:\n\n- Version 4.3.5-1\n * Corrected source URLs in spec file.\n * Do not build python 2 package for SLE15SP4 and higher\n\nspacewalk-remote-utils:\n\n- Version 4.3.3-1\n * Adapt the package for changes in rhnlib\n\nsupportutils-plugin-susemanager-client:\n\n- Version 4.3.2-1\n * Add proxy containers config and logs\n\nsuseRegisterInfo:\n\n- Version 4.3.3-1\n * Bump version to 4.3.0\n\nsupportutils-plugin-salt:\n\n- Add support for Salt Bundle\n\nuyuni-common-libs:\n\n- Version 4.3.4-1\n * implement more decompression algorithms for reposync (bsc#1196704)\n * Reorganize python files\n * Add decompression of zck files to fileutils\n\n", title: "Description of the patch", }, { category: "details", text: "HPE-Helion-OpenStack-8-2022-2134,SUSE-2022-2134,SUSE-OpenStack-Cloud-8-2022-2134,SUSE-OpenStack-Cloud-9-2022-2134,SUSE-OpenStack-Cloud-Crowbar-8-2022-2134,SUSE-OpenStack-Cloud-Crowbar-9-2022-2134,SUSE-SLE-Manager-Tools-12-2022-2134,SUSE-SLE-SAP-12-SP3-2022-2134,SUSE-SLE-SAP-12-SP4-2022-2134,SUSE-SLE-SERVER-12-SP3-2022-2134,SUSE-SLE-SERVER-12-SP3-BCL-2022-2134,SUSE-SLE-SERVER-12-SP4-LTSS-2022-2134,SUSE-SLE-SERVER-12-SP5-2022-2134", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2134-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:2134-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20222134-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:2134-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011316.html", }, { category: "self", summary: "SUSE Bug 1181223", url: "https://bugzilla.suse.com/1181223", }, { category: "self", summary: "SUSE Bug 1181400", url: "https://bugzilla.suse.com/1181400", }, { category: "self", summary: "SUSE Bug 1190462", url: "https://bugzilla.suse.com/1190462", }, { category: "self", summary: "SUSE Bug 1190535", url: "https://bugzilla.suse.com/1190535", }, { category: "self", summary: "SUSE Bug 1193600", url: "https://bugzilla.suse.com/1193600", }, { category: "self", summary: "SUSE Bug 1194873", url: "https://bugzilla.suse.com/1194873", }, { category: "self", summary: "SUSE Bug 1195726", url: "https://bugzilla.suse.com/1195726", }, { category: "self", summary: "SUSE Bug 1195727", url: "https://bugzilla.suse.com/1195727", }, { category: "self", summary: "SUSE Bug 1195728", url: "https://bugzilla.suse.com/1195728", }, { category: "self", summary: "SUSE Bug 1196338", url: "https://bugzilla.suse.com/1196338", }, { category: "self", summary: "SUSE Bug 1196704", url: "https://bugzilla.suse.com/1196704", }, { category: "self", summary: "SUSE Bug 1197507", url: "https://bugzilla.suse.com/1197507", }, { category: "self", summary: "SUSE Bug 1197689", url: "https://bugzilla.suse.com/1197689", }, { category: "self", summary: "SUSE CVE CVE-2021-36222 page", url: "https://www.suse.com/security/cve/CVE-2021-36222/", }, { category: "self", summary: "SUSE CVE CVE-2021-3711 page", url: "https://www.suse.com/security/cve/CVE-2021-3711/", }, { category: "self", summary: "SUSE CVE CVE-2021-39226 page", url: "https://www.suse.com/security/cve/CVE-2021-39226/", }, { category: "self", summary: "SUSE CVE CVE-2021-41174 page", url: "https://www.suse.com/security/cve/CVE-2021-41174/", }, { category: "self", summary: "SUSE CVE CVE-2021-41244 page", url: "https://www.suse.com/security/cve/CVE-2021-41244/", }, { category: "self", summary: "SUSE CVE CVE-2021-43798 page", url: "https://www.suse.com/security/cve/CVE-2021-43798/", }, { category: "self", summary: "SUSE CVE CVE-2021-43813 page", url: "https://www.suse.com/security/cve/CVE-2021-43813/", }, { category: "self", summary: "SUSE CVE CVE-2021-43815 page", url: "https://www.suse.com/security/cve/CVE-2021-43815/", }, { category: "self", summary: "SUSE CVE CVE-2022-21673 page", url: "https://www.suse.com/security/cve/CVE-2022-21673/", }, { category: "self", summary: "SUSE CVE CVE-2022-21698 page", url: "https://www.suse.com/security/cve/CVE-2022-21698/", }, { category: "self", summary: "SUSE CVE CVE-2022-21702 page", url: "https://www.suse.com/security/cve/CVE-2022-21702/", }, { category: "self", summary: "SUSE CVE CVE-2022-21703 page", url: "https://www.suse.com/security/cve/CVE-2022-21703/", }, { category: "self", summary: "SUSE CVE CVE-2022-21713 page", url: "https://www.suse.com/security/cve/CVE-2022-21713/", }, ], title: "Security update for SUSE Manager Client Tools", tracking: { current_release_date: "2022-06-20T11:42:14Z", generator: { date: "2022-06-20T11:42:14Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:2134-1", initial_release_date: "2022-06-20T11:42:14Z", revision_history: [ { date: "2022-06-20T11:42:14Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", product: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", product_id: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", product: { name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", product_id: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", product: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", product_id: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", }, }, { category: "product_version", name: "grafana-8.3.5-1.30.3.aarch64", product: { name: "grafana-8.3.5-1.30.3.aarch64", product_id: "grafana-8.3.5-1.30.3.aarch64", }, }, { category: "product_version", name: "prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", product: { name: "prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", product_id: "prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", product: { name: "prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", product_id: "prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", product: { name: "python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", product_id: "python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", }, }, { category: "product_version", name: "uyuni-base-common-4.3.2-1.6.1.aarch64", product: { name: "uyuni-base-common-4.3.2-1.6.1.aarch64", product_id: "uyuni-base-common-4.3.2-1.6.1.aarch64", }, }, { category: "product_version", name: "uyuni-base-proxy-4.3.2-1.6.1.aarch64", product: { name: "uyuni-base-proxy-4.3.2-1.6.1.aarch64", product_id: "uyuni-base-proxy-4.3.2-1.6.1.aarch64", }, }, { category: "product_version", name: "uyuni-base-server-4.3.2-1.6.1.aarch64", product: { name: "uyuni-base-server-4.3.2-1.6.1.aarch64", product_id: "uyuni-base-server-4.3.2-1.6.1.aarch64", }, }, { category: "product_version", name: "wire-0.5.0-1.3.3.aarch64", product: { name: "wire-0.5.0-1.3.3.aarch64", product_id: "wire-0.5.0-1.3.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.i586", product: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.i586", product_id: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.i586", }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.i586", product: { name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.i586", product_id: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.i586", }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.i586", product: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.i586", product_id: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.i586", }, }, { category: "product_version", name: "grafana-8.3.5-1.30.3.i586", product: { name: "grafana-8.3.5-1.30.3.i586", product_id: "grafana-8.3.5-1.30.3.i586", }, }, { category: "product_version", name: "prometheus-blackbox_exporter-0.19.0-1.8.2.i586", product: { name: "prometheus-blackbox_exporter-0.19.0-1.8.2.i586", product_id: "prometheus-blackbox_exporter-0.19.0-1.8.2.i586", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.0-1.8.2.i586", product: { name: "prometheus-postgres_exporter-0.10.0-1.8.2.i586", product_id: "prometheus-postgres_exporter-0.10.0-1.8.2.i586", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.4-1.21.3.i586", product: { name: "python2-uyuni-common-libs-4.3.4-1.21.3.i586", product_id: "python2-uyuni-common-libs-4.3.4-1.21.3.i586", }, }, { category: "product_version", name: "uyuni-base-common-4.3.2-1.6.1.i586", product: { name: "uyuni-base-common-4.3.2-1.6.1.i586", product_id: "uyuni-base-common-4.3.2-1.6.1.i586", }, }, { category: "product_version", name: "uyuni-base-proxy-4.3.2-1.6.1.i586", product: { name: "uyuni-base-proxy-4.3.2-1.6.1.i586", product_id: "uyuni-base-proxy-4.3.2-1.6.1.i586", }, }, { category: "product_version", name: "uyuni-base-server-4.3.2-1.6.1.i586", product: { name: "uyuni-base-server-4.3.2-1.6.1.i586", product_id: "uyuni-base-server-4.3.2-1.6.1.i586", }, }, { category: "product_version", name: "wire-0.5.0-1.3.3.i586", product: { name: "wire-0.5.0-1.3.3.i586", product_id: "wire-0.5.0-1.3.3.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "mgr-cfg-4.3.6-1.27.4.noarch", product: { name: "mgr-cfg-4.3.6-1.27.4.noarch", product_id: "mgr-cfg-4.3.6-1.27.4.noarch", }, }, { category: "product_version", name: "mgr-cfg-actions-4.3.6-1.27.4.noarch", product: { name: "mgr-cfg-actions-4.3.6-1.27.4.noarch", product_id: "mgr-cfg-actions-4.3.6-1.27.4.noarch", }, }, { category: "product_version", name: "mgr-cfg-client-4.3.6-1.27.4.noarch", product: { name: "mgr-cfg-client-4.3.6-1.27.4.noarch", product_id: "mgr-cfg-client-4.3.6-1.27.4.noarch", }, }, { category: "product_version", name: "mgr-cfg-management-4.3.6-1.27.4.noarch", product: { name: "mgr-cfg-management-4.3.6-1.27.4.noarch", product_id: "mgr-cfg-management-4.3.6-1.27.4.noarch", }, }, { category: "product_version", name: "mgr-custom-info-4.3.3-1.18.1.noarch", product: { name: "mgr-custom-info-4.3.3-1.18.1.noarch", product_id: "mgr-custom-info-4.3.3-1.18.1.noarch", }, }, { category: "product_version", name: "mgr-daemon-4.3.4-1.32.3.noarch", product: { name: "mgr-daemon-4.3.4-1.32.3.noarch", product_id: "mgr-daemon-4.3.4-1.32.3.noarch", }, }, { category: "product_version", name: "mgr-osa-dispatcher-4.3.6-1.39.4.noarch", product: { name: "mgr-osa-dispatcher-4.3.6-1.39.4.noarch", product_id: "mgr-osa-dispatcher-4.3.6-1.39.4.noarch", }, }, { category: "product_version", name: "mgr-osad-4.3.6-1.39.4.noarch", product: { name: "mgr-osad-4.3.6-1.39.4.noarch", product_id: "mgr-osad-4.3.6-1.39.4.noarch", }, }, { category: "product_version", name: "mgr-push-4.3.4-1.21.4.noarch", product: { name: "mgr-push-4.3.4-1.21.4.noarch", product_id: "mgr-push-4.3.4-1.21.4.noarch", }, }, { category: "product_version", name: "mgr-virtualization-host-4.3.5-1.29.3.noarch", product: { name: "mgr-virtualization-host-4.3.5-1.29.3.noarch", product_id: "mgr-virtualization-host-4.3.5-1.29.3.noarch", }, }, { category: "product_version", name: "python2-hwdata-2.3.5-12.9.1.noarch", product: { name: "python2-hwdata-2.3.5-12.9.1.noarch", product_id: "python2-hwdata-2.3.5-12.9.1.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-4.3.6-1.27.4.noarch", product: { name: "python2-mgr-cfg-4.3.6-1.27.4.noarch", product_id: "python2-mgr-cfg-4.3.6-1.27.4.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", product: { name: "python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", product_id: "python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-client-4.3.6-1.27.4.noarch", product: { name: "python2-mgr-cfg-client-4.3.6-1.27.4.noarch", product_id: "python2-mgr-cfg-client-4.3.6-1.27.4.noarch", }, }, { category: "product_version", name: "python2-mgr-cfg-management-4.3.6-1.27.4.noarch", product: { name: "python2-mgr-cfg-management-4.3.6-1.27.4.noarch", product_id: "python2-mgr-cfg-management-4.3.6-1.27.4.noarch", }, }, { category: "product_version", name: "python2-mgr-osa-common-4.3.6-1.39.4.noarch", product: { name: "python2-mgr-osa-common-4.3.6-1.39.4.noarch", product_id: "python2-mgr-osa-common-4.3.6-1.39.4.noarch", }, }, { category: "product_version", name: "python2-mgr-osa-dispatcher-4.3.6-1.39.4.noarch", product: { name: "python2-mgr-osa-dispatcher-4.3.6-1.39.4.noarch", product_id: "python2-mgr-osa-dispatcher-4.3.6-1.39.4.noarch", }, }, { category: "product_version", name: "python2-mgr-osad-4.3.6-1.39.4.noarch", product: { name: "python2-mgr-osad-4.3.6-1.39.4.noarch", product_id: "python2-mgr-osad-4.3.6-1.39.4.noarch", }, }, { category: "product_version", name: "python2-mgr-push-4.3.4-1.21.4.noarch", product: { name: "python2-mgr-push-4.3.4-1.21.4.noarch", product_id: "python2-mgr-push-4.3.4-1.21.4.noarch", }, }, { category: "product_version", name: "python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", product: { name: "python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", product_id: "python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", }, }, { category: "product_version", name: "python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", product: { name: "python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", product_id: "python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", }, }, { category: "product_version", name: "python2-rhnlib-4.3.4-21.43.3.noarch", product: { name: "python2-rhnlib-4.3.4-21.43.3.noarch", product_id: "python2-rhnlib-4.3.4-21.43.3.noarch", }, }, { category: "product_version", name: "python2-spacewalk-check-4.3.9-52.71.3.noarch", product: { name: "python2-spacewalk-check-4.3.9-52.71.3.noarch", product_id: "python2-spacewalk-check-4.3.9-52.71.3.noarch", }, }, { category: "product_version", name: "python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", product: { name: "python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", product_id: "python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", }, }, { category: "product_version", name: "python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", product: { name: "python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", product_id: "python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", }, }, { category: "product_version", name: "python2-spacewalk-koan-4.3.5-24.33.3.noarch", product: { name: "python2-spacewalk-koan-4.3.5-24.33.3.noarch", product_id: "python2-spacewalk-koan-4.3.5-24.33.3.noarch", }, }, { category: "product_version", name: "python2-spacewalk-oscap-4.3.5-19.27.1.noarch", product: { name: "python2-spacewalk-oscap-4.3.5-19.27.1.noarch", product_id: "python2-spacewalk-oscap-4.3.5-19.27.1.noarch", }, }, { category: "product_version", name: "python2-suseRegisterInfo-4.3.3-25.27.3.noarch", product: { name: "python2-suseRegisterInfo-4.3.3-25.27.3.noarch", product_id: "python2-suseRegisterInfo-4.3.3-25.27.3.noarch", }, }, { category: "product_version", name: "spacecmd-4.3.11-38.103.3.noarch", product: { name: "spacecmd-4.3.11-38.103.3.noarch", product_id: "spacecmd-4.3.11-38.103.3.noarch", }, }, { category: "product_version", name: "spacewalk-check-4.3.9-52.71.3.noarch", product: { name: "spacewalk-check-4.3.9-52.71.3.noarch", product_id: "spacewalk-check-4.3.9-52.71.3.noarch", }, }, { category: "product_version", name: "spacewalk-client-setup-4.3.9-52.71.3.noarch", product: { name: "spacewalk-client-setup-4.3.9-52.71.3.noarch", product_id: "spacewalk-client-setup-4.3.9-52.71.3.noarch", }, }, { category: "product_version", name: "spacewalk-client-tools-4.3.9-52.71.3.noarch", product: { name: "spacewalk-client-tools-4.3.9-52.71.3.noarch", product_id: "spacewalk-client-tools-4.3.9-52.71.3.noarch", }, }, { category: "product_version", name: "spacewalk-koan-4.3.5-24.33.3.noarch", product: { name: "spacewalk-koan-4.3.5-24.33.3.noarch", product_id: "spacewalk-koan-4.3.5-24.33.3.noarch", }, }, { category: "product_version", name: "spacewalk-oscap-4.3.5-19.27.1.noarch", product: { name: "spacewalk-oscap-4.3.5-19.27.1.noarch", product_id: "spacewalk-oscap-4.3.5-19.27.1.noarch", }, }, { category: "product_version", name: "spacewalk-remote-utils-4.3.3-24.24.3.noarch", product: { name: "spacewalk-remote-utils-4.3.3-24.24.3.noarch", product_id: "spacewalk-remote-utils-4.3.3-24.24.3.noarch", }, }, { category: "product_version", name: "supportutils-plugin-salt-1.2.0-6.16.1.noarch", product: { name: "supportutils-plugin-salt-1.2.0-6.16.1.noarch", product_id: "supportutils-plugin-salt-1.2.0-6.16.1.noarch", }, }, { category: "product_version", name: "supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", product: { name: "supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", product_id: "supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", }, }, { category: "product_version", name: "suseRegisterInfo-4.3.3-25.27.3.noarch", product: { name: "suseRegisterInfo-4.3.3-25.27.3.noarch", product_id: "suseRegisterInfo-4.3.3-25.27.3.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", product: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", product_id: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", product: { name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", product_id: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", product: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", product_id: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", }, }, { category: "product_version", name: "grafana-8.3.5-1.30.3.ppc64le", product: { name: "grafana-8.3.5-1.30.3.ppc64le", product_id: "grafana-8.3.5-1.30.3.ppc64le", }, }, { category: "product_version", name: "prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", product: { name: "prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", product_id: "prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", product: { name: "prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", product_id: "prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", product: { name: "python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", product_id: "python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", }, }, { category: "product_version", name: "uyuni-base-common-4.3.2-1.6.1.ppc64le", product: { name: "uyuni-base-common-4.3.2-1.6.1.ppc64le", product_id: "uyuni-base-common-4.3.2-1.6.1.ppc64le", }, }, { category: "product_version", name: "uyuni-base-proxy-4.3.2-1.6.1.ppc64le", product: { name: "uyuni-base-proxy-4.3.2-1.6.1.ppc64le", product_id: "uyuni-base-proxy-4.3.2-1.6.1.ppc64le", }, }, { category: "product_version", name: "uyuni-base-server-4.3.2-1.6.1.ppc64le", product: { name: "uyuni-base-server-4.3.2-1.6.1.ppc64le", product_id: "uyuni-base-server-4.3.2-1.6.1.ppc64le", }, }, { category: "product_version", name: "wire-0.5.0-1.3.3.ppc64le", product: { name: "wire-0.5.0-1.3.3.ppc64le", product_id: "wire-0.5.0-1.3.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python2-uyuni-common-libs-4.3.4-1.21.3.s390", product: { name: "python2-uyuni-common-libs-4.3.4-1.21.3.s390", product_id: "python2-uyuni-common-libs-4.3.4-1.21.3.s390", }, }, { category: "product_version", name: "uyuni-base-common-4.3.2-1.6.1.s390", product: { name: "uyuni-base-common-4.3.2-1.6.1.s390", product_id: "uyuni-base-common-4.3.2-1.6.1.s390", }, }, { category: "product_version", name: "uyuni-base-proxy-4.3.2-1.6.1.s390", product: { name: "uyuni-base-proxy-4.3.2-1.6.1.s390", product_id: "uyuni-base-proxy-4.3.2-1.6.1.s390", }, }, { category: "product_version", name: "uyuni-base-server-4.3.2-1.6.1.s390", product: { name: "uyuni-base-server-4.3.2-1.6.1.s390", product_id: "uyuni-base-server-4.3.2-1.6.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", product: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", product_id: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", product: { name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", product_id: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", product: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", product_id: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", }, }, { category: "product_version", name: "grafana-8.3.5-1.30.3.s390x", product: { name: "grafana-8.3.5-1.30.3.s390x", product_id: "grafana-8.3.5-1.30.3.s390x", }, }, { category: "product_version", name: "prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", product: { name: "prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", product_id: "prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.0-1.8.2.s390x", product: { name: "prometheus-postgres_exporter-0.10.0-1.8.2.s390x", product_id: "prometheus-postgres_exporter-0.10.0-1.8.2.s390x", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.4-1.21.3.s390x", product: { name: "python2-uyuni-common-libs-4.3.4-1.21.3.s390x", product_id: "python2-uyuni-common-libs-4.3.4-1.21.3.s390x", }, }, { category: "product_version", name: "uyuni-base-common-4.3.2-1.6.1.s390x", product: { name: "uyuni-base-common-4.3.2-1.6.1.s390x", product_id: "uyuni-base-common-4.3.2-1.6.1.s390x", }, }, { category: "product_version", name: "uyuni-base-proxy-4.3.2-1.6.1.s390x", product: { name: "uyuni-base-proxy-4.3.2-1.6.1.s390x", product_id: "uyuni-base-proxy-4.3.2-1.6.1.s390x", }, }, { category: "product_version", name: "uyuni-base-server-4.3.2-1.6.1.s390x", product: { name: "uyuni-base-server-4.3.2-1.6.1.s390x", product_id: "uyuni-base-server-4.3.2-1.6.1.s390x", }, }, { category: "product_version", name: "wire-0.5.0-1.3.3.s390x", product: { name: "wire-0.5.0-1.3.3.s390x", product_id: "wire-0.5.0-1.3.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", product: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", product_id: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, }, { category: "product_version", name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", product: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", product_id: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", product: { name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", product_id: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", }, }, { category: "product_version", name: "grafana-8.3.5-1.30.3.x86_64", product: { name: "grafana-8.3.5-1.30.3.x86_64", product_id: "grafana-8.3.5-1.30.3.x86_64", }, }, { category: "product_version", name: "prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", product: { name: "prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", product_id: "prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", product: { name: "prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", product_id: "prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", product: { name: "python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", product_id: "python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", }, }, { category: "product_version", name: "uyuni-base-common-4.3.2-1.6.1.x86_64", product: { name: "uyuni-base-common-4.3.2-1.6.1.x86_64", product_id: "uyuni-base-common-4.3.2-1.6.1.x86_64", }, }, { category: "product_version", name: "uyuni-base-proxy-4.3.2-1.6.1.x86_64", product: { name: "uyuni-base-proxy-4.3.2-1.6.1.x86_64", product_id: "uyuni-base-proxy-4.3.2-1.6.1.x86_64", }, }, { category: "product_version", name: "uyuni-base-server-4.3.2-1.6.1.x86_64", product: { name: "uyuni-base-server-4.3.2-1.6.1.x86_64", product_id: "uyuni-base-server-4.3.2-1.6.1.x86_64", }, }, { category: "product_version", name: "wire-0.5.0-1.3.3.x86_64", product: { name: "wire-0.5.0-1.3.3.x86_64", product_id: "wire-0.5.0-1.3.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "HPE Helion OpenStack 8", product: { name: "HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8", product_identification_helper: { cpe: "cpe:/o:suse:hpe-helion-openstack:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 8", product: { name: "SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud 9", product: { name: "SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:9", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 8", product: { name: "SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:8", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 9", product: { name: "SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:9", }, }, }, { category: "product_name", name: "SUSE Manager Client Tools 12", product: { name: "SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12", }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of HPE Helion OpenStack 8", product_id: "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "HPE Helion OpenStack 8", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE OpenStack Cloud 8", product_id: "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 8", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE OpenStack Cloud Crowbar 8", product_id: "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 8", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", }, product_reference: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", }, product_reference: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", }, product_reference: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", }, product_reference: "golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", }, product_reference: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", }, product_reference: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", }, product_reference: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", }, product_reference: "golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-1.30.3.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", }, product_reference: "grafana-8.3.5-1.30.3.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-1.30.3.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", }, product_reference: "grafana-8.3.5-1.30.3.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-1.30.3.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", }, product_reference: "grafana-8.3.5-1.30.3.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-1.30.3.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", }, product_reference: "grafana-8.3.5-1.30.3.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", }, product_reference: "mgr-cfg-4.3.6-1.27.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-actions-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", }, product_reference: "mgr-cfg-actions-4.3.6-1.27.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-client-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", }, product_reference: "mgr-cfg-client-4.3.6-1.27.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-cfg-management-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", }, product_reference: "mgr-cfg-management-4.3.6-1.27.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-custom-info-4.3.3-1.18.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", }, product_reference: "mgr-custom-info-4.3.3-1.18.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-daemon-4.3.4-1.32.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", }, product_reference: "mgr-daemon-4.3.4-1.32.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-osad-4.3.6-1.39.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", }, product_reference: "mgr-osad-4.3.6-1.39.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-push-4.3.4-1.21.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", }, product_reference: "mgr-push-4.3.4-1.21.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgr-virtualization-host-4.3.5-1.29.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", }, product_reference: "mgr-virtualization-host-4.3.5-1.29.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", }, product_reference: "prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", }, product_reference: "prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "prometheus-blackbox_exporter-0.19.0-1.8.2.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", }, product_reference: "prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", }, product_reference: "prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-1.8.2.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", }, product_reference: "prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", }, product_reference: "prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-1.8.2.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", }, product_reference: "prometheus-postgres_exporter-0.10.0-1.8.2.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.0-1.8.2.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", }, product_reference: "prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-hwdata-2.3.5-12.9.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", }, product_reference: "python2-hwdata-2.3.5-12.9.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", }, product_reference: "python2-mgr-cfg-4.3.6-1.27.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-actions-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", }, product_reference: "python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-client-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", }, product_reference: "python2-mgr-cfg-client-4.3.6-1.27.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-cfg-management-4.3.6-1.27.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", }, product_reference: "python2-mgr-cfg-management-4.3.6-1.27.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-osa-common-4.3.6-1.39.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", }, product_reference: "python2-mgr-osa-common-4.3.6-1.39.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-osad-4.3.6-1.39.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", }, product_reference: "python2-mgr-osad-4.3.6-1.39.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-push-4.3.4-1.21.4.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", }, product_reference: "python2-mgr-push-4.3.4-1.21.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-virtualization-common-4.3.5-1.29.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", }, product_reference: "python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-virtualization-host-4.3.5-1.29.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", }, product_reference: "python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-rhnlib-4.3.4-21.43.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", }, product_reference: "python2-rhnlib-4.3.4-21.43.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-check-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", }, product_reference: "python2-spacewalk-check-4.3.9-52.71.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-client-setup-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", }, product_reference: "python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-client-tools-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", }, product_reference: "python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-koan-4.3.5-24.33.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", }, product_reference: "python2-spacewalk-koan-4.3.5-24.33.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-spacewalk-oscap-4.3.5-19.27.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", }, product_reference: "python2-spacewalk-oscap-4.3.5-19.27.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-suseRegisterInfo-4.3.3-25.27.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", }, product_reference: "python2-suseRegisterInfo-4.3.3-25.27.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.3.4-1.21.3.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", }, product_reference: "python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", }, product_reference: "python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.3.4-1.21.3.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", }, product_reference: "python2-uyuni-common-libs-4.3.4-1.21.3.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-4.3.4-1.21.3.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", }, product_reference: "python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.3.11-38.103.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", }, product_reference: "spacecmd-4.3.11-38.103.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-check-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", }, product_reference: "spacewalk-check-4.3.9-52.71.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-setup-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", }, product_reference: "spacewalk-client-setup-4.3.9-52.71.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.3.9-52.71.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", }, product_reference: "spacewalk-client-tools-4.3.9-52.71.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-koan-4.3.5-24.33.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", }, product_reference: "spacewalk-koan-4.3.5-24.33.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-oscap-4.3.5-19.27.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", }, product_reference: "spacewalk-oscap-4.3.5-19.27.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacewalk-remote-utils-4.3.3-24.24.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", }, product_reference: "spacewalk-remote-utils-4.3.3-24.24.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.0-6.16.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.0-6.16.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", }, product_reference: "supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "suseRegisterInfo-4.3.3-25.27.3.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", }, product_reference: "suseRegisterInfo-4.3.3-25.27.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL", product_id: "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3-BCL", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2021-36222", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-36222", }, ], notes: [ { category: "general", text: "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-36222", url: "https://www.suse.com/security/cve/CVE-2021-36222", }, { category: "external", summary: "SUSE Bug 1188571 for CVE-2021-36222", url: "https://bugzilla.suse.com/1188571", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "important", }, ], title: "CVE-2021-36222", }, { cve: "CVE-2021-3711", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3711", }, ], notes: [ { category: "general", text: "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3711", url: "https://www.suse.com/security/cve/CVE-2021-3711", }, { category: "external", summary: "SUSE Bug 1189520 for CVE-2021-3711", url: "https://bugzilla.suse.com/1189520", }, { category: "external", summary: "SUSE Bug 1190129 for CVE-2021-3711", url: "https://bugzilla.suse.com/1190129", }, { category: "external", summary: "SUSE Bug 1192100 for CVE-2021-3711", url: "https://bugzilla.suse.com/1192100", }, { category: "external", summary: "SUSE Bug 1205663 for CVE-2021-3711", url: "https://bugzilla.suse.com/1205663", }, { category: "external", summary: "SUSE Bug 1225628 for CVE-2021-3711", url: "https://bugzilla.suse.com/1225628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "critical", }, ], title: "CVE-2021-3711", }, { cve: "CVE-2021-39226", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-39226", }, ], notes: [ { category: "general", text: "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-39226", url: "https://www.suse.com/security/cve/CVE-2021-39226", }, { category: "external", summary: "SUSE Bug 1191454 for CVE-2021-39226", url: "https://bugzilla.suse.com/1191454", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "important", }, ], title: "CVE-2021-39226", }, { cve: "CVE-2021-41174", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41174", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor('alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41174", url: "https://www.suse.com/security/cve/CVE-2021-41174", }, { category: "external", summary: "SUSE Bug 1192383 for CVE-2021-41174", url: "https://bugzilla.suse.com/1192383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "moderate", }, ], title: "CVE-2021-41174", }, { cve: "CVE-2021-41244", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41244", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41244", url: "https://www.suse.com/security/cve/CVE-2021-41244", }, { category: "external", summary: "SUSE Bug 1192763 for CVE-2021-41244", url: "https://bugzilla.suse.com/1192763", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "critical", }, ], title: "CVE-2021-41244", }, { cve: "CVE-2021-43798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43798", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43798", url: "https://www.suse.com/security/cve/CVE-2021-43798", }, { category: "external", summary: "SUSE Bug 1193492 for CVE-2021-43798", url: "https://bugzilla.suse.com/1193492", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "important", }, ], title: "CVE-2021-43798", }, { cve: "CVE-2021-43813", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43813", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43813", url: "https://www.suse.com/security/cve/CVE-2021-43813", }, { category: "external", summary: "SUSE Bug 1193686 for CVE-2021-43813", url: "https://bugzilla.suse.com/1193686", }, { category: "external", summary: "SUSE Bug 1193688 for CVE-2021-43813", url: "https://bugzilla.suse.com/1193688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "moderate", }, ], title: "CVE-2021-43813", }, { cve: "CVE-2021-43815", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43815", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43815", url: "https://www.suse.com/security/cve/CVE-2021-43815", }, { category: "external", summary: "SUSE Bug 1193686 for CVE-2021-43815", url: "https://bugzilla.suse.com/1193686", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "moderate", }, ], title: "CVE-2021-43815", }, { cve: "CVE-2022-21673", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21673", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21673", url: "https://www.suse.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "SUSE Bug 1194873 for CVE-2022-21673", url: "https://bugzilla.suse.com/1194873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "moderate", }, ], title: "CVE-2022-21673", }, { cve: "CVE-2022-21698", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21698", }, ], notes: [ { category: "general", text: "client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21698", url: "https://www.suse.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "SUSE Bug 1196338 for CVE-2022-21698", url: "https://bugzilla.suse.com/1196338", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "important", }, ], title: "CVE-2022-21698", }, { cve: "CVE-2022-21702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21702", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21702", url: "https://www.suse.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "SUSE Bug 1195726 for CVE-2022-21702", url: "https://bugzilla.suse.com/1195726", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "moderate", }, ], title: "CVE-2022-21702", }, { cve: "CVE-2022-21703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21703", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21703", url: "https://www.suse.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "SUSE Bug 1195727 for CVE-2022-21703", url: "https://bugzilla.suse.com/1195727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "moderate", }, ], title: "CVE-2022-21703", }, { cve: "CVE-2022-21713", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21713", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21713", url: "https://www.suse.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "SUSE Bug 1195728 for CVE-2022-21713", url: "https://bugzilla.suse.com/1195728", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "HPE Helion OpenStack 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-BCL:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP3-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.aarch64", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.s390x", "SUSE Manager Client Tools 12:golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.23.0-1.12.3.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.aarch64", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.ppc64le", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.s390x", "SUSE Manager Client Tools 12:grafana-8.3.5-1.30.3.x86_64", "SUSE Manager Client Tools 12:mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:mgr-custom-info-4.3.3-1.18.1.noarch", "SUSE Manager Client Tools 12:mgr-daemon-4.3.4-1.32.3.noarch", "SUSE Manager Client Tools 12:mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.19.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.aarch64", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.ppc64le", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.s390x", "SUSE Manager Client Tools 12:prometheus-postgres_exporter-0.10.0-1.8.2.x86_64", "SUSE Manager Client Tools 12:python2-hwdata-2.3.5-12.9.1.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-actions-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-client-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-cfg-management-4.3.6-1.27.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osa-common-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-osad-4.3.6-1.39.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-push-4.3.4-1.21.4.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-common-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-mgr-virtualization-host-4.3.5-1.29.3.noarch", "SUSE Manager Client Tools 12:python2-rhnlib-4.3.4-21.43.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:python2-spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:python2-suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.aarch64", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.ppc64le", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.s390x", "SUSE Manager Client Tools 12:python2-uyuni-common-libs-4.3.4-1.21.3.x86_64", "SUSE Manager Client Tools 12:spacecmd-4.3.11-38.103.3.noarch", "SUSE Manager Client Tools 12:spacewalk-check-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-setup-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-client-tools-4.3.9-52.71.3.noarch", "SUSE Manager Client Tools 12:spacewalk-koan-4.3.5-24.33.3.noarch", "SUSE Manager Client Tools 12:spacewalk-oscap-4.3.5-19.27.1.noarch", "SUSE Manager Client Tools 12:spacewalk-remote-utils-4.3.3-24.24.3.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.0-6.16.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-4.3.2-6.24.1.noarch", "SUSE Manager Client Tools 12:suseRegisterInfo-4.3.3-25.27.3.noarch", "SUSE OpenStack Cloud 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 8:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", "SUSE OpenStack Cloud Crowbar 9:golang-github-prometheus-node_exporter-1.3.0-1.15.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-20T11:42:14Z", details: "moderate", }, ], title: "CVE-2022-21713", }, ], }
suse-su-2024:0191-1
Vulnerability from csaf_suse
Published
2024-01-23 15:18
Modified
2024-01-23 15:18
Summary
Security Beta update for SUSE Manager Client Tools
Notes
Title of the patch
Security Beta update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Exclude s390 arch
- Adapted to build on Enterprise Linux.
- Fix build for RedHat 7
- Require Go >= 1.14 also for CentOS
- Add support for CentOS
- Replace %{?systemd_requires} with %{?systemd_ordering}
golang-github-boynux-squid_exporter:
- Exclude s390 architecture (gh#SUSE/spacewalk#19050)
- Enhanced to build on Enterprise Linux 8.
golang-github-lusitaniae-apache_exporter:
- Do not strip if SUSE Linux Enterprise 15 SP3
- Exclude debug for RHEL >= 8
- Build with Go >= 1.20 when the OS is not RHEL
- Fix apparmor profile for SLE 12
- Upgrade to version 1.0.0 (jsc#PED-5405)
* Improved flag parsing
* Added support for custom headers
- Build using promu
- Fix sandboxing options
- Upgrade to version 0.13.4
* CVE-2022-32149: Fix denial of service vulnerability (bsc#1204501)
- Upgrade to version 0.13.3
* CVE-2022-41723: Fix uncontrolled resource consumption (bsc#1208270)
- Upgrade to version 0.13.1
* Fix panic caused by missing flagConfig options
- Upgrade to version 0.13.0
* CVE-2022-46146: Fix authentication bypass vulnarability (bsc#1208046)
- Corrected comment in AppArmor profile
- Added AppArmor profile
- Added sandboxing options to systemd service unit
- Exclude s390 architecture (gh#SUSE/spacewalk#19050)
- Update to upstream release 0.11.0 (jsc#SLE-24791)
* Add TLS support
* Switch to logger, please check --log.level and --log.format flags
- Update to version 0.10.1
* Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
- Update to version 0.10.0
* Add Apache Proxy and other metrics
- Update to version 0.8.0
* Change commandline flags
* Add metrics: Apache version, request duration total
- Adapted to build on Enterprise Linux 8
- Require building with Go 1.15
- Add support for RedHat 8
- Adjust dependencies on spec file
- Disable dwarf compression in go build
- Add support for Red Hat
- Add %license macro for LICENSE file
golang-github-prometheus-alertmanager:
- Do not create PIE for s390x architecture
- Require Go 1.20 or newer for building
- Remove not used build flags
- Create position independent executables (PIE)
- Disable striping the binaries only for SLE 15 SP3
- Add System/Monitoring group tag
- Rework service file to use obscpio
* Run tar and recompress services at buildtime
* Do not generate automatically changelog entries
- Update to version 0.26.0 (jsc#PED-7353):
https://github.com/prometheus/alertmanager/releases/tag/v0.26.0
* CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI (bsc#1218838)
* Configuration: Fix empty list of receivers and inhibit_rules would cause the alertmanager to crash
* Templating: Fixed a race condition when using the title
function. It is now race-safe
* API: Fixed duplicate receiver names in the api/v2/receivers API
endpoint
* API: Attempting to delete a silence now returns the correct
status code, 404 instead of 500
* Clustering: Fixes a panic when tls_client_config is empty
* Webhook: url is now marked as a secret. It will no longer show
up in the logs as clear-text
* Metrics: New label reason for
alertmanager_notifications_failed_total metric to indicate the
type of error of the alert delivery
* Clustering: New flag --cluster.label, to help to block any
traffic that is not meant for the cluster
* Integrations: Add Microsoft Teams as a supported integration
- Update to version 0.25.0:
https://github.com/prometheus/alertmanager/releases/tag/v0.25.0
* Fail configuration loading if api_key and api_key_file are
defined at the same time
* Fix the alertmanager_alerts metric to avoid counting resolved
alerts as active. Also added a new alertmanager_marked_alerts
metric that retain the old behavior
* Trim contents of Slack API URLs when reading from files
* amtool: Avoid panic when the label value matcher is empty
* Fail configuration loading if api_url is empty for OpsGenie
* Fix email template for resolved notifications
* Add proxy_url support for OAuth2 in HTTP client configuration
* Reload TLS certificate and key from disk when updated
* Add Discord integration
* Add Webex integration
* Add min_version support to select the minimum TLS version in
HTTP client configuration
* Add max_version support to select the maximum TLS version in
* Emit warning logs when truncating messages in notifications
* Support HEAD method for the /-/healty and /-/ready endpoints
* Add support for reading global and local SMTP passwords from
files
* UI: Add 'Link' button to alerts in list
* UI: Allow to choose the first day of the week as Sunday or
Monday
- Update to version 0.24.0:
https://github.com/prometheus/alertmanager/releases/tag/v0.24.0
* Fix HTTP client configuration for the SNS receiver
* Fix unclosed file descriptor after reading the silences
snapshot file
* Fix field names for mute_time_intervals in JSON marshaling
* Ensure that the root route doesn't have any matchers
* Truncate the message's title to 1024 chars to avoid hitting
Slack limits
* Fix the default HTML email template (email.default.html) to
match with the canonical source
* Detect SNS FIFO topic based on the rendered value
* Avoid deleting and recreating a silence when an update is
possible
* api/v2: Return 200 OK when deleting an expired silence
* amtool: Fix the silence's end date when adding a silence. The
end date is (start date + duration) while it used to be
(current time + duration). The new behavior is consistent with
the update operation
* Add the /api/v2 prefix to all endpoints in the OpenAPI
specification and generated client code
* Add --cluster.tls-config experimental flag to secure cluster
traffic via mutual TLS
* Add Telegram integration
- CVE-2022-46146: Prevent authentication bypass via cache poisoning (bsc#1208051)
- Do not include sources (bsc#1200725)
golang-github-prometheus-node_exporter:
- Remove node_exporter-1.5.0.tar.gz
- Execute tar and recompress service modules at buildtime
- Update to 1.5.0 (jsc#PED-3578):
* NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the
concurrency of the exporter to 1 CPU thread at a time in order to avoid a
race condition problem in the Linux kernel (#2500) and parallel IO issues
on nodes with high numbers of CPUs/CPU threads (#1880).
* [CHANGE] Default GOMAXPROCS to 1 #2530
* [FEATURE] Add multiple listeners and systemd socket listener activation #2393
* [ENHANCEMENT] Add RTNL version of netclass collector #2492, #2528
* [BUGFIX] Fix hwmon label sanitizer #2504
* [BUGFIX] Use native endianness when encoding InetDiagMsg #2508
* [BUGFIX] Fix btrfs device stats always being zero #2516
- Update to 1.4.1:
* [BUGFIX] Fix diskstats exclude flags #2487
* [SECURITY] CVE-2022-27191, CVE-2022-27664: Update go/x/crypto and go/x/net (bsc#1197284, bsc#1203185)
* [SECURITY] CVE-2022-46146: Update exporter-toolkit (bsc#1208064)
- Update to 1.4.0:
* [CHANGE] Merge metrics descriptions in textfile collector #2475
* [FEATURE] [node-mixin] Add darwin dashboard to mixin #2351
* [FEATURE] Add 'isolated' metric on cpu collector on linux #2251
* [FEATURE] Add cgroup summary collector #2408
* [FEATURE] Add selinux collector #2205
* [FEATURE] Add slab info collector #2376
* [FEATURE] Add sysctl collector #2425
* [FEATURE] Also track the CPU Spin time for OpenBSD systems #1971
* [FEATURE] Add support for MacOS version #2471
* [ENHANCEMENT] [node-mixin] Add missing selectors #2426
* [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default #2281
* [ENHANCEMENT] [node-mixin] Change disk graph to disk table #2364
* [ENHANCEMENT] [node-mixin] Change io time units to %util #2375
* [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd #2266
* [ENHANCEMENT] Add additional vm_stat memory metrics for darwin #2240
* [ENHANCEMENT] Add device filter flags to arp collector #2254
* [ENHANCEMENT] Add diskstats include and exclude device flags #2417
* [ENHANCEMENT] Add node_softirqs_total metric #2221
* [ENHANCEMENT] Add rapl zone name label option #2401
* [ENHANCEMENT] Add slabinfo collector #1799
* [ENHANCEMENT] Allow user to select port on NTP server to query #2270
* [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev #2404
* [ENHANCEMENT] Enable builds against older macOS SDK #2327
* [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name #2432
* [ENHANCEMENT] systemd: Expose systemd minor version #2282
* [ENHANCEMENT] Use netlink for tcpstat collector #2322
* [ENHANCEMENT] Use netlink to get netdev stats #2074
* [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles #2191
* [ENHANCEMENT] Add btrfs device error stats #2193
* [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning #2352
* [BUGFIX] Fix concurrency issue in ethtool collector #2289
* [BUGFIX] Fix concurrency issue in netdev collector #2267
* [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes #2311
* [BUGFIX] Fix iostat on macos broken by deprecation warning #2292
* [BUGFIX] Fix NodeFileDescriptorLimit alerts #2340
* [BUGFIX] Sanitize rapl zone names #2299
* [BUGFIX] Add file descriptor close safely in test #2447
* [BUGFIX] Fix race condition in os_release.go #2454
* [BUGFIX] Skip ZFS IO metrics if their paths are missing #2451
- BuildRequire go1.18 OR HIGHER (previously this was fixed to 1.14)
- Update to 1.3.1
* [BUGFIX] Handle nil CPU thermal power status on M1 #2218
* [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE. #2227
* [BUGFIX] Sanitize UTF-8 in dmi collector #2229
- Exclude s390 arch.
- Update spec file in order to make --version work (bsc#1196652)
golang-github-prometheus-prometheus:
- Update to 2.45.0 (jsc#PED-5406):
* [FEATURE] API: New limit parameter to limit the number of items
returned by `/api/v1/status/tsdb` endpoint.
* [FEATURE] Config: Add limits to global config.
* [FEATURE] Consul SD: Added support for `path_prefix`.
* [FEATURE] Native histograms: Add option to scrape both classic
and native histograms.
* [FEATURE] Native histograms: Added support for two more
arithmetic operators `avg_over_time` and `sum_over_time`.
* [FEATURE] Promtool: When providing the block id, only one block
will be loaded and analyzed.
* [FEATURE] Remote-write: New Azure ad configuration to support
remote writing directly to Azure Monitor workspace.
* [FEATURE] TSDB: Samples per chunk are now configurable with
flag `storage.tsdb.samples-per-chunk`. By default set to its
former value 120.
* [ENHANCEMENT] Native histograms: bucket size can now be limited
to avoid scrape fails.
* [ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL
sooner.
* [BUGFIX] Native histograms: ChunkSeries iterator now checks if
a new sample can be appended to the open chunk.
* [BUGFIX] Native histograms: Fix Histogram Appender
`Appendable()` segfault.
* [BUGFIX] Native histograms: Fix setting reset header to gauge
histograms in seriesToChunkEncoder.
* [BUGFIX] TSDB: Tombstone intervals are not modified after Get()
call.
* [BUGFIX] TSDB: Use path/filepath to set the WAL directory.
- Update to 2.44.0:
* [FEATURE] Remote-read: Handle native histograms.
* [FEATURE] Promtool: Health and readiness check of prometheus
server in CLI.
* [FEATURE] PromQL: Add `query_samples_total` metric, the total
number of samples loaded by all queries.
* [ENHANCEMENT] Storage: Optimise buffer used to iterate through
samples.
* [ENHANCEMENT] Scrape: Reduce memory allocations on target
labels.
* [ENHANCEMENT] PromQL: Use faster heap method for `topk()` /
`bottomk()`.
* [ENHANCEMENT] Rules API: Allow filtering by rule name.
* [ENHANCEMENT] Native Histograms: Various fixes and
improvements.
* [ENHANCEMENT] UI: Search of scraping pools is now
case-insensitive.
* [ENHANCEMENT] TSDB: Add an affirmative log message for
successful WAL repair.
* [BUGFIX] TSDB: Block compaction failed when shutting down.
* [BUGFIX] TSDB: Out-of-order chunks could be ignored if the
write-behind log was deleted.
- Update to 2.43.1
* [BUGFIX] Labels: Set() after Del() would be ignored, which
broke some relabeling rules.
- Update to 2.43.0:
* [FEATURE] Promtool: Add HTTP client configuration to query
commands.
* [FEATURE] Scrape: Add `include_scrape_configs` to include
scrape configs from different files.
* [FEATURE] HTTP client: Add `no_proxy` to exclude URLs from
proxied requests.
* [FEATURE] HTTP client: Add `proxy_from_enviroment` to read
proxies from env variables.
* [ENHANCEMENT] API: Add support for setting lookback delta per
query via the API.
* [ENHANCEMENT] API: Change HTTP status code from 503/422 to 499
if a request is canceled.
* [ENHANCEMENT] Scrape: Allow exemplars for all metric types.
* [ENHANCEMENT] TSDB: Add metrics for head chunks and WAL folders
size.
* [ENHANCEMENT] TSDB: Automatically remove incorrect snapshot
with index that is ahead of WAL.
* [ENHANCEMENT] TSDB: Improve Prometheus parser error outputs to
be more comprehensible.
* [ENHANCEMENT] UI: Scope `group by` labels to metric in
autocompletion.
* [BUGFIX] Scrape: Fix
`prometheus_target_scrape_pool_target_limit` metric not set
before reloading.
* [BUGFIX] TSDB: Correctly update
`prometheus_tsdb_head_chunks_removed_total` and
`prometheus_tsdb_head_chunks` metrics when reading WAL.
* [BUGFIX] TSDB: Use the correct unit (seconds) when recording
out-of-order append deltas in the
`prometheus_tsdb_sample_ooo_delta` metric.
- Update to 2.42.0:
This release comes with a bunch of feature coverage for native
histograms and breaking changes.
If you are trying native histograms already, we recommend you
remove the `wal` directory when upgrading.
Because the old WAL record for native histograms is not
backward compatible in v2.42.0, this will lead to some data
loss for the latest data.
Additionally, if you scrape 'float histograms' or use recording
rules on native histograms in v2.42.0 (which writes float
histograms), it is a one-way street since older versions do not
support float histograms.
* [CHANGE] **breaking** TSDB: Changed WAL record format for the
experimental native histograms.
* [FEATURE] Add 'keep_firing_for' field to alerting rules.
* [FEATURE] Promtool: Add support of selecting timeseries for
TSDB dump.
* [ENHANCEMENT] Agent: Native histogram support.
* [ENHANCEMENT] Rules: Support native histograms in recording
rules.
* [ENHANCEMENT] SD: Add container ID as a meta label for pod
targets for Kubernetes.
* [ENHANCEMENT] SD: Add VM size label to azure service
discovery.
* [ENHANCEMENT] Support native histograms in federation.
* [ENHANCEMENT] TSDB: Add gauge histogram support.
* [ENHANCEMENT] TSDB/Scrape: Support FloatHistogram that
represents buckets as float64 values.
* [ENHANCEMENT] UI: Show individual scrape pools on /targets
page.
- Update to 2.41.0:
* [FEATURE] Relabeling: Add keepequal and dropequal relabel
actions.
* [FEATURE] Add support for HTTP proxy headers.
* [ENHANCEMENT] Reload private certificates when changed on disk.
* [ENHANCEMENT] Add max_version to specify maximum TLS version in
tls_config.
* [ENHANCEMENT] Add goos and goarch labels to
prometheus_build_info.
* [ENHANCEMENT] SD: Add proxy support for EC2 and LightSail SDs.
* [ENHANCEMENT] SD: Add new metric
prometheus_sd_file_watcher_errors_total.
* [ENHANCEMENT] Remote Read: Use a pool to speed up marshalling.
* [ENHANCEMENT] TSDB: Improve handling of tombstoned chunks in
iterators.
* [ENHANCEMENT] TSDB: Optimize postings offset table reading.
* [BUGFIX] Scrape: Validate the metric name, label names, and
label values after relabeling.
* [BUGFIX] Remote Write receiver and rule manager: Fix error
handling.
- Update to 2.40.7:
* [BUGFIX] TSDB: Fix queries involving negative buckets of native
histograms.
- Update to 2.40.5:
* [BUGFIX] TSDB: Fix queries involving native histograms due to
improper reset of iterators.
- Update to 2.40.3:
* [BUGFIX] TSDB: Fix compaction after a deletion is called.
- Update to 2.40.2:
* [BUGFIX] UI: Fix black-on-black metric name color in dark mode.
- Update to 2.40.1:
* [BUGFIX] TSDB: Fix alignment for atomic int64 for 32 bit
architecture.
* [BUGFIX] Scrape: Fix accept headers.
- Update to 2.40.0:
* [FEATURE] Add experimental support for native histograms.
Enable with the flag --enable-feature=native-histograms.
* [FEATURE] SD: Add service discovery for OVHcloud.
* [ENHANCEMENT] Kubernetes SD: Use protobuf encoding.
* [ENHANCEMENT] TSDB: Use golang.org/x/exp/slices for improved
sorting speed.
* [ENHANCEMENT] Consul SD: Add enterprise admin partitions. Adds
__meta_consul_partition label. Adds partition config in
consul_sd_config.
* [BUGFIX] API: Fix API error codes for /api/v1/labels and
/api/v1/series.
- Update to 2.39.1:
* [BUGFIX] Rules: Fix notifier relabel changing the labels on
active alerts.
- Update to 2.39.0:
* [FEATURE] experimental TSDB: Add support for ingesting
out-of-order samples. This is configured via
out_of_order_time_window field in the config file; check config
file docs for more info.
* [ENHANCEMENT] API: /-/healthy and /-/ready API calls now also
respond to a HEAD request on top of existing GET support.
* [ENHANCEMENT] PuppetDB SD: Add __meta_puppetdb_query label.
* [ENHANCEMENT] AWS EC2 SD: Add __meta_ec2_region label.
* [ENHANCEMENT] AWS Lightsail SD: Add __meta_lightsail_region
label.
* [ENHANCEMENT] Scrape: Optimise relabeling by re-using memory.
* [ENHANCEMENT] TSDB: Improve WAL replay timings.
* [ENHANCEMENT] TSDB: Optimise memory by not storing unnecessary
data in the memory.
* [ENHANCEMENT] TSDB: Allow overlapping blocks by default.
--storage.tsdb.allow-overlapping-blocks now has no effect.
* [ENHANCEMENT] UI: Click to copy label-value pair from query
result to clipboard.
* [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a
memory leak.
* [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus
startup.
* [BUGFIX] PromQL: Properly close file descriptor when logging
unfinished queries.
* [BUGFIX] Agent: Fix validation of flag options and prevent WAL
from growing more than desired.
- Update to 2.38.0:
* [FEATURE]: Web: Add a /api/v1/format_query HTTP API endpoint
that allows pretty-formatting PromQL expressions.
* [FEATURE]: UI: Add support for formatting PromQL expressions in
the UI.
* [FEATURE]: DNS SD: Support MX records for discovering targets.
* [FEATURE]: Templates: Add toTime() template function that
allows converting sample timestamps to Go time.Time values.
* [ENHANCEMENT]: Kubernetes SD: Add
__meta_kubernetes_service_port_number meta label indicating the
service port number.
__meta_kubernetes_pod_container_image meta label indicating the
container image.
* [ENHANCEMENT]: PromQL: When a query panics, also log the query
itself alongside the panic message.
* [ENHANCEMENT]: UI: Tweak colors in the dark theme to improve
the contrast ratio.
* [ENHANCEMENT]: Web: Speed up calls to /api/v1/rules by avoiding
locks and using atomic types instead.
* [ENHANCEMENT]: Scrape: Add a no-default-scrape-port feature
flag, which omits or removes any default HTTP (:80) or HTTPS
(:443) ports in the target's scrape address.
* [BUGFIX]: TSDB: In the WAL watcher metrics, expose the
type='exemplar' label instead of type='unknown' for exemplar
records.
* [BUGFIX]: TSDB: Fix race condition around allocating series IDs
during chunk snapshot loading.
- Remove npm_licenses.tar.bz2 during 'make clean'
- Remove web-ui archives during 'make clean'.
- Require promu >= 0.14.0 for building
- Upgrade to version 2.37.6
* Require Go 1.19
- Upgrade to version 2.37.5
* [SECURITY] Security upgrade from go and upstream dependencies
that include security fixes to the net/http and os packages.
- Upgrade to version 2.37.4
* [SECURITY] CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576)
- Upgrade to version 2.37.3
* [BUGFIX] CVE-2022-41715: Update our regexp library to fix upstream vulnerability (bnc#1204023)
* [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a
memory leak.
- Upgrade to version 2.37.2
* [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus
startup.
* [BUGFIX] Agent: Fix validation of flag options and prevent WAL
from growing more than desired.
- Upgrade to version 2.37.1
* [BUGFIX] Properly close file descriptor when logging unfinished
queries.
* [BUGFIX] TSDB: In the WAL watcher metrics, expose the
- Upgrade to version 2.37.0
* [FEATURE] Nomad SD: New service discovery for Nomad built-in
service discovery.
* [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for
endpoint role.
* [ENHANCEMENT] PromQL: Optimise creation of signature
with/without labels.
* [ENHANCEMENT] TSDB: Memory optimizations.
* [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL.
* [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent
header.
* [BUGFIX] Alerting: Fix Alertmanager targets not being updated
when alerts were queued.
* [BUGFIX] Hetzner SD: Make authentication files relative to
Prometheus config file.
* [BUGFIX] Promtool: Fix promtool check config not erroring
properly on failures.
* [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on
reloads.
* [BUGFIX] TSDB: Don't increment
prometheus_tsdb_compactions_failed_total when context is
canceled.
* [BUGFIX] TSDB: Fix panic if series is not found when deleting
series.
* [BUGFIX] TSDB: Increase
prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence
errors.
* [BUGFIX] Uyuni SD: Make authentication files relative to
Prometheus configuration file and fix default configuration
values.
- Upgrade to version 2.36.2
* [BUGFIX] Fix serving of static assets like fonts and favicon.
- Upgrade to version 2.36.1
* [BUGFIX] promtool: Add --lint-fatal option.
- Upgrade to version 2.36.0
* [FEATURE] Add lowercase and uppercase relabel action.
* [FEATURE] SD: Add IONOS Cloud integration.
* [FEATURE] SD: Add Vultr integration.
* [FEATURE] SD: Add Linode SD failure count metric.
* [FEATURE] Add prometheus_ready metric.
* [ENHANCEMENT] Add stripDomain to template function.
* [ENHANCEMENT] UI: Enable active search through dropped targets.
* [ENHANCEMENT] promtool: support matchers when querying label
* [ENHANCEMENT] Add agent mode identifier.
* [BUGFIX] Changing TotalQueryableSamples from int to int64.
* [BUGFIX] tsdb/agent: Ignore duplicate exemplars.
* [BUGFIX] TSDB: Fix chunk overflow appending samples at a
variable rate.
* [BUGFIX] Stop rule manager before TSDB is stopped.
- Upgrade to version 2.35.0
* [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts.
* [CHANGE] promtool: Add new flag --lint (enabled by default) for
the commands check rules and check config, resulting in a new
exit code (3) for linter errors.
* [FEATURE] Support for automatically setting the variable
GOMAXPROCS to the container CPU limit. Enable with the flag
--enable-feature=auto-gomaxprocs.
* [FEATURE] PromQL: Extend statistics with total and peak number
of samples in a query. Additionally, per-step statistics are
available with --enable-feature=promql-per-step-stats and using
stats=all in the query API. Enable with the flag
--enable-feature=per-step-stats.
* [ENHANCEMENT] TSDB: more efficient sorting of postings read from
WAL at startup.
* [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures.
* [ENHANCEMENT] Azure SD: Add an optional resource_group
configuration.
* [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1
EndpointSlice (previously only discovery.k8s.io/v1beta1
EndpointSlice was supported).
* [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to
discovered pods.
* [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch
OAuth2 tokens.
* [ENHANCEMENT] Configuration: Add the ability to disable HTTP2.
* [ENHANCEMENT] Config: Support overriding minimum TLS version.
* [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io.
* [BUGFIX] Fix OpenMetrics parser to sort uppercase labels
correctly.
* [BUGFIX] UI: Fix scrape interval and duration tooltip not
showing on target page.
* [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is
false.
* [BUGFIX] Agent: Fix ID collision when loading a WAL with
multiple segments.
* [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing
the queue.
- Upgrade to version 2.34.0
* [CHANGE] UI: Classic UI removed.
* [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based
tracing.
* [ENHANCEMENT] TSDB: Disable the chunk write queue by default and
allow configuration with the experimental flag
--storage.tsdb.head-chunks-write-queue-size.
* [ENHANCEMENT] HTTP SD: Add a failure counter.
* [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests.
* [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni.
* [ENHANCEMENT] Scrape: Log when an invalid media type is
encountered during a scrape.
* [ENHANCEMENT] Scrape: Accept
application/openmetrics-text;version=1.0.0 in addition to
version=0.0.1.
* [ENHANCEMENT] Remote-read: Add an option to not use external
labels as selectors for remote read.
* [ENHANCEMENT] UI: Optimize the alerts page and add a search bar.
* [ENHANCEMENT] UI: Improve graph colors that were hard to see.
* [ENHANCEMENT] Config: Allow escaping of $ with $$ when using
environment variables with external labels.
* [BUGFIX] PromQL: Properly return an error from
histogram_quantile when metrics have the same labelset.
* [BUGFIX] UI: Fix bug that sets the range input to the
resolution.
* [BUGFIX] TSDB: Fix a query panic when
memory-snapshot-on-shutdown is enabled.
* [BUGFIX] Parser: Specify type in metadata parser errors.
* [BUGFIX] Scrape: Fix label limit changes not applying.
- Upgrade to version 2.33.5
* [BUGFIX] Remote-write: Fix deadlock between adding to queue and
getting batch.
- Upgrade to version 2.33.4
* [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the
disk.
- Upgrade to version 2.33.3
* [BUGFIX] Azure SD: Fix a regression when public IP Address isn't
set.
- Upgrade to version 2.33.2
* [BUGFIX] Azure SD: Fix panic when public IP Address isn't set.
* [BUGFIX] Remote-write: Fix deadlock when stopping a shard.
- Upgrade to version 2.33.1
* [BUGFIX] SD: Fix no such file or directory in K8s SD when not
running inside K8s.
- Upgrade to version 2.33.0
* [CHANGE] PromQL: Promote negative offset and @ modifer to stable
features.
* [CHANGE] Web: Promote remote-write-receiver to stable.
* [FEATURE] Config: Add stripPort template function.
* [FEATURE] Promtool: Add cardinality analysis to check metrics,
enabled by flag --extended.
* [FEATURE] SD: Enable target discovery in own K8s namespace.
* [FEATURE] SD: Add provider ID label in K8s SD.
* [FEATURE] Web: Add limit field to the rules API.
* [ENHANCEMENT] Remote-write: Avoid allocations by buffering
concrete structs instead of interfaces.
* [ENHANCEMENT] Remote-write: Log time series details for
out-of-order samples in remote write receiver.
* [ENHANCEMENT] Remote-write: Shard up more when backlogged.
* [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar
ingest performance.
* [ENHANCEMENT] TSDB: Avoid allocations when popping from the
intersected postings heap.
* [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding
latency spikes in remote-write.
* [ENHANCEMENT] TSDB: Improve label matching performance.
* [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar.
* [ENHANCEMENT] UI: Optimize the target page and add a search bar.
* [BUGFIX] Promtool: Make exit codes more consistent.
* [BUGFIX] Promtool: Fix flakiness of rule testing.
* [BUGFIX] Remote-write: Update
prometheus_remote_storage_queue_highest_sent_timestamp_seconds
metric when write irrecoverably fails.
* [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator.
* [BUGFIX] TSDB: CompactBlockMetas should produce correct
mint/maxt for overlapping blocks.
* [BUGFIX] TSDB: Fix logging of exemplar storage size.
* [BUGFIX] UI: Fix overlapping click targets for the alert state
checkboxes.
* [BUGFIX] UI: Fix Unhealthy filter on target page to actually
display only Unhealthy targets.
* [BUGFIX] UI: Fix autocompletion when expression is empty.
* [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write.
- CVE-2022-46146: Fix authentication bypass by updating Prometheus Exporter Toolkit
to version 0.7.3 (bsc#1208049)
- CVE-2022-41723: Fix uncontrolled resource consumption by updating Go to version
1.20.1 (bsc#1208298)
golang-github-prometheus-promu:
- Always set user and host build metadata to constant string to
achieve reproducible builds (compare reproducible-builds.org)
- Add 0001-do_not_discover_user_host_for_reproducible_builds.patch
- Require Go >= 1.19 for building
- Require Go >= 1.18 for building Red Hat packages
- Update to version 0.14.0 (jsc#PED-3576):
* Add the ability to override tags per GOOS
* Remove ioutil
* Update common Prometheus files (#232) (#224)
* Validate environment variable value
* Set build date from SOURCE_DATE_EPOCH
- Update to Go 1.18
- Exclude s390 architecture.
- Set build date from last changelog modification (bsc#1047218)
- Adapted for Enterprise Linux build.
- Build requires Go 1.15
* Make extldflags extensible by configuration. #125
* Avoid bind-mounting to allow building with a remote docker engine #95
- Update to 0.2.0
+ Features:
* Adding changes to support s390x
* Add option to disable static linking
* Add support for 32bit MIPS.
* Added check_licenses Command to Promu
+ Enhancements:
* Allow to customize nested options via env variables
* Bump Go version to 1.11
* Add warning if promu info is unable to determine repo info
+ Bug Fixes:
* Fix build on SmartOS by not setting gcc's -static flag
* Fix git repository url parsing
- Update to 0.1.0
- Initial version
grafana:
- Update to version 9.5.8:
* Please, check the release notes for further details.
* Security fixes provided in this and previous versions:
* CVE-2023-3128: Authentication bypass using Azure AD OAuth (bsc#1212641, jsc#PED-3694)
* CVE-2023-2801: Prevent crash while executing concurrent mixed queries (bsc#1212099)
* CVE-2023-2183: Require alert.notifications:write permissions to test receivers and templates (bsc#1212100)
* CVE-2023-1387: JWT URL-login flow leaks token to data sources through request parameter in proxy
requests (bsc#1210907, jsc#PED-3694)
* CVE-2023-1410: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645)
* CVE-2020-7753: Regular Expression Denial of Service (ReDoS) in trim function (bsc#1218843)
* CVE-2021-3807: Regular expressionDdenial of Service (ReDoS) matching ANSI escape codes (bsc#1192154)
* CVE-2021-3918: Improperly Controlled Modification of Object Prototype Attributes (bsc#1192696)
* CVE-2021-43138: A malicious user can obtain privileges via the mapValues() method (bsc#1200480)
* CVE-2022-0155: Exposure of Private Personal Information to an Unauthorized Actor (bsc#1218844)
* CVE-2022-31107: OAuth account takeover (bsc#1201539)
* CVE-2022-31097: Stored XSS vulnerability (bsc#1201535)
* CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645)
* CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821)
* CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819)
* CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to
version 0.7.3 (bsc#1208065)
* CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293)
* CVE-2022-23552: SVG: Add dompurify preprocessor step (bsc#1207749)
* CVE-2022-39324: Snapshots: Fix originalUrl spoof security issue (bsc#1207750)
* CVE-2022-39306: Fix for privilege escalation (bsc#1205225)
* CVE-2022-39307: Omit error from http response when user does not
exists (bsc#1205227)
* CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303)
* CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
* CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
* CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304)
* CVE-2022-36062: RBAC folders/dashboards privilege escalation (bsc#1203596, jsc#PED-2145)
* CVE-2022-35957: Escalation from admin to server admin when auth proxy is used (bsc#1203597, jsc#PED-2145)
* CVE-2022-31107: OAuth account takeover (bsc#1201539)
* CVE-2022-31097: Stored XSS vulnerability (bsc#1201535)
* CVE-2022-29170: Request security bypass via malicious redirect (bsc#1199810)
* CVE-2022-31097: XSS vulnerability in the Unified Alerting (bsc#1201535)
* CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539)
* CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)
* CVE-2022-21703: Cross-origin request forgery vulnerability (bsc#1195727)
* CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728)
* CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873)
* CVE-2021-43813: Directory traversal vulnerability for .md files (bsc#1193688)
* CVE-2021-43815: Directory traversal for .csv files (bsc#1193686)
* CVE-2021-43798: arbitrary file read in the graph native plugin (bsc#1193492)
* CVE-2021-43798: Arbitrary file read in the graph native plugin (bsc#1193492)
* CVE-2021-41244: Grafana 8.2.4 released with security fixes (bsc#1192763)
* Security: Fixes CVE-2021-41174, bsc#1192383.
* Security: Update dependencies to fix CVE-2021-36222, bsc#1188571.
kiwi-desc-saltboot:
- Update to version 0.1.1687520761.cefb248
* Add osimage cert package to bootstrap for
SUSE Linux Enterprise 12 images (bsc#1204089)
- Update to version 0.1.1673279145.e7616bd
* Add failsafe stop file when salt-minion does not stop (bsc#1172110)
- Update to version 0.1.1661440542.6cbe0da
* Use standard susemanager.conf
* Use salt bundle
* Add support fo VirtIO disks
mgr-push:
- Version 5.0.1-1
* Bump version to 5.0.0
- Version 4.4.6-1
* Remove unused makefiles
- Version 4.4.5-1
* Use http to connect to localhost server
* Use bundle CA certificate in rhnpush
- Version 4.4.4-1
* remove pylint check at build time
- Version 4.4.3-1
* Ensure installation of make for building
- Version 4.4.2-1
* Update translation strings
- Version 4.4.1-1
* Bump version to 4.4.0
prometheus-blackbox_exporter:
- Use obscpio for go modules service
- Set version number
- Set build date from SOURCE_DATE_EPOCH
- Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
* Requires go1.19
- Avoid empty validation script
- Add rc symlink for backwards compatibility
- Fix authentication bypass via cache poisoning
(CVE-2022-46146, bsc#1208062)
- Add `min_version` parameter of `tls_config` to allow enabling
TLS 1.0 and 1.1 (bsc#1209113)
- On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599)
- Build with go1.18 only for SLE-15-SP3 and
build with >= go1.19 on higher SP (bsc#1203599)
- Require go1.18 (bsc#1203599, GH#19127)
- Exclude s390 arch
- Fix %pre section to avoid empty content
- Updated to allow building on older rpmbuild.
- Enhanced to build on Enterprise Linux 8
prometheus-postgres_exporter:
- Remove duplicated call to systemd requirements
- Do not build debug if RHEL >= 8
- Do not strip if SUSE Linux Enterprise 15 SP3
- Build at least with with Go >= 1.18 on RHEL
- Build with Go >= 1.20 elsewhere
- Adapt the systemd service security configuration
to be able to start it on RHEL systems and clones
- Create the prometheus user for RHEL systems and clones
- Add 0001-Update-prometheus-exporter-toolkit-to-0.7.3.patch
* Fix authentication bypass via cache poisoning
(CVE-2022-46146, bsc#1208060)
- Fix _service to pull correct version
- Use go_modules source service
- Upgrade to version 0.10.1:
* Fix broken log-level for values other than debug (bsc#1208965)
- Version/release lines above first usage of those macros.
gh#uyuni-project/uyuni#5418
- Prevent empty %pre section
- Exclude s390 builds
- Updated for RHEL8.
python-hwdata:
- Declare the LICENSE file as license and not doc
rhnlib:
- Version 5.0.1-1
* Specify a packager for Debian like distros
- Version 4.4.6-1
* Remove unused makefiles
- Version 4.4.5-1
* Use bundle CA certificate in rhnpush
- Version 4.4.4-1
* Only use TLSv1+ for SSL connections
- Version 4.4.3-1
* Ensure installation of make for building
- Version 4.4.2-1
* Don't get stuck at the end of SSL transfers (bsc#1204032)
- Version 4.4.1-1
* Bump version to 4.4.0
spacecmd:
- Version 5.0.1-1
* Use localhost without ssl when running on the server
- Version 4.4.10-1
* Update translation strings
- Version 4.4.9-1
- Version 4.4.8-1
* Add spacecmd function: cryptokey_update
* Bypass traditional systems check on older SUMA instances (bsc#1208612)
* fix argument parsing of distribution_update (bsc#1210458)
- Version 4.4.7-1
* remove pylint check at build time
* Display activation key details after executing the corresponding command (bsc#1208719)
* Show targetted packages before actually removing them (bsc#1207830)
- Version 4.4.6-1
* Fix spacecmd not showing any output for softwarechannel_diff
and softwarechannel_errata_diff (bsc#1207352)
- Version 4.4.5-1
* Prevent string api parameters to be parsed as dates if not in
ISO-8601 format (bsc#1205759)
* Add python-dateutil dependency, required to process date values in
spacecmd api calls
* Remove python3-simplejson dependency
- Version 4.4.4-1
* Correctly understand 'ssm' keyword on scap scheduling
* Add vendor_advisory information to errata_details call (bsc#1205207)
* Change default port of 'Containerized Proxy configuration' 8022
- Version 4.4.3-1
* Added two missing options to schedule product migration: allow-vendor-change
and remove-products-without-successor (bsc#1204126)
* Changed schedule product migration to use the correct API method
* Fix dict_keys not supporting indexing in systems_setconfigchannelorger
* Added a warning message for traditional stack deprecation
* Remove 'Undefined return code' from debug messages (bsc#1203283)
- Version 4.4.2-1
* Stop always showing help for valid proxy_container_config calls
- Version 4.4.1-1
* Process date values in spacecmd api calls (bsc#1198903)
* Improve Proxy FQDN hint message
- Version 4.3.14-1
* Fix missing argument on system_listmigrationtargets (bsc#1201003)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
* Change proxy container config default filename to end with tar.gz
- Version 4.3.13-1
* Update translation strings
- Version 4.3.12-1
* Update translation strings
- Version 4.3.11-1
* on full system update call schedulePackageUpdate API (bsc#1197507)
spacewalk-client-tools:
- Version 5.0.1-1
* Bump version to 5.0.0
- Version 4.4.7-1
* Remove unused and deprecated/removed platform.dist import.
- Version 4.4.6-1
* Update translation strings
* Tito requires to list the package source as %{name}-%{version}.tar.gz
- Version 4.4.5-1
* remove mgr-virtualization usage
* remove dependency to suseRegisterInfo
- Version 4.4.4-1
* Update translation strings
- Version 4.4.3-1
* Update translation strings
- Version 4.4.2-1
* Update translation strings
- Version 4.4.1-1
* Update translation strings
- Version 4.3.11-1
* Update translation strings
- Version 4.3.10-1
supportutils-plugin-salt:
- Update to version 1.2.2
* Remove possible passwords from Salt configuration files (bsc#1201059)
- Update to version 1.2.1
* Remove ERROR messages on Salt client systems
- Declare the LICENSE file as license and not doc
- Update to version 1.2.0
* Add support for Salt Bundle
supportutils-plugin-susemanager-client:
- Version 5.0.1-1
* Bump version to 5.0.0
- Version 4.4.2-1
* write configured crypto-policy in supportconfig
* add cloud and payg checks
- Version 4.4.1-1
* Bump version to 4.4.0
- Version 4.3.2-1
* Add proxy containers config and logs
uyuni-common-libs:
- Version 5.0.1-1
* Bump version to 5.0.0
- Version 4.4.4-1
* Workaround for python3-debian bug about collecting control file (bsc#1211525, bsc#1208692)
* Accept missing rhn.conf file
* Use context manager for apache users in fileutils.py.
- Version 4.4.3-1
* Ensure installation of make for building.
* Use versioned Python during packaging.
- Version 4.4.2-1
* unify user notification code on java side
- Version 4.4.1-1
* Do not allow creating path if nonexistent user or group in fileutils.
- Version 4.3.5-1
* Fix reposync issue about 'rpm.hdr' object has no attribute 'get'
Patchnames
SUSE-2024-191,SUSE-SLE-Manager-Tools-12-BETA-2024-191
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security Beta update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "This update fixes the following issues:\n\ngolang-github-QubitProducts-exporter_exporter:\n\n- Exclude s390 arch \n- Adapted to build on Enterprise Linux.\n- Fix build for RedHat 7\n- Require Go >= 1.14 also for CentOS\n- Add support for CentOS\n- Replace %{?systemd_requires} with %{?systemd_ordering}\n\ngolang-github-boynux-squid_exporter:\n\n- Exclude s390 architecture (gh#SUSE/spacewalk#19050)\n- Enhanced to build on Enterprise Linux 8.\n\ngolang-github-lusitaniae-apache_exporter:\n\n- Do not strip if SUSE Linux Enterprise 15 SP3\n- Exclude debug for RHEL >= 8\n- Build with Go >= 1.20 when the OS is not RHEL\n- Fix apparmor profile for SLE 12\n- Upgrade to version 1.0.0 (jsc#PED-5405)\n * Improved flag parsing\n * Added support for custom headers\n- Build using promu\n- Fix sandboxing options\n- Upgrade to version 0.13.4\n * CVE-2022-32149: Fix denial of service vulnerability (bsc#1204501)\n- Upgrade to version 0.13.3\n * CVE-2022-41723: Fix uncontrolled resource consumption (bsc#1208270)\n- Upgrade to version 0.13.1\n * Fix panic caused by missing flagConfig options\n- Upgrade to version 0.13.0\n * CVE-2022-46146: Fix authentication bypass vulnarability (bsc#1208046)\n- Corrected comment in AppArmor profile\n- Added AppArmor profile\n- Added sandboxing options to systemd service unit\n- Exclude s390 architecture (gh#SUSE/spacewalk#19050)\n- Update to upstream release 0.11.0 (jsc#SLE-24791)\n * Add TLS support\n * Switch to logger, please check --log.level and --log.format flags\n- Update to version 0.10.1\n * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data\n- Update to version 0.10.0\n * Add Apache Proxy and other metrics\n- Update to version 0.8.0\n * Change commandline flags\n * Add metrics: Apache version, request duration total\n- Adapted to build on Enterprise Linux 8\n- Require building with Go 1.15\n- Add support for RedHat 8\n - Adjust dependencies on spec file \n - Disable dwarf compression in go build\n- Add support for Red Hat\n- Add %license macro for LICENSE file \n\ngolang-github-prometheus-alertmanager:\n\n- Do not create PIE for s390x architecture\n- Require Go 1.20 or newer for building\n- Remove not used build flags\n- Create position independent executables (PIE)\n- Disable striping the binaries only for SLE 15 SP3\n- Add System/Monitoring group tag\n- Rework service file to use obscpio\n * Run tar and recompress services at buildtime\n * Do not generate automatically changelog entries\n- Update to version 0.26.0 (jsc#PED-7353):\n https://github.com/prometheus/alertmanager/releases/tag/v0.26.0\n * CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI (bsc#1218838)\n * Configuration: Fix empty list of receivers and inhibit_rules would cause the alertmanager to crash\n * Templating: Fixed a race condition when using the title\n function. It is now race-safe\n * API: Fixed duplicate receiver names in the api/v2/receivers API\n endpoint\n * API: Attempting to delete a silence now returns the correct\n status code, 404 instead of 500\n * Clustering: Fixes a panic when tls_client_config is empty\n * Webhook: url is now marked as a secret. It will no longer show\n up in the logs as clear-text\n * Metrics: New label reason for\n alertmanager_notifications_failed_total metric to indicate the\n type of error of the alert delivery\n * Clustering: New flag --cluster.label, to help to block any\n traffic that is not meant for the cluster\n * Integrations: Add Microsoft Teams as a supported integration\n- Update to version 0.25.0:\n https://github.com/prometheus/alertmanager/releases/tag/v0.25.0\n * Fail configuration loading if api_key and api_key_file are\n defined at the same time\n * Fix the alertmanager_alerts metric to avoid counting resolved\n alerts as active. Also added a new alertmanager_marked_alerts\n metric that retain the old behavior\n * Trim contents of Slack API URLs when reading from files\n * amtool: Avoid panic when the label value matcher is empty\n * Fail configuration loading if api_url is empty for OpsGenie\n * Fix email template for resolved notifications\n * Add proxy_url support for OAuth2 in HTTP client configuration\n * Reload TLS certificate and key from disk when updated\n * Add Discord integration\n * Add Webex integration\n * Add min_version support to select the minimum TLS version in\n HTTP client configuration\n * Add max_version support to select the maximum TLS version in\n * Emit warning logs when truncating messages in notifications\n * Support HEAD method for the /-/healty and /-/ready endpoints\n * Add support for reading global and local SMTP passwords from\n files\n * UI: Add 'Link' button to alerts in list\n * UI: Allow to choose the first day of the week as Sunday or\n Monday\n- Update to version 0.24.0:\n https://github.com/prometheus/alertmanager/releases/tag/v0.24.0\n * Fix HTTP client configuration for the SNS receiver\n * Fix unclosed file descriptor after reading the silences\n snapshot file\n * Fix field names for mute_time_intervals in JSON marshaling\n * Ensure that the root route doesn't have any matchers\n * Truncate the message's title to 1024 chars to avoid hitting\n Slack limits\n * Fix the default HTML email template (email.default.html) to\n match with the canonical source\n * Detect SNS FIFO topic based on the rendered value\n * Avoid deleting and recreating a silence when an update is\n possible\n * api/v2: Return 200 OK when deleting an expired silence\n * amtool: Fix the silence's end date when adding a silence. The\n end date is (start date + duration) while it used to be\n (current time + duration). The new behavior is consistent with\n the update operation\n * Add the /api/v2 prefix to all endpoints in the OpenAPI\n specification and generated client code\n * Add --cluster.tls-config experimental flag to secure cluster\n traffic via mutual TLS\n * Add Telegram integration\n- CVE-2022-46146: Prevent authentication bypass via cache poisoning (bsc#1208051)\n- Do not include sources (bsc#1200725)\n\ngolang-github-prometheus-node_exporter:\n\n- Remove node_exporter-1.5.0.tar.gz\n- Execute tar and recompress service modules at buildtime\n- Update to 1.5.0 (jsc#PED-3578):\n * NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the\n concurrency of the exporter to 1 CPU thread at a time in order to avoid a\n race condition problem in the Linux kernel (#2500) and parallel IO issues\n on nodes with high numbers of CPUs/CPU threads (#1880).\n * [CHANGE] Default GOMAXPROCS to 1 #2530\n * [FEATURE] Add multiple listeners and systemd socket listener activation #2393\n * [ENHANCEMENT] Add RTNL version of netclass collector #2492, #2528\n * [BUGFIX] Fix hwmon label sanitizer #2504\n * [BUGFIX] Use native endianness when encoding InetDiagMsg #2508\n * [BUGFIX] Fix btrfs device stats always being zero #2516\n- Update to 1.4.1:\n * [BUGFIX] Fix diskstats exclude flags #2487\n * [SECURITY] CVE-2022-27191, CVE-2022-27664: Update go/x/crypto and go/x/net (bsc#1197284, bsc#1203185)\n * [SECURITY] CVE-2022-46146: Update exporter-toolkit (bsc#1208064)\n- Update to 1.4.0:\n * [CHANGE] Merge metrics descriptions in textfile collector #2475\n * [FEATURE] [node-mixin] Add darwin dashboard to mixin #2351\n * [FEATURE] Add 'isolated' metric on cpu collector on linux #2251\n * [FEATURE] Add cgroup summary collector #2408\n * [FEATURE] Add selinux collector #2205\n * [FEATURE] Add slab info collector #2376\n * [FEATURE] Add sysctl collector #2425\n * [FEATURE] Also track the CPU Spin time for OpenBSD systems #1971\n * [FEATURE] Add support for MacOS version #2471\n * [ENHANCEMENT] [node-mixin] Add missing selectors #2426\n * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default #2281\n * [ENHANCEMENT] [node-mixin] Change disk graph to disk table #2364\n * [ENHANCEMENT] [node-mixin] Change io time units to %util #2375\n * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd #2266\n * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin #2240\n * [ENHANCEMENT] Add device filter flags to arp collector #2254\n * [ENHANCEMENT] Add diskstats include and exclude device flags #2417\n * [ENHANCEMENT] Add node_softirqs_total metric #2221\n * [ENHANCEMENT] Add rapl zone name label option #2401\n * [ENHANCEMENT] Add slabinfo collector #1799\n * [ENHANCEMENT] Allow user to select port on NTP server to query #2270\n * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev #2404\n * [ENHANCEMENT] Enable builds against older macOS SDK #2327\n * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name #2432\n * [ENHANCEMENT] systemd: Expose systemd minor version #2282\n * [ENHANCEMENT] Use netlink for tcpstat collector #2322\n * [ENHANCEMENT] Use netlink to get netdev stats #2074\n * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles #2191\n * [ENHANCEMENT] Add btrfs device error stats #2193\n * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning #2352\n * [BUGFIX] Fix concurrency issue in ethtool collector #2289\n * [BUGFIX] Fix concurrency issue in netdev collector #2267\n * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes #2311\n * [BUGFIX] Fix iostat on macos broken by deprecation warning #2292\n * [BUGFIX] Fix NodeFileDescriptorLimit alerts #2340\n * [BUGFIX] Sanitize rapl zone names #2299\n * [BUGFIX] Add file descriptor close safely in test #2447\n * [BUGFIX] Fix race condition in os_release.go #2454\n * [BUGFIX] Skip ZFS IO metrics if their paths are missing #2451\n- BuildRequire go1.18 OR HIGHER (previously this was fixed to 1.14)\n- Update to 1.3.1\n * [BUGFIX] Handle nil CPU thermal power status on M1 #2218\n * [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE. #2227\n * [BUGFIX] Sanitize UTF-8 in dmi collector #2229\n- Exclude s390 arch.\n- Update spec file in order to make --version work (bsc#1196652)\n\ngolang-github-prometheus-prometheus:\n\n- Update to 2.45.0 (jsc#PED-5406):\n * [FEATURE] API: New limit parameter to limit the number of items\n returned by `/api/v1/status/tsdb` endpoint. \n * [FEATURE] Config: Add limits to global config. \n * [FEATURE] Consul SD: Added support for `path_prefix`. \n * [FEATURE] Native histograms: Add option to scrape both classic\n and native histograms. \n * [FEATURE] Native histograms: Added support for two more\n arithmetic operators `avg_over_time` and `sum_over_time`.\n * [FEATURE] Promtool: When providing the block id, only one block\n will be loaded and analyzed. \n * [FEATURE] Remote-write: New Azure ad configuration to support\n remote writing directly to Azure Monitor workspace. \n * [FEATURE] TSDB: Samples per chunk are now configurable with\n flag `storage.tsdb.samples-per-chunk`. By default set to its\n former value 120. \n * [ENHANCEMENT] Native histograms: bucket size can now be limited\n to avoid scrape fails. \n * [ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL\n sooner. \n * [BUGFIX] Native histograms: ChunkSeries iterator now checks if\n a new sample can be appended to the open chunk. \n * [BUGFIX] Native histograms: Fix Histogram Appender\n `Appendable()` segfault. \n * [BUGFIX] Native histograms: Fix setting reset header to gauge\n histograms in seriesToChunkEncoder. \n * [BUGFIX] TSDB: Tombstone intervals are not modified after Get()\n call. \n * [BUGFIX] TSDB: Use path/filepath to set the WAL directory.\n- Update to 2.44.0:\n * [FEATURE] Remote-read: Handle native histograms. \n * [FEATURE] Promtool: Health and readiness check of prometheus\n server in CLI. \n * [FEATURE] PromQL: Add `query_samples_total` metric, the total\n number of samples loaded by all queries.\n * [ENHANCEMENT] Storage: Optimise buffer used to iterate through\n samples.\n * [ENHANCEMENT] Scrape: Reduce memory allocations on target\n labels.\n * [ENHANCEMENT] PromQL: Use faster heap method for `topk()` /\n `bottomk()`.\n * [ENHANCEMENT] Rules API: Allow filtering by rule name.\n * [ENHANCEMENT] Native Histograms: Various fixes and\n improvements.\n * [ENHANCEMENT] UI: Search of scraping pools is now\n case-insensitive.\n * [ENHANCEMENT] TSDB: Add an affirmative log message for\n successful WAL repair.\n * [BUGFIX] TSDB: Block compaction failed when shutting down.\n * [BUGFIX] TSDB: Out-of-order chunks could be ignored if the\n write-behind log was deleted.\n- Update to 2.43.1\n * [BUGFIX] Labels: Set() after Del() would be ignored, which\n broke some relabeling rules.\n- Update to 2.43.0:\n * [FEATURE] Promtool: Add HTTP client configuration to query\n commands.\n * [FEATURE] Scrape: Add `include_scrape_configs` to include\n scrape configs from different files.\n * [FEATURE] HTTP client: Add `no_proxy` to exclude URLs from\n proxied requests.\n * [FEATURE] HTTP client: Add `proxy_from_enviroment` to read\n proxies from env variables.\n * [ENHANCEMENT] API: Add support for setting lookback delta per\n query via the API.\n * [ENHANCEMENT] API: Change HTTP status code from 503/422 to 499\n if a request is canceled.\n * [ENHANCEMENT] Scrape: Allow exemplars for all metric types.\n * [ENHANCEMENT] TSDB: Add metrics for head chunks and WAL folders\n size.\n * [ENHANCEMENT] TSDB: Automatically remove incorrect snapshot\n with index that is ahead of WAL.\n * [ENHANCEMENT] TSDB: Improve Prometheus parser error outputs to\n be more comprehensible.\n * [ENHANCEMENT] UI: Scope `group by` labels to metric in\n autocompletion.\n * [BUGFIX] Scrape: Fix\n `prometheus_target_scrape_pool_target_limit` metric not set\n before reloading.\n * [BUGFIX] TSDB: Correctly update\n `prometheus_tsdb_head_chunks_removed_total` and\n `prometheus_tsdb_head_chunks` metrics when reading WAL.\n * [BUGFIX] TSDB: Use the correct unit (seconds) when recording\n out-of-order append deltas in the\n `prometheus_tsdb_sample_ooo_delta` metric.\n- Update to 2.42.0:\n This release comes with a bunch of feature coverage for native\n histograms and breaking changes.\n If you are trying native histograms already, we recommend you\n remove the `wal` directory when upgrading.\n Because the old WAL record for native histograms is not\n backward compatible in v2.42.0, this will lead to some data\n loss for the latest data.\n Additionally, if you scrape 'float histograms' or use recording\n rules on native histograms in v2.42.0 (which writes float\n histograms), it is a one-way street since older versions do not\n support float histograms.\n * [CHANGE] **breaking** TSDB: Changed WAL record format for the\n experimental native histograms.\n * [FEATURE] Add 'keep_firing_for' field to alerting rules.\n * [FEATURE] Promtool: Add support of selecting timeseries for\n TSDB dump.\n * [ENHANCEMENT] Agent: Native histogram support.\n * [ENHANCEMENT] Rules: Support native histograms in recording\n rules.\n * [ENHANCEMENT] SD: Add container ID as a meta label for pod\n targets for Kubernetes.\n * [ENHANCEMENT] SD: Add VM size label to azure service\n discovery.\n * [ENHANCEMENT] Support native histograms in federation.\n * [ENHANCEMENT] TSDB: Add gauge histogram support.\n * [ENHANCEMENT] TSDB/Scrape: Support FloatHistogram that\n represents buckets as float64 values.\n * [ENHANCEMENT] UI: Show individual scrape pools on /targets\n page.\n- Update to 2.41.0:\n * [FEATURE] Relabeling: Add keepequal and dropequal relabel\n actions.\n * [FEATURE] Add support for HTTP proxy headers. \n * [ENHANCEMENT] Reload private certificates when changed on disk.\n * [ENHANCEMENT] Add max_version to specify maximum TLS version in\n tls_config.\n * [ENHANCEMENT] Add goos and goarch labels to\n prometheus_build_info.\n * [ENHANCEMENT] SD: Add proxy support for EC2 and LightSail SDs.\n * [ENHANCEMENT] SD: Add new metric\n prometheus_sd_file_watcher_errors_total.\n * [ENHANCEMENT] Remote Read: Use a pool to speed up marshalling.\n * [ENHANCEMENT] TSDB: Improve handling of tombstoned chunks in\n iterators.\n * [ENHANCEMENT] TSDB: Optimize postings offset table reading.\n * [BUGFIX] Scrape: Validate the metric name, label names, and\n label values after relabeling.\n * [BUGFIX] Remote Write receiver and rule manager: Fix error\n handling.\n- Update to 2.40.7:\n * [BUGFIX] TSDB: Fix queries involving negative buckets of native\n histograms.\n- Update to 2.40.5:\n * [BUGFIX] TSDB: Fix queries involving native histograms due to\n improper reset of iterators.\n- Update to 2.40.3:\n * [BUGFIX] TSDB: Fix compaction after a deletion is called.\n- Update to 2.40.2:\n * [BUGFIX] UI: Fix black-on-black metric name color in dark mode.\n- Update to 2.40.1:\n * [BUGFIX] TSDB: Fix alignment for atomic int64 for 32 bit\n architecture.\n * [BUGFIX] Scrape: Fix accept headers.\n- Update to 2.40.0:\n * [FEATURE] Add experimental support for native histograms.\n Enable with the flag --enable-feature=native-histograms.\n * [FEATURE] SD: Add service discovery for OVHcloud.\n * [ENHANCEMENT] Kubernetes SD: Use protobuf encoding.\n * [ENHANCEMENT] TSDB: Use golang.org/x/exp/slices for improved\n sorting speed.\n * [ENHANCEMENT] Consul SD: Add enterprise admin partitions. Adds\n __meta_consul_partition label. Adds partition config in\n consul_sd_config.\n * [BUGFIX] API: Fix API error codes for /api/v1/labels and\n /api/v1/series.\n- Update to 2.39.1:\n * [BUGFIX] Rules: Fix notifier relabel changing the labels on\n active alerts.\n- Update to 2.39.0:\n * [FEATURE] experimental TSDB: Add support for ingesting\n out-of-order samples. This is configured via\n out_of_order_time_window field in the config file; check config\n file docs for more info.\n * [ENHANCEMENT] API: /-/healthy and /-/ready API calls now also\n respond to a HEAD request on top of existing GET support.\n * [ENHANCEMENT] PuppetDB SD: Add __meta_puppetdb_query label.\n * [ENHANCEMENT] AWS EC2 SD: Add __meta_ec2_region label.\n * [ENHANCEMENT] AWS Lightsail SD: Add __meta_lightsail_region\n label.\n * [ENHANCEMENT] Scrape: Optimise relabeling by re-using memory.\n * [ENHANCEMENT] TSDB: Improve WAL replay timings.\n * [ENHANCEMENT] TSDB: Optimise memory by not storing unnecessary\n data in the memory.\n * [ENHANCEMENT] TSDB: Allow overlapping blocks by default.\n --storage.tsdb.allow-overlapping-blocks now has no effect.\n * [ENHANCEMENT] UI: Click to copy label-value pair from query\n result to clipboard.\n * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a\n memory leak.\n * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus\n startup.\n * [BUGFIX] PromQL: Properly close file descriptor when logging\n unfinished queries.\n * [BUGFIX] Agent: Fix validation of flag options and prevent WAL\n from growing more than desired.\n- Update to 2.38.0:\n * [FEATURE]: Web: Add a /api/v1/format_query HTTP API endpoint\n that allows pretty-formatting PromQL expressions.\n * [FEATURE]: UI: Add support for formatting PromQL expressions in\n the UI.\n * [FEATURE]: DNS SD: Support MX records for discovering targets.\n * [FEATURE]: Templates: Add toTime() template function that\n allows converting sample timestamps to Go time.Time values.\n * [ENHANCEMENT]: Kubernetes SD: Add\n __meta_kubernetes_service_port_number meta label indicating the\n service port number.\n __meta_kubernetes_pod_container_image meta label indicating the\n container image.\n * [ENHANCEMENT]: PromQL: When a query panics, also log the query\n itself alongside the panic message.\n * [ENHANCEMENT]: UI: Tweak colors in the dark theme to improve\n the contrast ratio.\n * [ENHANCEMENT]: Web: Speed up calls to /api/v1/rules by avoiding\n locks and using atomic types instead.\n * [ENHANCEMENT]: Scrape: Add a no-default-scrape-port feature\n flag, which omits or removes any default HTTP (:80) or HTTPS\n (:443) ports in the target's scrape address.\n * [BUGFIX]: TSDB: In the WAL watcher metrics, expose the\n type='exemplar' label instead of type='unknown' for exemplar\n records.\n * [BUGFIX]: TSDB: Fix race condition around allocating series IDs\n during chunk snapshot loading.\n- Remove npm_licenses.tar.bz2 during 'make clean'\n- Remove web-ui archives during 'make clean'.\n- Require promu >= 0.14.0 for building\n- Upgrade to version 2.37.6\n * Require Go 1.19\n- Upgrade to version 2.37.5\n * [SECURITY] Security upgrade from go and upstream dependencies\n that include security fixes to the net/http and os packages.\n- Upgrade to version 2.37.4\n * [SECURITY] CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576)\n- Upgrade to version 2.37.3\n * [BUGFIX] CVE-2022-41715: Update our regexp library to fix upstream vulnerability (bnc#1204023)\n * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a\n memory leak.\n- Upgrade to version 2.37.2\n * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus\n startup.\n * [BUGFIX] Agent: Fix validation of flag options and prevent WAL\n from growing more than desired.\n- Upgrade to version 2.37.1\n * [BUGFIX] Properly close file descriptor when logging unfinished\n queries.\n * [BUGFIX] TSDB: In the WAL watcher metrics, expose the\n- Upgrade to version 2.37.0\n * [FEATURE] Nomad SD: New service discovery for Nomad built-in\n service discovery.\n * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for\n endpoint role.\n * [ENHANCEMENT] PromQL: Optimise creation of signature\n with/without labels.\n * [ENHANCEMENT] TSDB: Memory optimizations.\n * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL.\n * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent\n header.\n * [BUGFIX] Alerting: Fix Alertmanager targets not being updated\n when alerts were queued.\n * [BUGFIX] Hetzner SD: Make authentication files relative to\n Prometheus config file.\n * [BUGFIX] Promtool: Fix promtool check config not erroring\n properly on failures.\n * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on\n reloads.\n * [BUGFIX] TSDB: Don't increment\n prometheus_tsdb_compactions_failed_total when context is\n canceled.\n * [BUGFIX] TSDB: Fix panic if series is not found when deleting\n series.\n * [BUGFIX] TSDB: Increase\n prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence\n errors.\n * [BUGFIX] Uyuni SD: Make authentication files relative to\n Prometheus configuration file and fix default configuration\n values.\n- Upgrade to version 2.36.2\n * [BUGFIX] Fix serving of static assets like fonts and favicon.\n- Upgrade to version 2.36.1\n * [BUGFIX] promtool: Add --lint-fatal option.\n- Upgrade to version 2.36.0\n * [FEATURE] Add lowercase and uppercase relabel action.\n * [FEATURE] SD: Add IONOS Cloud integration.\n * [FEATURE] SD: Add Vultr integration.\n * [FEATURE] SD: Add Linode SD failure count metric.\n * [FEATURE] Add prometheus_ready metric.\n * [ENHANCEMENT] Add stripDomain to template function.\n * [ENHANCEMENT] UI: Enable active search through dropped targets.\n * [ENHANCEMENT] promtool: support matchers when querying label\n * [ENHANCEMENT] Add agent mode identifier.\n * [BUGFIX] Changing TotalQueryableSamples from int to int64.\n * [BUGFIX] tsdb/agent: Ignore duplicate exemplars.\n * [BUGFIX] TSDB: Fix chunk overflow appending samples at a\n variable rate.\n * [BUGFIX] Stop rule manager before TSDB is stopped.\n- Upgrade to version 2.35.0\n * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts.\n * [CHANGE] promtool: Add new flag --lint (enabled by default) for\n the commands check rules and check config, resulting in a new\n exit code (3) for linter errors.\n * [FEATURE] Support for automatically setting the variable\n GOMAXPROCS to the container CPU limit. Enable with the flag\n --enable-feature=auto-gomaxprocs.\n * [FEATURE] PromQL: Extend statistics with total and peak number\n of samples in a query. Additionally, per-step statistics are\n available with --enable-feature=promql-per-step-stats and using\n stats=all in the query API. Enable with the flag\n --enable-feature=per-step-stats.\n * [ENHANCEMENT] TSDB: more efficient sorting of postings read from\n WAL at startup.\n * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures.\n * [ENHANCEMENT] Azure SD: Add an optional resource_group\n configuration.\n * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1\n EndpointSlice (previously only discovery.k8s.io/v1beta1\n EndpointSlice was supported).\n * [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to\n discovered pods.\n * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch\n OAuth2 tokens.\n * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2.\n * [ENHANCEMENT] Config: Support overriding minimum TLS version.\n * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io.\n * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels\n correctly.\n * [BUGFIX] UI: Fix scrape interval and duration tooltip not\n showing on target page.\n * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is\n false.\n * [BUGFIX] Agent: Fix ID collision when loading a WAL with\n multiple segments.\n * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing\n the queue.\n- Upgrade to version 2.34.0\n * [CHANGE] UI: Classic UI removed.\n * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based\n tracing.\n * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and\n allow configuration with the experimental flag\n --storage.tsdb.head-chunks-write-queue-size.\n * [ENHANCEMENT] HTTP SD: Add a failure counter.\n * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests.\n * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni.\n * [ENHANCEMENT] Scrape: Log when an invalid media type is\n encountered during a scrape.\n * [ENHANCEMENT] Scrape: Accept\n application/openmetrics-text;version=1.0.0 in addition to\n version=0.0.1.\n * [ENHANCEMENT] Remote-read: Add an option to not use external\n labels as selectors for remote read.\n * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar.\n * [ENHANCEMENT] UI: Improve graph colors that were hard to see.\n * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using\n environment variables with external labels.\n * [BUGFIX] PromQL: Properly return an error from\n histogram_quantile when metrics have the same labelset.\n * [BUGFIX] UI: Fix bug that sets the range input to the\n resolution.\n * [BUGFIX] TSDB: Fix a query panic when\n memory-snapshot-on-shutdown is enabled.\n * [BUGFIX] Parser: Specify type in metadata parser errors.\n * [BUGFIX] Scrape: Fix label limit changes not applying.\n- Upgrade to version 2.33.5\n * [BUGFIX] Remote-write: Fix deadlock between adding to queue and\n getting batch.\n- Upgrade to version 2.33.4\n * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the\n disk.\n- Upgrade to version 2.33.3\n * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't\n set.\n- Upgrade to version 2.33.2\n * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set.\n * [BUGFIX] Remote-write: Fix deadlock when stopping a shard.\n- Upgrade to version 2.33.1\n * [BUGFIX] SD: Fix no such file or directory in K8s SD when not\n running inside K8s.\n- Upgrade to version 2.33.0\n * [CHANGE] PromQL: Promote negative offset and @ modifer to stable\n features.\n * [CHANGE] Web: Promote remote-write-receiver to stable.\n * [FEATURE] Config: Add stripPort template function.\n * [FEATURE] Promtool: Add cardinality analysis to check metrics,\n enabled by flag --extended.\n * [FEATURE] SD: Enable target discovery in own K8s namespace.\n * [FEATURE] SD: Add provider ID label in K8s SD.\n * [FEATURE] Web: Add limit field to the rules API.\n * [ENHANCEMENT] Remote-write: Avoid allocations by buffering\n concrete structs instead of interfaces.\n * [ENHANCEMENT] Remote-write: Log time series details for\n out-of-order samples in remote write receiver.\n * [ENHANCEMENT] Remote-write: Shard up more when backlogged.\n * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar\n ingest performance.\n * [ENHANCEMENT] TSDB: Avoid allocations when popping from the\n intersected postings heap.\n * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding\n latency spikes in remote-write.\n * [ENHANCEMENT] TSDB: Improve label matching performance.\n * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar.\n * [ENHANCEMENT] UI: Optimize the target page and add a search bar.\n * [BUGFIX] Promtool: Make exit codes more consistent.\n * [BUGFIX] Promtool: Fix flakiness of rule testing.\n * [BUGFIX] Remote-write: Update\n prometheus_remote_storage_queue_highest_sent_timestamp_seconds\n metric when write irrecoverably fails.\n * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator.\n * [BUGFIX] TSDB: CompactBlockMetas should produce correct\n mint/maxt for overlapping blocks.\n * [BUGFIX] TSDB: Fix logging of exemplar storage size.\n * [BUGFIX] UI: Fix overlapping click targets for the alert state\n checkboxes.\n * [BUGFIX] UI: Fix Unhealthy filter on target page to actually\n display only Unhealthy targets.\n * [BUGFIX] UI: Fix autocompletion when expression is empty.\n * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write.\n- CVE-2022-46146: Fix authentication bypass by updating Prometheus Exporter Toolkit\n to version 0.7.3 (bsc#1208049)\n- CVE-2022-41723: Fix uncontrolled resource consumption by updating Go to version\n 1.20.1 (bsc#1208298)\n\ngolang-github-prometheus-promu:\n\n- Always set user and host build metadata to constant string to\n achieve reproducible builds (compare reproducible-builds.org)\n- Add 0001-do_not_discover_user_host_for_reproducible_builds.patch\n- Require Go >= 1.19 for building\n- Require Go >= 1.18 for building Red Hat packages\n- Update to version 0.14.0 (jsc#PED-3576):\n * Add the ability to override tags per GOOS\n * Remove ioutil\n * Update common Prometheus files (#232) (#224)\n * Validate environment variable value\n * Set build date from SOURCE_DATE_EPOCH\n- Update to Go 1.18\n- Exclude s390 architecture.\n- Set build date from last changelog modification (bsc#1047218)\n- Adapted for Enterprise Linux build.\n- Build requires Go 1.15\n * Make extldflags extensible by configuration. #125\n * Avoid bind-mounting to allow building with a remote docker engine #95\n- Update to 0.2.0\n + Features:\n * Adding changes to support s390x\n * Add option to disable static linking\n * Add support for 32bit MIPS.\n * Added check_licenses Command to Promu\n + Enhancements:\n * Allow to customize nested options via env variables\n * Bump Go version to 1.11\n * Add warning if promu info is unable to determine repo info\n + Bug Fixes:\n * Fix build on SmartOS by not setting gcc's -static flag\n * Fix git repository url parsing\n- Update to 0.1.0\n- Initial version\n\ngrafana:\n\n- Update to version 9.5.8:\n * Please, check the release notes for further details.\n * Security fixes provided in this and previous versions:\n * CVE-2023-3128: Authentication bypass using Azure AD OAuth (bsc#1212641, jsc#PED-3694)\n * CVE-2023-2801: Prevent crash while executing concurrent mixed queries (bsc#1212099)\n * CVE-2023-2183: Require alert.notifications:write permissions to test receivers and templates (bsc#1212100)\n * CVE-2023-1387: JWT URL-login flow leaks token to data sources through request parameter in proxy \n requests (bsc#1210907, jsc#PED-3694)\n * CVE-2023-1410: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645)\n * CVE-2020-7753: Regular Expression Denial of Service (ReDoS) in trim function (bsc#1218843)\n * CVE-2021-3807: Regular expressionDdenial of Service (ReDoS) matching ANSI escape codes (bsc#1192154)\n * CVE-2021-3918: Improperly Controlled Modification of Object Prototype Attributes (bsc#1192696)\n * CVE-2021-43138: A malicious user can obtain privileges via the mapValues() method (bsc#1200480)\n * CVE-2022-0155: Exposure of Private Personal Information to an Unauthorized Actor (bsc#1218844)\n * CVE-2022-31107: OAuth account takeover (bsc#1201539)\n * CVE-2022-31097: Stored XSS vulnerability (bsc#1201535)\n * CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645)\n * CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821)\n * CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819)\n * CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to \n version 0.7.3 (bsc#1208065)\n * CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293)\n * CVE-2022-23552: SVG: Add dompurify preprocessor step (bsc#1207749)\n * CVE-2022-39324: Snapshots: Fix originalUrl spoof security issue (bsc#1207750)\n * CVE-2022-39306: Fix for privilege escalation (bsc#1205225)\n * CVE-2022-39307: Omit error from http response when user does not\n exists (bsc#1205227)\n * CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303)\n * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)\n * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)\n * CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304)\n * CVE-2022-36062: RBAC folders/dashboards privilege escalation (bsc#1203596, jsc#PED-2145)\n * CVE-2022-35957: Escalation from admin to server admin when auth proxy is used (bsc#1203597, jsc#PED-2145)\n * CVE-2022-31107: OAuth account takeover (bsc#1201539)\n * CVE-2022-31097: Stored XSS vulnerability (bsc#1201535)\n * CVE-2022-29170: Request security bypass via malicious redirect (bsc#1199810)\n * CVE-2022-31097: XSS vulnerability in the Unified Alerting (bsc#1201535)\n * CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539)\n * CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)\n * CVE-2022-21703: Cross-origin request forgery vulnerability (bsc#1195727)\n * CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728)\n * CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873)\n * CVE-2021-43813: Directory traversal vulnerability for .md files (bsc#1193688)\n * CVE-2021-43815: Directory traversal for .csv files (bsc#1193686)\n * CVE-2021-43798: arbitrary file read in the graph native plugin (bsc#1193492)\n * CVE-2021-43798: Arbitrary file read in the graph native plugin (bsc#1193492)\n * CVE-2021-41244: Grafana 8.2.4 released with security fixes (bsc#1192763)\n * Security: Fixes CVE-2021-41174, bsc#1192383.\n * Security: Update dependencies to fix CVE-2021-36222, bsc#1188571.\n\nkiwi-desc-saltboot:\n\n- Update to version 0.1.1687520761.cefb248\n * Add osimage cert package to bootstrap for\n SUSE Linux Enterprise 12 images (bsc#1204089)\n- Update to version 0.1.1673279145.e7616bd\n * Add failsafe stop file when salt-minion does not stop (bsc#1172110)\n- Update to version 0.1.1661440542.6cbe0da\n * Use standard susemanager.conf\n * Use salt bundle\n * Add support fo VirtIO disks\n\nmgr-push:\n\n- Version 5.0.1-1\n * Bump version to 5.0.0\n- Version 4.4.6-1\n * Remove unused makefiles\n- Version 4.4.5-1\n * Use http to connect to localhost server\n * Use bundle CA certificate in rhnpush\n- Version 4.4.4-1\n * remove pylint check at build time\n- Version 4.4.3-1\n * Ensure installation of make for building\n- Version 4.4.2-1\n * Update translation strings\n- Version 4.4.1-1\n * Bump version to 4.4.0\n\nprometheus-blackbox_exporter:\n\n- Use obscpio for go modules service\n- Set version number\n- Set build date from SOURCE_DATE_EPOCH\n- Update to 0.24.0 (bsc#1212279, jsc#PED-4556)\n * Requires go1.19\n- Avoid empty validation script\n- Add rc symlink for backwards compatibility\n- Fix authentication bypass via cache poisoning\n (CVE-2022-46146, bsc#1208062)\n- Add `min_version` parameter of `tls_config` to allow enabling\n TLS 1.0 and 1.1 (bsc#1209113)\n- On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599)\n- Build with go1.18 only for SLE-15-SP3 and \n build with >= go1.19 on higher SP (bsc#1203599)\n- Require go1.18 (bsc#1203599, GH#19127)\n- Exclude s390 arch\n- Fix %pre section to avoid empty content\n- Updated to allow building on older rpmbuild.\n- Enhanced to build on Enterprise Linux 8\n\nprometheus-postgres_exporter:\n\n- Remove duplicated call to systemd requirements\n- Do not build debug if RHEL >= 8\n- Do not strip if SUSE Linux Enterprise 15 SP3\n- Build at least with with Go >= 1.18 on RHEL\n- Build with Go >= 1.20 elsewhere\n- Adapt the systemd service security configuration\n to be able to start it on RHEL systems and clones\n- Create the prometheus user for RHEL systems and clones\n- Add 0001-Update-prometheus-exporter-toolkit-to-0.7.3.patch\n * Fix authentication bypass via cache poisoning\n (CVE-2022-46146, bsc#1208060)\n- Fix _service to pull correct version\n- Use go_modules source service\n- Upgrade to version 0.10.1:\n * Fix broken log-level for values other than debug (bsc#1208965)\n- Version/release lines above first usage of those macros.\n gh#uyuni-project/uyuni#5418\n- Prevent empty %pre section\n- Exclude s390 builds \n- Updated for RHEL8.\n\npython-hwdata:\n\n- Declare the LICENSE file as license and not doc\n\nrhnlib:\n\n- Version 5.0.1-1\n * Specify a packager for Debian like distros\n- Version 4.4.6-1\n * Remove unused makefiles\n- Version 4.4.5-1\n * Use bundle CA certificate in rhnpush\n- Version 4.4.4-1\n * Only use TLSv1+ for SSL connections\n- Version 4.4.3-1\n * Ensure installation of make for building\n- Version 4.4.2-1\n * Don't get stuck at the end of SSL transfers (bsc#1204032)\n- Version 4.4.1-1\n * Bump version to 4.4.0\n\nspacecmd:\n\n- Version 5.0.1-1\n * Use localhost without ssl when running on the server\n- Version 4.4.10-1\n * Update translation strings\n- Version 4.4.9-1\n- Version 4.4.8-1\n * Add spacecmd function: cryptokey_update\n * Bypass traditional systems check on older SUMA instances (bsc#1208612)\n * fix argument parsing of distribution_update (bsc#1210458)\n- Version 4.4.7-1\n * remove pylint check at build time\n * Display activation key details after executing the corresponding command (bsc#1208719)\n * Show targetted packages before actually removing them (bsc#1207830)\n- Version 4.4.6-1\n * Fix spacecmd not showing any output for softwarechannel_diff \n and softwarechannel_errata_diff (bsc#1207352)\n- Version 4.4.5-1\n * Prevent string api parameters to be parsed as dates if not in\n ISO-8601 format (bsc#1205759)\n * Add python-dateutil dependency, required to process date values in\n spacecmd api calls\n * Remove python3-simplejson dependency\n- Version 4.4.4-1\n * Correctly understand 'ssm' keyword on scap scheduling\n * Add vendor_advisory information to errata_details call (bsc#1205207)\n * Change default port of 'Containerized Proxy configuration' 8022\n- Version 4.4.3-1\n * Added two missing options to schedule product migration: allow-vendor-change\n and remove-products-without-successor (bsc#1204126)\n * Changed schedule product migration to use the correct API method\n * Fix dict_keys not supporting indexing in systems_setconfigchannelorger\n * Added a warning message for traditional stack deprecation\n * Remove 'Undefined return code' from debug messages (bsc#1203283)\n- Version 4.4.2-1\n * Stop always showing help for valid proxy_container_config calls\n- Version 4.4.1-1\n * Process date values in spacecmd api calls (bsc#1198903)\n * Improve Proxy FQDN hint message\n- Version 4.3.14-1\n * Fix missing argument on system_listmigrationtargets (bsc#1201003)\n * Show correct help on calling kickstart_importjson with no arguments\n * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)\n * Change proxy container config default filename to end with tar.gz\n- Version 4.3.13-1\n * Update translation strings\n- Version 4.3.12-1\n * Update translation strings\n- Version 4.3.11-1\n * on full system update call schedulePackageUpdate API (bsc#1197507)\n\nspacewalk-client-tools:\n\n- Version 5.0.1-1\n * Bump version to 5.0.0\n- Version 4.4.7-1\n * Remove unused and deprecated/removed platform.dist import.\n- Version 4.4.6-1\n * Update translation strings\n * Tito requires to list the package source as %{name}-%{version}.tar.gz\n- Version 4.4.5-1\n * remove mgr-virtualization usage\n * remove dependency to suseRegisterInfo\n- Version 4.4.4-1\n * Update translation strings\n- Version 4.4.3-1\n * Update translation strings\n- Version 4.4.2-1\n * Update translation strings\n- Version 4.4.1-1\n * Update translation strings\n- Version 4.3.11-1\n * Update translation strings\n- Version 4.3.10-1\n\nsupportutils-plugin-salt:\n\n- Update to version 1.2.2\n * Remove possible passwords from Salt configuration files (bsc#1201059)\n- Update to version 1.2.1\n * Remove ERROR messages on Salt client systems\n- Declare the LICENSE file as license and not doc\n- Update to version 1.2.0\n * Add support for Salt Bundle\n\nsupportutils-plugin-susemanager-client:\n\n- Version 5.0.1-1\n * Bump version to 5.0.0\n- Version 4.4.2-1\n * write configured crypto-policy in supportconfig\n * add cloud and payg checks\n- Version 4.4.1-1\n * Bump version to 4.4.0\n- Version 4.3.2-1\n * Add proxy containers config and logs\n\nuyuni-common-libs:\n\n- Version 5.0.1-1\n * Bump version to 5.0.0\n- Version 4.4.4-1\n * Workaround for python3-debian bug about collecting control file (bsc#1211525, bsc#1208692)\n * Accept missing rhn.conf file\n * Use context manager for apache users in fileutils.py.\n- Version 4.4.3-1\n * Ensure installation of make for building.\n * Use versioned Python during packaging.\n- Version 4.4.2-1\n * unify user notification code on java side\n- Version 4.4.1-1\n * Do not allow creating path if nonexistent user or group in fileutils.\n- Version 4.3.5-1\n * Fix reposync issue about 'rpm.hdr' object has no attribute 'get'\n\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-191,SUSE-SLE-Manager-Tools-12-BETA-2024-191", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0191-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:0191-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20240191-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:0191-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017744.html", }, { category: "self", summary: "SUSE Bug 1047218", url: "https://bugzilla.suse.com/1047218", }, { category: "self", summary: "SUSE Bug 1172110", url: "https://bugzilla.suse.com/1172110", }, { category: "self", summary: "SUSE Bug 1188571", url: "https://bugzilla.suse.com/1188571", }, { category: "self", summary: "SUSE Bug 1189520", url: "https://bugzilla.suse.com/1189520", }, { category: "self", summary: "SUSE Bug 1191454", url: "https://bugzilla.suse.com/1191454", }, { category: "self", summary: "SUSE Bug 1192154", url: "https://bugzilla.suse.com/1192154", }, { category: "self", summary: "SUSE Bug 1192383", url: "https://bugzilla.suse.com/1192383", }, { category: "self", summary: "SUSE Bug 1192696", url: "https://bugzilla.suse.com/1192696", }, { category: "self", summary: "SUSE Bug 1192763", url: "https://bugzilla.suse.com/1192763", }, { category: "self", summary: "SUSE Bug 1193492", url: "https://bugzilla.suse.com/1193492", }, { category: "self", summary: "SUSE Bug 1193686", url: "https://bugzilla.suse.com/1193686", }, { category: "self", summary: "SUSE Bug 1193688", url: "https://bugzilla.suse.com/1193688", }, { category: "self", summary: "SUSE Bug 1194873", url: "https://bugzilla.suse.com/1194873", }, { category: "self", summary: "SUSE Bug 1195726", url: "https://bugzilla.suse.com/1195726", }, { category: "self", summary: "SUSE Bug 1195727", url: "https://bugzilla.suse.com/1195727", }, { category: "self", summary: "SUSE Bug 1195728", url: "https://bugzilla.suse.com/1195728", }, { category: "self", summary: "SUSE Bug 1196338", url: "https://bugzilla.suse.com/1196338", }, { category: "self", summary: "SUSE Bug 1196652", url: "https://bugzilla.suse.com/1196652", }, { category: "self", summary: "SUSE Bug 1197507", url: "https://bugzilla.suse.com/1197507", }, { category: "self", summary: "SUSE Bug 1198903", url: "https://bugzilla.suse.com/1198903", }, { category: "self", summary: "SUSE Bug 1199810", url: "https://bugzilla.suse.com/1199810", }, { category: "self", summary: "SUSE Bug 1200480", url: "https://bugzilla.suse.com/1200480", }, { category: "self", summary: "SUSE Bug 1200591", url: "https://bugzilla.suse.com/1200591", }, { category: "self", summary: "SUSE Bug 1200725", url: "https://bugzilla.suse.com/1200725", }, { category: "self", summary: "SUSE Bug 1201003", url: "https://bugzilla.suse.com/1201003", }, { category: "self", summary: "SUSE Bug 1201059", url: "https://bugzilla.suse.com/1201059", }, { category: "self", summary: "SUSE Bug 1201535", url: "https://bugzilla.suse.com/1201535", }, { category: "self", summary: "SUSE Bug 1201539", url: "https://bugzilla.suse.com/1201539", }, { category: "self", summary: "SUSE Bug 1203283", url: "https://bugzilla.suse.com/1203283", }, { category: "self", summary: "SUSE Bug 1203596", url: "https://bugzilla.suse.com/1203596", }, { category: "self", summary: "SUSE Bug 1203597", url: "https://bugzilla.suse.com/1203597", }, { category: "self", summary: "SUSE Bug 1203599", url: "https://bugzilla.suse.com/1203599", }, { category: "self", summary: "SUSE Bug 1204032", url: "https://bugzilla.suse.com/1204032", }, { category: "self", summary: "SUSE Bug 1204089", url: "https://bugzilla.suse.com/1204089", }, { category: "self", summary: "SUSE Bug 1204126", url: "https://bugzilla.suse.com/1204126", }, { category: "self", summary: "SUSE Bug 1204302", url: "https://bugzilla.suse.com/1204302", }, { category: "self", summary: "SUSE Bug 1204303", url: "https://bugzilla.suse.com/1204303", }, { category: "self", summary: "SUSE Bug 1204304", url: "https://bugzilla.suse.com/1204304", }, { category: "self", summary: "SUSE Bug 1204305", url: "https://bugzilla.suse.com/1204305", }, { category: "self", summary: "SUSE Bug 1204501", url: "https://bugzilla.suse.com/1204501", }, { category: "self", summary: "SUSE Bug 1205207", url: "https://bugzilla.suse.com/1205207", }, { category: "self", summary: "SUSE Bug 1205225", url: "https://bugzilla.suse.com/1205225", }, { category: "self", summary: "SUSE Bug 1205227", url: "https://bugzilla.suse.com/1205227", }, { category: "self", summary: "SUSE Bug 1205759", url: "https://bugzilla.suse.com/1205759", }, { category: "self", summary: "SUSE Bug 1207352", url: "https://bugzilla.suse.com/1207352", }, { category: "self", summary: "SUSE Bug 1207749", url: "https://bugzilla.suse.com/1207749", }, { category: "self", summary: "SUSE Bug 1207750", url: "https://bugzilla.suse.com/1207750", }, { category: "self", summary: "SUSE Bug 1207830", url: "https://bugzilla.suse.com/1207830", }, { category: "self", summary: "SUSE Bug 1208046", url: "https://bugzilla.suse.com/1208046", }, { category: "self", summary: "SUSE Bug 1208049", url: "https://bugzilla.suse.com/1208049", }, { category: "self", summary: "SUSE Bug 1208051", url: "https://bugzilla.suse.com/1208051", }, { category: "self", summary: "SUSE Bug 1208060", url: "https://bugzilla.suse.com/1208060", }, { category: "self", summary: "SUSE Bug 1208062", url: "https://bugzilla.suse.com/1208062", }, { category: "self", summary: "SUSE Bug 1208064", url: "https://bugzilla.suse.com/1208064", }, { category: "self", summary: "SUSE Bug 1208065", url: "https://bugzilla.suse.com/1208065", }, { category: "self", summary: "SUSE Bug 1208270", url: "https://bugzilla.suse.com/1208270", }, { category: "self", summary: "SUSE Bug 1208293", url: "https://bugzilla.suse.com/1208293", }, { category: "self", summary: "SUSE Bug 1208298", url: "https://bugzilla.suse.com/1208298", }, { category: "self", summary: "SUSE Bug 1208612", url: "https://bugzilla.suse.com/1208612", }, { category: "self", summary: "SUSE Bug 1208692", url: "https://bugzilla.suse.com/1208692", }, { category: "self", summary: "SUSE Bug 1208719", url: "https://bugzilla.suse.com/1208719", }, { category: "self", summary: "SUSE Bug 1208819", url: "https://bugzilla.suse.com/1208819", }, { category: "self", summary: "SUSE Bug 1208821", url: "https://bugzilla.suse.com/1208821", }, { category: "self", summary: "SUSE Bug 1208965", url: "https://bugzilla.suse.com/1208965", }, { category: "self", summary: "SUSE Bug 1209113", url: "https://bugzilla.suse.com/1209113", }, { category: "self", summary: "SUSE Bug 1209645", url: "https://bugzilla.suse.com/1209645", }, { category: "self", summary: "SUSE Bug 1210458", url: "https://bugzilla.suse.com/1210458", }, { category: "self", summary: "SUSE Bug 1210907", url: "https://bugzilla.suse.com/1210907", }, { category: "self", summary: "SUSE Bug 1211525", url: "https://bugzilla.suse.com/1211525", }, { category: "self", summary: "SUSE Bug 1212099", url: "https://bugzilla.suse.com/1212099", }, { category: "self", summary: "SUSE Bug 1212100", url: "https://bugzilla.suse.com/1212100", }, { category: "self", summary: "SUSE Bug 1212279", url: "https://bugzilla.suse.com/1212279", }, { category: "self", summary: "SUSE Bug 1212641", url: "https://bugzilla.suse.com/1212641", }, { category: "self", summary: "SUSE Bug 1218843", url: "https://bugzilla.suse.com/1218843", }, { category: "self", summary: "SUSE Bug 1218844", url: "https://bugzilla.suse.com/1218844", }, { category: "self", summary: "SUSE CVE CVE-2020-7753 page", url: "https://www.suse.com/security/cve/CVE-2020-7753/", }, { category: "self", summary: "SUSE CVE CVE-2021-36222 page", url: "https://www.suse.com/security/cve/CVE-2021-36222/", }, { category: "self", summary: "SUSE CVE CVE-2021-3711 page", url: "https://www.suse.com/security/cve/CVE-2021-3711/", }, { category: "self", summary: "SUSE CVE CVE-2021-3807 page", url: "https://www.suse.com/security/cve/CVE-2021-3807/", }, { category: "self", summary: "SUSE CVE CVE-2021-3918 page", url: "https://www.suse.com/security/cve/CVE-2021-3918/", }, { category: "self", summary: "SUSE CVE CVE-2021-39226 page", url: "https://www.suse.com/security/cve/CVE-2021-39226/", }, { category: "self", summary: "SUSE CVE CVE-2021-41174 page", url: "https://www.suse.com/security/cve/CVE-2021-41174/", }, { category: "self", summary: "SUSE CVE CVE-2021-41244 page", url: "https://www.suse.com/security/cve/CVE-2021-41244/", }, { category: "self", summary: "SUSE CVE CVE-2021-43138 page", url: "https://www.suse.com/security/cve/CVE-2021-43138/", }, { category: "self", summary: "SUSE CVE CVE-2021-43798 page", url: "https://www.suse.com/security/cve/CVE-2021-43798/", }, { category: "self", summary: "SUSE CVE CVE-2021-43813 page", url: "https://www.suse.com/security/cve/CVE-2021-43813/", }, { category: "self", summary: "SUSE CVE CVE-2021-43815 page", url: "https://www.suse.com/security/cve/CVE-2021-43815/", }, { category: "self", summary: "SUSE CVE CVE-2022-0155 page", url: "https://www.suse.com/security/cve/CVE-2022-0155/", }, { category: "self", summary: "SUSE CVE CVE-2022-21673 page", url: "https://www.suse.com/security/cve/CVE-2022-21673/", }, { category: "self", summary: "SUSE CVE CVE-2022-21698 page", url: "https://www.suse.com/security/cve/CVE-2022-21698/", }, { category: "self", summary: "SUSE CVE CVE-2022-21702 page", url: "https://www.suse.com/security/cve/CVE-2022-21702/", }, { category: "self", summary: "SUSE CVE CVE-2022-21703 page", url: "https://www.suse.com/security/cve/CVE-2022-21703/", }, { category: "self", summary: "SUSE CVE CVE-2022-21713 page", url: "https://www.suse.com/security/cve/CVE-2022-21713/", }, { category: "self", summary: "SUSE CVE CVE-2022-23552 page", url: "https://www.suse.com/security/cve/CVE-2022-23552/", }, { category: "self", summary: "SUSE CVE CVE-2022-27191 page", url: "https://www.suse.com/security/cve/CVE-2022-27191/", }, { category: "self", summary: "SUSE CVE CVE-2022-27664 page", url: "https://www.suse.com/security/cve/CVE-2022-27664/", }, { category: "self", summary: "SUSE CVE CVE-2022-29170 page", url: "https://www.suse.com/security/cve/CVE-2022-29170/", }, { category: "self", summary: "SUSE CVE CVE-2022-31097 page", url: "https://www.suse.com/security/cve/CVE-2022-31097/", }, { category: "self", summary: "SUSE CVE CVE-2022-31107 page", url: "https://www.suse.com/security/cve/CVE-2022-31107/", }, { category: "self", summary: "SUSE CVE CVE-2022-31123 page", url: "https://www.suse.com/security/cve/CVE-2022-31123/", }, { category: "self", summary: "SUSE CVE CVE-2022-31130 page", url: "https://www.suse.com/security/cve/CVE-2022-31130/", }, { category: "self", summary: "SUSE CVE CVE-2022-32149 page", url: "https://www.suse.com/security/cve/CVE-2022-32149/", }, { category: "self", summary: "SUSE CVE CVE-2022-35957 page", url: "https://www.suse.com/security/cve/CVE-2022-35957/", }, { category: "self", summary: "SUSE CVE CVE-2022-36062 page", url: "https://www.suse.com/security/cve/CVE-2022-36062/", }, { category: "self", summary: "SUSE CVE CVE-2022-39201 page", url: "https://www.suse.com/security/cve/CVE-2022-39201/", }, { category: "self", summary: "SUSE CVE CVE-2022-39229 page", url: "https://www.suse.com/security/cve/CVE-2022-39229/", }, { category: "self", summary: "SUSE CVE CVE-2022-39306 page", url: "https://www.suse.com/security/cve/CVE-2022-39306/", }, { category: "self", summary: "SUSE CVE CVE-2022-39307 page", url: "https://www.suse.com/security/cve/CVE-2022-39307/", }, { category: "self", summary: "SUSE CVE CVE-2022-39324 page", url: "https://www.suse.com/security/cve/CVE-2022-39324/", }, { category: "self", summary: "SUSE CVE CVE-2022-41715 page", url: "https://www.suse.com/security/cve/CVE-2022-41715/", }, { category: "self", summary: "SUSE CVE CVE-2022-41723 page", url: "https://www.suse.com/security/cve/CVE-2022-41723/", }, { category: "self", summary: "SUSE CVE CVE-2022-46146 page", url: "https://www.suse.com/security/cve/CVE-2022-46146/", }, { category: "self", summary: "SUSE CVE CVE-2023-0507 page", url: "https://www.suse.com/security/cve/CVE-2023-0507/", }, { category: "self", summary: "SUSE CVE CVE-2023-0594 page", url: "https://www.suse.com/security/cve/CVE-2023-0594/", }, { category: "self", summary: "SUSE CVE CVE-2023-1387 page", url: "https://www.suse.com/security/cve/CVE-2023-1387/", }, { category: "self", summary: "SUSE CVE CVE-2023-1410 page", url: "https://www.suse.com/security/cve/CVE-2023-1410/", }, { category: "self", summary: "SUSE CVE CVE-2023-2183 page", url: "https://www.suse.com/security/cve/CVE-2023-2183/", }, { category: "self", summary: "SUSE CVE CVE-2023-2801 page", url: "https://www.suse.com/security/cve/CVE-2023-2801/", }, { category: "self", summary: "SUSE CVE CVE-2023-3128 page", url: "https://www.suse.com/security/cve/CVE-2023-3128/", }, { category: "self", summary: "SUSE CVE CVE-2023-40577 page", url: "https://www.suse.com/security/cve/CVE-2023-40577/", }, ], title: "Security Beta update for SUSE Manager Client Tools", tracking: { current_release_date: "2024-01-23T15:18:14Z", generator: { date: "2024-01-23T15:18:14Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:0191-1", initial_release_date: "2024-01-23T15:18:14Z", revision_history: [ { date: "2024-01-23T15:18:14Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", product: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", product_id: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", }, }, { category: "product_version", name: "golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", product: { name: "golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", product_id: "golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", }, }, { category: "product_version", name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", product: { name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", product_id: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", product: { name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", product_id: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", product: { name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", product_id: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", product: { name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", product_id: "golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", product: { name: "golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", product_id: "golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", }, }, { category: "product_version", name: "grafana-9.5.8-4.21.2.aarch64", product: { name: "grafana-9.5.8-4.21.2.aarch64", product_id: "grafana-9.5.8-4.21.2.aarch64", }, }, { category: "product_version", name: "prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", product: { name: "prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", product_id: "prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", product: { name: "prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", product_id: "prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", product: { name: "python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", product_id: "python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", }, }, { category: "product_version", name: "uyuni-base-common-5.0.1-3.18.2.aarch64", product: { name: "uyuni-base-common-5.0.1-3.18.2.aarch64", product_id: "uyuni-base-common-5.0.1-3.18.2.aarch64", }, }, { category: "product_version", name: "uyuni-base-proxy-5.0.1-3.18.2.aarch64", product: { name: "uyuni-base-proxy-5.0.1-3.18.2.aarch64", product_id: "uyuni-base-proxy-5.0.1-3.18.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", product: { name: "kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", product_id: "kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", }, }, { category: "product_version", name: "mgr-push-5.0.1-4.21.4.noarch", product: { name: "mgr-push-5.0.1-4.21.4.noarch", product_id: "mgr-push-5.0.1-4.21.4.noarch", }, }, { category: "product_version", name: "python2-hwdata-2.3.5-15.12.2.noarch", product: { name: "python2-hwdata-2.3.5-15.12.2.noarch", product_id: "python2-hwdata-2.3.5-15.12.2.noarch", }, }, { category: "product_version", name: "python2-mgr-push-5.0.1-4.21.4.noarch", product: { name: "python2-mgr-push-5.0.1-4.21.4.noarch", product_id: "python2-mgr-push-5.0.1-4.21.4.noarch", }, }, { category: "product_version", name: "python2-rhnlib-5.0.1-24.30.3.noarch", product: { name: "python2-rhnlib-5.0.1-24.30.3.noarch", product_id: "python2-rhnlib-5.0.1-24.30.3.noarch", }, }, { category: "product_version", name: "spacecmd-5.0.1-41.42.3.noarch", product: { name: "spacecmd-5.0.1-41.42.3.noarch", product_id: "spacecmd-5.0.1-41.42.3.noarch", }, }, { category: "product_version", name: "supportutils-plugin-salt-1.2.2-9.9.2.noarch", product: { name: "supportutils-plugin-salt-1.2.2-9.9.2.noarch", product_id: "supportutils-plugin-salt-1.2.2-9.9.2.noarch", }, }, { category: "product_version", name: "supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", product: { name: "supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", product_id: "supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", }, }, { category: "product_version", name: "system-user-grafana-1.0.0-3.7.2.noarch", product: { name: "system-user-grafana-1.0.0-3.7.2.noarch", product_id: "system-user-grafana-1.0.0-3.7.2.noarch", }, }, { category: "product_version", name: "system-user-prometheus-1.0.0-3.7.2.noarch", product: { name: "system-user-prometheus-1.0.0-3.7.2.noarch", product_id: "system-user-prometheus-1.0.0-3.7.2.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", product: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", product_id: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", }, }, { category: "product_version", name: "golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", product: { name: "golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", product_id: "golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", }, }, { category: "product_version", name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", product: { name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", product_id: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", product: { name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", product_id: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", product: { name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", product_id: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", product: { name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", product_id: "golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", product: { name: "golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", product_id: "golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", }, }, { category: "product_version", name: "grafana-9.5.8-4.21.2.ppc64le", product: { name: "grafana-9.5.8-4.21.2.ppc64le", product_id: "grafana-9.5.8-4.21.2.ppc64le", }, }, { category: "product_version", name: "prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", product: { name: "prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", product_id: "prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", product: { name: "prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", product_id: "prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", }, }, { category: "product_version", name: "python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", product: { name: "python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", product_id: "python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", }, }, { category: "product_version", name: "uyuni-base-common-5.0.1-3.18.2.ppc64le", product: { name: "uyuni-base-common-5.0.1-3.18.2.ppc64le", product_id: "uyuni-base-common-5.0.1-3.18.2.ppc64le", }, }, { category: "product_version", name: "uyuni-base-proxy-5.0.1-3.18.2.ppc64le", product: { name: "uyuni-base-proxy-5.0.1-3.18.2.ppc64le", product_id: "uyuni-base-proxy-5.0.1-3.18.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", product: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", product_id: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", }, }, { category: "product_version", name: "golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", product: { name: "golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", product_id: "golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", }, }, { category: "product_version", name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", product: { name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", product_id: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", product: { name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", product_id: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", product: { name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", product_id: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", product: { name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", product_id: "golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.14.0-4.12.2.s390x", product: { name: "golang-github-prometheus-promu-0.14.0-4.12.2.s390x", product_id: "golang-github-prometheus-promu-0.14.0-4.12.2.s390x", }, }, { category: "product_version", name: "grafana-9.5.8-4.21.2.s390x", product: { name: "grafana-9.5.8-4.21.2.s390x", product_id: "grafana-9.5.8-4.21.2.s390x", }, }, { category: "product_version", name: "prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", product: { name: "prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", product_id: "prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.1-3.6.4.s390x", product: { name: "prometheus-postgres_exporter-0.10.1-3.6.4.s390x", product_id: "prometheus-postgres_exporter-0.10.1-3.6.4.s390x", }, }, { category: "product_version", name: "python2-uyuni-common-libs-5.0.1-3.33.3.s390x", product: { name: "python2-uyuni-common-libs-5.0.1-3.33.3.s390x", product_id: "python2-uyuni-common-libs-5.0.1-3.33.3.s390x", }, }, { category: "product_version", name: "uyuni-base-common-5.0.1-3.18.2.s390x", product: { name: "uyuni-base-common-5.0.1-3.18.2.s390x", product_id: "uyuni-base-common-5.0.1-3.18.2.s390x", }, }, { category: "product_version", name: "uyuni-base-proxy-5.0.1-3.18.2.s390x", product: { name: "uyuni-base-proxy-5.0.1-3.18.2.s390x", product_id: "uyuni-base-proxy-5.0.1-3.18.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", product: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", product_id: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", }, }, { category: "product_version", name: "golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", product: { name: "golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", product_id: "golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", }, }, { category: "product_version", name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", product: { name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", product_id: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", }, }, { category: "product_version", name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", product: { name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", product_id: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", }, }, { category: "product_version", name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", product: { name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", product_id: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", product: { name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", product_id: "golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", product: { name: "golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", product_id: "golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", }, }, { category: "product_version", name: "grafana-9.5.8-4.21.2.x86_64", product: { name: "grafana-9.5.8-4.21.2.x86_64", product_id: "grafana-9.5.8-4.21.2.x86_64", }, }, { category: "product_version", name: "prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", product: { name: "prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", product_id: "prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", }, }, { category: "product_version", name: "prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", product: { name: "prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", product_id: "prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", product: { name: "python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", product_id: "python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", }, }, { category: "product_version", name: "uyuni-base-common-5.0.1-3.18.2.x86_64", product: { name: "uyuni-base-common-5.0.1-3.18.2.x86_64", product_id: "uyuni-base-common-5.0.1-3.18.2.x86_64", }, }, { category: "product_version", name: "uyuni-base-proxy-5.0.1-3.18.2.x86_64", product: { name: "uyuni-base-proxy-5.0.1-3.18.2.x86_64", product_id: "uyuni-base-proxy-5.0.1-3.18.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Client Tools 12-BETA", product: { name: "SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA", }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", }, product_reference: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", }, product_reference: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", }, product_reference: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", }, product_reference: "golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", }, product_reference: "golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", }, product_reference: "golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-boynux-squid_exporter-1.6-4.9.2.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", }, product_reference: "golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", }, product_reference: "golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", }, product_reference: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", }, product_reference: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", }, product_reference: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", }, product_reference: "golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", }, product_reference: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", }, product_reference: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", }, product_reference: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", }, product_reference: "golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", }, product_reference: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", }, product_reference: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", }, product_reference: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", }, product_reference: "golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", }, product_reference: "golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", }, product_reference: "golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", }, product_reference: "golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", }, product_reference: "golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.14.0-4.12.2.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", }, product_reference: "golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", }, product_reference: "golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.14.0-4.12.2.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", }, product_reference: "golang-github-prometheus-promu-0.14.0-4.12.2.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.14.0-4.12.2.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", }, product_reference: "golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.8-4.21.2.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", }, product_reference: "grafana-9.5.8-4.21.2.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.8-4.21.2.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", }, product_reference: "grafana-9.5.8-4.21.2.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.8-4.21.2.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", }, product_reference: "grafana-9.5.8-4.21.2.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "grafana-9.5.8-4.21.2.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", }, product_reference: "grafana-9.5.8-4.21.2.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", }, product_reference: "kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "mgr-push-5.0.1-4.21.4.noarch as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", }, product_reference: "mgr-push-5.0.1-4.21.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", }, product_reference: "prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", }, product_reference: "prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "prometheus-blackbox_exporter-0.24.0-3.6.3.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", }, product_reference: "prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", }, product_reference: "prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.1-3.6.4.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", }, product_reference: "prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", }, product_reference: "prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.1-3.6.4.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", }, product_reference: "prometheus-postgres_exporter-0.10.1-3.6.4.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "prometheus-postgres_exporter-0.10.1-3.6.4.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", }, product_reference: "prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "python2-hwdata-2.3.5-15.12.2.noarch as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", }, product_reference: "python2-hwdata-2.3.5-15.12.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "python2-mgr-push-5.0.1-4.21.4.noarch as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", }, product_reference: "python2-mgr-push-5.0.1-4.21.4.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "python2-rhnlib-5.0.1-24.30.3.noarch as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", }, product_reference: "python2-rhnlib-5.0.1-24.30.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-5.0.1-3.33.3.aarch64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", }, product_reference: "python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", }, product_reference: "python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-5.0.1-3.33.3.s390x as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", }, product_reference: "python2-uyuni-common-libs-5.0.1-3.33.3.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "python2-uyuni-common-libs-5.0.1-3.33.3.x86_64 as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", }, product_reference: "python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "spacecmd-5.0.1-41.42.3.noarch as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", }, product_reference: "spacecmd-5.0.1-41.42.3.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.2-9.9.2.noarch as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", }, product_reference: "supportutils-plugin-salt-1.2.2-9.9.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", }, product_reference: "supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "system-user-grafana-1.0.0-3.7.2.noarch as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", }, product_reference: "system-user-grafana-1.0.0-3.7.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, { category: "default_component_of", full_product_name: { name: "system-user-prometheus-1.0.0-3.7.2.noarch as component of SUSE Manager Client Tools 12-BETA", product_id: "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", }, product_reference: "system-user-prometheus-1.0.0-3.7.2.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12-BETA", }, ], }, vulnerabilities: [ { cve: "CVE-2020-7753", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7753", }, ], notes: [ { category: "general", text: "All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-7753", url: "https://www.suse.com/security/cve/CVE-2020-7753", }, { category: "external", summary: "SUSE Bug 1218843 for CVE-2020-7753", url: "https://bugzilla.suse.com/1218843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2020-7753", }, { cve: "CVE-2021-36222", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-36222", }, ], notes: [ { category: "general", text: "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-36222", url: "https://www.suse.com/security/cve/CVE-2021-36222", }, { category: "external", summary: "SUSE Bug 1188571 for CVE-2021-36222", url: "https://bugzilla.suse.com/1188571", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2021-36222", }, { cve: "CVE-2021-3711", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3711", }, ], notes: [ { category: "general", text: "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-3711", url: "https://www.suse.com/security/cve/CVE-2021-3711", }, { category: "external", summary: "SUSE Bug 1189520 for CVE-2021-3711", url: "https://bugzilla.suse.com/1189520", }, { category: "external", summary: "SUSE Bug 1190129 for CVE-2021-3711", url: "https://bugzilla.suse.com/1190129", }, { category: "external", summary: "SUSE Bug 1192100 for CVE-2021-3711", url: "https://bugzilla.suse.com/1192100", }, { category: "external", summary: "SUSE Bug 1205663 for CVE-2021-3711", url: "https://bugzilla.suse.com/1205663", }, { category: "external", summary: "SUSE Bug 1225628 for CVE-2021-3711", url: "https://bugzilla.suse.com/1225628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "critical", }, ], title: "CVE-2021-3711", }, { cve: "CVE-2021-3807", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3807", }, ], notes: [ { category: "general", text: "ansi-regex is vulnerable to Inefficient Regular Expression Complexity", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-3807", url: "https://www.suse.com/security/cve/CVE-2021-3807", }, { category: "external", summary: "SUSE Bug 1192154 for CVE-2021-3807", url: "https://bugzilla.suse.com/1192154", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2021-3807", }, { cve: "CVE-2021-3918", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3918", }, ], notes: [ { category: "general", text: "json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-3918", url: "https://www.suse.com/security/cve/CVE-2021-3918", }, { category: "external", summary: "SUSE Bug 1192696 for CVE-2021-3918", url: "https://bugzilla.suse.com/1192696", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2021-3918", }, { cve: "CVE-2021-39226", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-39226", }, ], notes: [ { category: "general", text: "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-39226", url: "https://www.suse.com/security/cve/CVE-2021-39226", }, { category: "external", summary: "SUSE Bug 1191454 for CVE-2021-39226", url: "https://bugzilla.suse.com/1191454", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2021-39226", }, { cve: "CVE-2021-41174", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41174", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor('alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-41174", url: "https://www.suse.com/security/cve/CVE-2021-41174", }, { category: "external", summary: "SUSE Bug 1192383 for CVE-2021-41174", url: "https://bugzilla.suse.com/1192383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2021-41174", }, { cve: "CVE-2021-41244", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41244", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-41244", url: "https://www.suse.com/security/cve/CVE-2021-41244", }, { category: "external", summary: "SUSE Bug 1192763 for CVE-2021-41244", url: "https://bugzilla.suse.com/1192763", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "critical", }, ], title: "CVE-2021-41244", }, { cve: "CVE-2021-43138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43138", }, ], notes: [ { category: "general", text: "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-43138", url: "https://www.suse.com/security/cve/CVE-2021-43138", }, { category: "external", summary: "SUSE Bug 1200480 for CVE-2021-43138", url: "https://bugzilla.suse.com/1200480", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2021-43138", }, { cve: "CVE-2021-43798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43798", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-43798", url: "https://www.suse.com/security/cve/CVE-2021-43798", }, { category: "external", summary: "SUSE Bug 1193492 for CVE-2021-43798", url: "https://bugzilla.suse.com/1193492", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2021-43798", }, { cve: "CVE-2021-43813", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43813", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-43813", url: "https://www.suse.com/security/cve/CVE-2021-43813", }, { category: "external", summary: "SUSE Bug 1193686 for CVE-2021-43813", url: "https://bugzilla.suse.com/1193686", }, { category: "external", summary: "SUSE Bug 1193688 for CVE-2021-43813", url: "https://bugzilla.suse.com/1193688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2021-43813", }, { cve: "CVE-2021-43815", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43815", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-43815", url: "https://www.suse.com/security/cve/CVE-2021-43815", }, { category: "external", summary: "SUSE Bug 1193686 for CVE-2021-43815", url: "https://bugzilla.suse.com/1193686", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2021-43815", }, { cve: "CVE-2022-0155", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0155", }, ], notes: [ { category: "general", text: "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-0155", url: "https://www.suse.com/security/cve/CVE-2022-0155", }, { category: "external", summary: "SUSE Bug 1218844 for CVE-2022-0155", url: "https://bugzilla.suse.com/1218844", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-0155", }, { cve: "CVE-2022-21673", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21673", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-21673", url: "https://www.suse.com/security/cve/CVE-2022-21673", }, { category: "external", summary: "SUSE Bug 1194873 for CVE-2022-21673", url: "https://bugzilla.suse.com/1194873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-21673", }, { cve: "CVE-2022-21698", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21698", }, ], notes: [ { category: "general", text: "client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-21698", url: "https://www.suse.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "SUSE Bug 1196338 for CVE-2022-21698", url: "https://bugzilla.suse.com/1196338", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2022-21698", }, { cve: "CVE-2022-21702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21702", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-21702", url: "https://www.suse.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "SUSE Bug 1195726 for CVE-2022-21702", url: "https://bugzilla.suse.com/1195726", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-21702", }, { cve: "CVE-2022-21703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21703", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-21703", url: "https://www.suse.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "SUSE Bug 1195727 for CVE-2022-21703", url: "https://bugzilla.suse.com/1195727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-21703", }, { cve: "CVE-2022-21713", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21713", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-21713", url: "https://www.suse.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "SUSE Bug 1195728 for CVE-2022-21713", url: "https://bugzilla.suse.com/1195728", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-21713", }, { cve: "CVE-2022-23552", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23552", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-23552", url: "https://www.suse.com/security/cve/CVE-2022-23552", }, { category: "external", summary: "SUSE Bug 1207749 for CVE-2022-23552", url: "https://bugzilla.suse.com/1207749", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2022-23552", }, { cve: "CVE-2022-27191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-27191", }, ], notes: [ { category: "general", text: "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-27191", url: "https://www.suse.com/security/cve/CVE-2022-27191", }, { category: "external", summary: "SUSE Bug 1197284 for CVE-2022-27191", url: "https://bugzilla.suse.com/1197284", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2022-27191", }, { cve: "CVE-2022-27664", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-27664", }, ], notes: [ { category: "general", text: "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-27664", url: "https://www.suse.com/security/cve/CVE-2022-27664", }, { category: "external", summary: "SUSE Bug 1203185 for CVE-2022-27664", url: "https://bugzilla.suse.com/1203185", }, { category: "external", summary: "SUSE Bug 1203293 for CVE-2022-27664", url: "https://bugzilla.suse.com/1203293", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2022-27664", }, { cve: "CVE-2022-29170", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29170", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn't call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known workarounds.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-29170", url: "https://www.suse.com/security/cve/CVE-2022-29170", }, { category: "external", summary: "SUSE Bug 1199810 for CVE-2022-29170", url: "https://bugzilla.suse.com/1199810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-29170", }, { cve: "CVE-2022-31097", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31097", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-31097", url: "https://www.suse.com/security/cve/CVE-2022-31097", }, { category: "external", summary: "SUSE Bug 1201535 for CVE-2022-31097", url: "https://bugzilla.suse.com/1201535", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2022-31097", }, { cve: "CVE-2022-31107", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31107", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-31107", url: "https://www.suse.com/security/cve/CVE-2022-31107", }, { category: "external", summary: "SUSE Bug 1201539 for CVE-2022-31107", url: "https://bugzilla.suse.com/1201539", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2022-31107", }, { cve: "CVE-2022-31123", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31123", }, ], notes: [ { category: "general", text: "Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-31123", url: "https://www.suse.com/security/cve/CVE-2022-31123", }, { category: "external", summary: "SUSE Bug 1204302 for CVE-2022-31123", url: "https://bugzilla.suse.com/1204302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "low", }, ], title: "CVE-2022-31123", }, { cve: "CVE-2022-31130", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31130", }, ], notes: [ { category: "general", text: "Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-31130", url: "https://www.suse.com/security/cve/CVE-2022-31130", }, { category: "external", summary: "SUSE Bug 1204305 for CVE-2022-31130", url: "https://bugzilla.suse.com/1204305", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-31130", }, { cve: "CVE-2022-32149", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-32149", }, ], notes: [ { category: "general", text: "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-32149", url: "https://www.suse.com/security/cve/CVE-2022-32149", }, { category: "external", summary: "SUSE Bug 1204501 for CVE-2022-32149", url: "https://bugzilla.suse.com/1204501", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2022-32149", }, { cve: "CVE-2022-35957", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-35957", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-35957", url: "https://www.suse.com/security/cve/CVE-2022-35957", }, { category: "external", summary: "SUSE Bug 1203597 for CVE-2022-35957", url: "https://bugzilla.suse.com/1203597", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-35957", }, { cve: "CVE-2022-36062", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-36062", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-36062", url: "https://www.suse.com/security/cve/CVE-2022-36062", }, { category: "external", summary: "SUSE Bug 1203596 for CVE-2022-36062", url: "https://bugzilla.suse.com/1203596", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-36062", }, { cve: "CVE-2022-39201", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-39201", }, ], notes: [ { category: "general", text: "Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-39201", url: "https://www.suse.com/security/cve/CVE-2022-39201", }, { category: "external", summary: "SUSE Bug 1204303 for CVE-2022-39201", url: "https://bugzilla.suse.com/1204303", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-39201", }, { cve: "CVE-2022-39229", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-39229", }, ], notes: [ { category: "general", text: "Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user's username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`'s email address. This prevents `user_1` logging into the application since `user_1`'s password won't match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-39229", url: "https://www.suse.com/security/cve/CVE-2022-39229", }, { category: "external", summary: "SUSE Bug 1204304 for CVE-2022-39229", url: "https://bugzilla.suse.com/1204304", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "low", }, ], title: "CVE-2022-39229", }, { cve: "CVE-2022-39306", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-39306", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-39306", url: "https://www.suse.com/security/cve/CVE-2022-39306", }, { category: "external", summary: "SUSE Bug 1205225 for CVE-2022-39306", url: "https://bugzilla.suse.com/1205225", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-39306", }, { cve: "CVE-2022-39307", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-39307", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a \"user not found\" message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-39307", url: "https://www.suse.com/security/cve/CVE-2022-39307", }, { category: "external", summary: "SUSE Bug 1205227 for CVE-2022-39307", url: "https://bugzilla.suse.com/1205227", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-39307", }, { cve: "CVE-2022-39324", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-39324", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker's injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-39324", url: "https://www.suse.com/security/cve/CVE-2022-39324", }, { category: "external", summary: "SUSE Bug 1207750 for CVE-2022-39324", url: "https://bugzilla.suse.com/1207750", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-39324", }, { cve: "CVE-2022-41715", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41715", }, ], notes: [ { category: "general", text: "Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-41715", url: "https://www.suse.com/security/cve/CVE-2022-41715", }, { category: "external", summary: "SUSE Bug 1204023 for CVE-2022-41715", url: "https://bugzilla.suse.com/1204023", }, { category: "external", summary: "SUSE Bug 1208441 for CVE-2022-41715", url: "https://bugzilla.suse.com/1208441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2022-41715", }, { cve: "CVE-2022-41723", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-41723", }, ], notes: [ { category: "general", text: "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-41723", url: "https://www.suse.com/security/cve/CVE-2022-41723", }, { category: "external", summary: "SUSE Bug 1208270 for CVE-2022-41723", url: "https://bugzilla.suse.com/1208270", }, { category: "external", summary: "SUSE Bug 1215588 for CVE-2022-41723", url: "https://bugzilla.suse.com/1215588", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2022-41723", }, { cve: "CVE-2022-46146", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-46146", }, ], notes: [ { category: "general", text: "Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-46146", url: "https://www.suse.com/security/cve/CVE-2022-46146", }, { category: "external", summary: "SUSE Bug 1208046 for CVE-2022-46146", url: "https://bugzilla.suse.com/1208046", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2022-46146", }, { cve: "CVE-2023-0507", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-0507", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. \n\nThe stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. \n\nAn attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. \n\nThis means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. \n\nUsers may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. \n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-0507", url: "https://www.suse.com/security/cve/CVE-2023-0507", }, { category: "external", summary: "SUSE Bug 1208821 for CVE-2023-0507", url: "https://bugzilla.suse.com/1208821", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2023-0507", }, { cve: "CVE-2023-0594", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-0594", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-0594", url: "https://www.suse.com/security/cve/CVE-2023-0594", }, { category: "external", summary: "SUSE Bug 1208819 for CVE-2023-0594", url: "https://bugzilla.suse.com/1208819", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2023-0594", }, { cve: "CVE-2023-1387", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1387", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \n\nBy enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-1387", url: "https://www.suse.com/security/cve/CVE-2023-1387", }, { category: "external", summary: "SUSE Bug 1210907 for CVE-2023-1387", url: "https://bugzilla.suse.com/1210907", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2023-1387", }, { cve: "CVE-2023-1410", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1410", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. \n\nGrafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. \n\nThe stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized.\n\nAn attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. \n\n Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. \n\n\n\n\n\n\n\n\n\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-1410", url: "https://www.suse.com/security/cve/CVE-2023-1410", }, { category: "external", summary: "SUSE Bug 1209645 for CVE-2023-1410", url: "https://bugzilla.suse.com/1209645", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2023-1410", }, { cve: "CVE-2023-2183", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2183", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. \n\nThe option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.\n\nThis might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.\n\nUsers may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-2183", url: "https://www.suse.com/security/cve/CVE-2023-2183", }, { category: "external", summary: "SUSE Bug 1212100 for CVE-2023-2183", url: "https://bugzilla.suse.com/1212100", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "moderate", }, ], title: "CVE-2023-2183", }, { cve: "CVE-2023-2801", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2801", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. \n\nUsing public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance.\n\nThe only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly.\n\nThis might enable malicious users to crash Grafana instances through that endpoint.\n\nUsers may upgrade to version 9.4.12 and 9.5.3 to receive a fix.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-2801", url: "https://www.suse.com/security/cve/CVE-2023-2801", }, { category: "external", summary: "SUSE Bug 1212099 for CVE-2023-2801", url: "https://bugzilla.suse.com/1212099", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2023-2801", }, { cve: "CVE-2023-3128", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-3128", }, ], notes: [ { category: "general", text: "Grafana is validating Azure AD accounts based on the email claim. \n\nOn Azure AD, the profile email field is not unique and can be easily modified. \n\nThis leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. \n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-3128", url: "https://www.suse.com/security/cve/CVE-2023-3128", }, { category: "external", summary: "SUSE Bug 1212641 for CVE-2023-3128", url: "https://bugzilla.suse.com/1212641", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.4, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "critical", }, ], title: "CVE-2023-3128", }, { cve: "CVE-2023-40577", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40577", }, ], notes: [ { category: "general", text: "Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-40577", url: "https://www.suse.com/security/cve/CVE-2023-40577", }, { category: "external", summary: "SUSE Bug 1218838 for CVE-2023-40577", url: "https://bugzilla.suse.com/1218838", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-boynux-squid_exporter-1.6-4.9.2.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-alertmanager-0.26.0-4.12.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-node_exporter-1.5.0-4.15.4.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-prometheus-2.45.0-4.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.aarch64", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.ppc64le", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.s390x", "SUSE Manager Client Tools 12-BETA:golang-github-prometheus-promu-0.14.0-4.12.2.x86_64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.aarch64", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.ppc64le", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.s390x", "SUSE Manager Client Tools 12-BETA:grafana-9.5.8-4.21.2.x86_64", "SUSE Manager Client Tools 12-BETA:kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2.noarch", "SUSE Manager Client Tools 12-BETA:mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-blackbox_exporter-0.24.0-3.6.3.x86_64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.aarch64", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.ppc64le", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.s390x", "SUSE Manager Client Tools 12-BETA:prometheus-postgres_exporter-0.10.1-3.6.4.x86_64", "SUSE Manager Client Tools 12-BETA:python2-hwdata-2.3.5-15.12.2.noarch", "SUSE Manager Client Tools 12-BETA:python2-mgr-push-5.0.1-4.21.4.noarch", "SUSE Manager Client Tools 12-BETA:python2-rhnlib-5.0.1-24.30.3.noarch", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.aarch64", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.ppc64le", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.s390x", "SUSE Manager Client Tools 12-BETA:python2-uyuni-common-libs-5.0.1-3.33.3.x86_64", "SUSE Manager Client Tools 12-BETA:spacecmd-5.0.1-41.42.3.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-salt-1.2.2-9.9.2.noarch", "SUSE Manager Client Tools 12-BETA:supportutils-plugin-susemanager-client-5.0.1-9.15.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-grafana-1.0.0-3.7.2.noarch", "SUSE Manager Client Tools 12-BETA:system-user-prometheus-1.0.0-3.7.2.noarch", ], }, ], threats: [ { category: "impact", date: "2024-01-23T15:18:14Z", details: "important", }, ], title: "CVE-2023-40577", }, ], }
fkie_cve-2022-21703
Vulnerability from fkie_nvd
Published
2022-02-08 21:15
Modified
2024-11-21 06:45
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grafana | grafana | * | |
| grafana | grafana | * | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| grafana | grafana | 3.0.0 | |
| netapp | e-series_performance_analyzer | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "1F2335D6-B310-42E7-8FC8-25B8E2264829", versionEndExcluding: "7.5.15", versionStartIncluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", matchCriteriaId: "16145A8D-9FF1-4EEE-8E29-198B408582B8", versionEndExcluding: "8.3.5", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "D738463C-2E39-42D3-A730-5A49594825CC", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "152CFB89-E06C-455E-8B72-016F44D33DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "3E44CD01-FC42-4A90-B976-87E65F3C3E44", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta4:*:*:*:*:*:*", matchCriteriaId: "6B0D67F3-2D3C-4DB7-BF59-4719BCF8A613", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta5:*:*:*:*:*:*", matchCriteriaId: "1804B55D-0FAA-4529-9749-8342A779430D", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta6:*:*:*:*:*:*", matchCriteriaId: "EAF5DF18-EAD2-4888-B1B7-0506C0F893EB", vulnerable: true, }, { criteria: "cpe:2.3:a:grafana:grafana:3.0.0:beta7:*:*:*:*:*:*", matchCriteriaId: "9376D16C-2453-4E08-981C-4789F741FA5E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "CC05F69D-6C6B-472D-87B7-84231F14CA8B", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", }, { lang: "es", value: "Grafana es una plataforma de código abierto para la monitorización y la observabilidad. Las versiones afectadas están sujetas a una vulnerabilidad de tipo cross site request forgery que permite a atacantes elevar sus privilegios al montar ataques de origen cruzado contra usuarios autenticados de Grafana con altos privilegios (por ejemplo, editores o administradores). Un atacante puede explotar esta vulnerabilidad para una elevación de privilegios al engañar a un usuario autenticado para que invite al atacante como un nuevo usuario con altos privilegios. Se recomienda a usuarios actualizar lo antes posible. No hay medidas de mitigación adicionales conocidas para este problema", }, ], id: "CVE-2022-21703", lastModified: "2024-11-21T06:45:16.160", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 4.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-08T21:15:20.150", references: [ { source: "security-advisories@github.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/pull/45083", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/pull/45083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Release Notes", "Third Party Advisory", ], url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Release Notes", "Vendor Advisory", ], url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0005/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
opensuse-su-2024:11836-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
grafana-8.3.5-1.1 on GA media
Notes
Title of the patch
grafana-8.3.5-1.1 on GA media
Description of the patch
These are all security issues fixed in the grafana-8.3.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11836
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "grafana-8.3.5-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the grafana-8.3.5-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11836", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11836-1.json", }, { category: "self", summary: "SUSE CVE CVE-2022-21702 page", url: "https://www.suse.com/security/cve/CVE-2022-21702/", }, { category: "self", summary: "SUSE CVE CVE-2022-21703 page", url: "https://www.suse.com/security/cve/CVE-2022-21703/", }, { category: "self", summary: "SUSE CVE CVE-2022-21713 page", url: "https://www.suse.com/security/cve/CVE-2022-21713/", }, ], title: "grafana-8.3.5-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11836-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-8.3.5-1.1.aarch64", product: { name: "grafana-8.3.5-1.1.aarch64", product_id: "grafana-8.3.5-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-1.1.ppc64le", product: { name: "grafana-8.3.5-1.1.ppc64le", product_id: "grafana-8.3.5-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-1.1.s390x", product: { name: "grafana-8.3.5-1.1.s390x", product_id: "grafana-8.3.5-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grafana-8.3.5-1.1.x86_64", product: { name: "grafana-8.3.5-1.1.x86_64", product_id: "grafana-8.3.5-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-8.3.5-1.1.aarch64", }, product_reference: "grafana-8.3.5-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-8.3.5-1.1.ppc64le", }, product_reference: "grafana-8.3.5-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-8.3.5-1.1.s390x", }, product_reference: "grafana-8.3.5-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grafana-8.3.5-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-8.3.5-1.1.x86_64", }, product_reference: "grafana-8.3.5-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2022-21702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21702", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-8.3.5-1.1.aarch64", "openSUSE Tumbleweed:grafana-8.3.5-1.1.ppc64le", "openSUSE Tumbleweed:grafana-8.3.5-1.1.s390x", "openSUSE Tumbleweed:grafana-8.3.5-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21702", url: "https://www.suse.com/security/cve/CVE-2022-21702", }, { category: "external", summary: "SUSE Bug 1195726 for CVE-2022-21702", url: "https://bugzilla.suse.com/1195726", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-8.3.5-1.1.aarch64", "openSUSE Tumbleweed:grafana-8.3.5-1.1.ppc64le", "openSUSE Tumbleweed:grafana-8.3.5-1.1.s390x", "openSUSE Tumbleweed:grafana-8.3.5-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:grafana-8.3.5-1.1.aarch64", "openSUSE Tumbleweed:grafana-8.3.5-1.1.ppc64le", "openSUSE Tumbleweed:grafana-8.3.5-1.1.s390x", "openSUSE Tumbleweed:grafana-8.3.5-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-21702", }, { cve: "CVE-2022-21703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21703", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-8.3.5-1.1.aarch64", "openSUSE Tumbleweed:grafana-8.3.5-1.1.ppc64le", "openSUSE Tumbleweed:grafana-8.3.5-1.1.s390x", "openSUSE Tumbleweed:grafana-8.3.5-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21703", url: "https://www.suse.com/security/cve/CVE-2022-21703", }, { category: "external", summary: "SUSE Bug 1195727 for CVE-2022-21703", url: "https://bugzilla.suse.com/1195727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-8.3.5-1.1.aarch64", "openSUSE Tumbleweed:grafana-8.3.5-1.1.ppc64le", "openSUSE Tumbleweed:grafana-8.3.5-1.1.s390x", "openSUSE Tumbleweed:grafana-8.3.5-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:grafana-8.3.5-1.1.aarch64", "openSUSE Tumbleweed:grafana-8.3.5-1.1.ppc64le", "openSUSE Tumbleweed:grafana-8.3.5-1.1.s390x", "openSUSE Tumbleweed:grafana-8.3.5-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-21703", }, { cve: "CVE-2022-21713", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21713", }, ], notes: [ { category: "general", text: "Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-8.3.5-1.1.aarch64", "openSUSE Tumbleweed:grafana-8.3.5-1.1.ppc64le", "openSUSE Tumbleweed:grafana-8.3.5-1.1.s390x", "openSUSE Tumbleweed:grafana-8.3.5-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21713", url: "https://www.suse.com/security/cve/CVE-2022-21713", }, { category: "external", summary: "SUSE Bug 1195728 for CVE-2022-21713", url: "https://bugzilla.suse.com/1195728", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-8.3.5-1.1.aarch64", "openSUSE Tumbleweed:grafana-8.3.5-1.1.ppc64le", "openSUSE Tumbleweed:grafana-8.3.5-1.1.s390x", "openSUSE Tumbleweed:grafana-8.3.5-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:grafana-8.3.5-1.1.aarch64", "openSUSE Tumbleweed:grafana-8.3.5-1.1.ppc64le", "openSUSE Tumbleweed:grafana-8.3.5-1.1.s390x", "openSUSE Tumbleweed:grafana-8.3.5-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-21713", }, ], }
ghsa-cmf4-h3xc-jw8w
Vulnerability from github
Published
2024-02-01 00:16
Modified
2024-02-01 00:16
Severity ?
Summary
Grafana Cross Site Request Forgery (CSRF)
Details
Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for Cross Site Request Forgery for Grafana.
Release v.8.3.5, only containing security fixes:
Release v.7.5.15, only containing security fixes:
CSRF (CVE-2022-21703)
Summary
On Jan. 18, security researchers jub0bs and abrahack contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins).
We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).
Impact
An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.
Affected versions with MEDIUM severity
All Grafana >=3.0-beta1 versions are affected by this vulnerability.
Solutions and mitigations
All installations after Grafana v3.0-beta1 should be upgraded as soon as possible.
Note that if you are running Grafana behind any reverse proxy, you need to make sure that you are passing the original Host and Origin headers from the client request to Grafana.
In the case of Apache Server, you need to add ProxyPreserveHost on in your proxy configuration. In case of NGINX, you can need to add proxy_set_header Host $http_host; in your configuration.
Appropriate patches have been applied to Grafana Cloud and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana.
Timeline and postmortem
Here is a detailed timeline starting from when we originally learned of the issue. All times in UTC. - 2022-01-18 03:00 Issue submitted by external researchers - 2022-01-18 17:25 Vulnerability confirmed reproducible - 2022-01-19 07:40 CVSS score confirmed 6.8 at maximum and MEDIUM impact - 2022-01-19 07:40 Begin mitigation for Grafana Cloud - 2022-01-19 17:00 CVE requested - 2022-01-19 19:50 GitHub issues CVE-2022-21703 - 2022-01-21 10:50 PR with fix opened - 2022-01-21 14:13 Private release planned for 2022-01-25, and public release planned for 2022-02-01. - 2022-01-25 12:00 Private release - 2022-02-01 12:00 During the public release process, we realized that private 7.x release was incomplete. Abort public release, send second private release to customers using 7.x - 2022-02-08 12:00 Public release
Acknowledgement
We would like to thank jub0bs and abrahack for responsibly disclosing the vulnerability.
Reporting security issues
If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is
F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA
The key is available from keyserver.ubuntu.com.
Security announcements
We maintain a security category on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.
You can also subscribe to our RSS feed.
{ affected: [ { package: { ecosystem: "Go", name: "github.com/grafana/grafana/pkg/web", }, ranges: [ { events: [ { introduced: "3.0-beta1", }, { fixed: "7.5.15", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Go", name: "github.com/grafana/grafana/pkg/web", }, ranges: [ { events: [ { introduced: "8.0.0", }, { fixed: "8.3.5", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2022-21703", ], database_specific: { cwe_ids: [ "CWE-352", ], github_reviewed: true, github_reviewed_at: "2024-02-01T00:16:02Z", nvd_published_at: "2022-02-08T21:15:00Z", severity: "MODERATE", }, details: "Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for Cross Site Request Forgery for Grafana.\n\nRelease v.8.3.5, only containing security fixes:\n\n- [Download Grafana 8.3.5](https://grafana.com/grafana/download/8.3.5)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-5/)\n\nRelease v.7.5.15, only containing security fixes:\n\n- [Download Grafana 7.5.15](https://grafana.com/grafana/download/7.5.15)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-15/)\n\n## CSRF ([CVE-2022-21703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703))\n\n### Summary\nOn Jan. 18, security researchers [jub0bs](https://twitter.com/jub0bs) and [abrahack](https://twitter.com/theabrahack) contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). \n\nWe believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). \n\n### Impact\nAn attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. \n\n### Affected versions with MEDIUM severity \nAll Grafana >=3.0-beta1 versions are affected by this vulnerability.\n\n### Solutions and mitigations\n\nAll installations after Grafana v3.0-beta1 should be upgraded as soon as possible.\n\nNote that if you are running Grafana behind any reverse proxy, you need to make sure that you are passing the original Host and Origin headers from the client request to Grafana.\n\nIn the case of Apache Server, you need to add `ProxyPreserveHost on` in your proxy [configuration](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html). In case of NGINX, you can need to add `proxy_set_header Host $http_host;` in your [configuration](http://nginx.org/en/docs/http/ngx_http_proxy_module.html).\n\nAppropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud) and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana.\n\n### Timeline and postmortem\n\nHere is a detailed timeline starting from when we originally learned of the issue. All times in UTC.\n- 2022-01-18 03:00 Issue submitted by external researchers\n- 2022-01-18 17:25 Vulnerability confirmed reproducible \n- 2022-01-19 07:40 CVSS score confirmed 6.8 at maximum and MEDIUM impact\n- 2022-01-19 07:40 Begin mitigation for Grafana Cloud\n- 2022-01-19 17:00 CVE requested \n- 2022-01-19 19:50 GitHub issues CVE-2022-21703\n- 2022-01-21 10:50 PR with fix opened\n- 2022-01-21 14:13 Private release planned for 2022-01-25, and public release planned for 2022-02-01.\n- 2022-01-25 12:00 Private release\n- 2022-02-01 12:00 During the public release process, we realized that private 7.x release was incomplete. Abort public release, send second private release to customers using 7.x\n- 2022-02-08 12:00 Public release\n\n### Acknowledgement\n\nWe would like to thank [jub0bs](https://twitter.com/jub0bs) and [abrahack](https://twitter.com/theabrahack) for responsibly disclosing the vulnerability.\n\n### Reporting security issues\n\nIf you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is\n\nF988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA\n\nThe key is available from keyserver.ubuntu.com.\n\n### Security announcements\n\nWe maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.\n\nYou can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).\n", id: "GHSA-cmf4-h3xc-jw8w", modified: "2024-02-01T00:16:02Z", published: "2024-02-01T00:16:02Z", references: [ { type: "WEB", url: "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", }, { type: "WEB", url: "https://github.com/grafana/grafana/pull/45083", }, { type: "WEB", url: "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20220303-0005", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", type: "CVSS_V3", }, ], summary: "Grafana Cross Site Request Forgery (CSRF)", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.