Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (6.7.4). (BZ#1807323)
Security Fix(es):
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
grafana: arbitrary file read via MySQL data source (CVE-2019-19499)
grafana: stored XSS (CVE-2020-11110)
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
grafana: information disclosure through world-readable /var/lib/grafana/grafana.db (CVE-2020-12458)
grafana: information disclosure through world-readable grafana configuration files (CVE-2020-12459)
grafana: XSS via the OpenTSDB datasource (CVE-2020-13430)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.