ALSA-2020:4682

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

The following packages have been upgraded to a later upstream version: grafana (6.7.4). (BZ#1807323)

Security Fix(es):

• grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)

• grafana: arbitrary file read via MySQL data source (CVE-2019-19499)

• grafana: stored XSS (CVE-2020-11110)

• grafana: XSS annotation popup vulnerability (CVE-2020-12052)

• grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)

• grafana: information disclosure through world-readable /var/lib/grafana/grafana.db (CVE-2020-12458)

• grafana: information disclosure through world-readable grafana configuration files (CVE-2020-12459)

• grafana: XSS via the OpenTSDB datasource (CVE-2020-13430)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.