ALSA-2020:4682

Source
https://errata.almalinux.org/8/ALSA-2020-4682.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4682.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2020:4682
Related
Published
2020-11-03T12:26:41Z
Modified
2021-11-12T10:20:56Z
Summary
Moderate: grafana security, bug fix, and enhancement update
Details

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

The following packages have been upgraded to a later upstream version: grafana (6.7.4). (BZ#1807323)

Security Fix(es):

  • grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)

  • grafana: arbitrary file read via MySQL data source (CVE-2019-19499)

  • grafana: stored XSS (CVE-2020-11110)

  • grafana: XSS annotation popup vulnerability (CVE-2020-12052)

  • grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)

  • grafana: information disclosure through world-readable /var/lib/grafana/grafana.db (CVE-2020-12458)

  • grafana: information disclosure through world-readable grafana configuration files (CVE-2020-12459)

  • grafana: XSS via the OpenTSDB datasource (CVE-2020-13430)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / grafana

Package

Name
grafana

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-azure-monitor

Package

Name
grafana-azure-monitor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-cloudwatch

Package

Name
grafana-cloudwatch

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-elasticsearch

Package

Name
grafana-elasticsearch

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-graphite

Package

Name
grafana-graphite

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-influxdb

Package

Name
grafana-influxdb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-loki

Package

Name
grafana-loki

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-mssql

Package

Name
grafana-mssql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-mysql

Package

Name
grafana-mysql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-opentsdb

Package

Name
grafana-opentsdb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-postgres

Package

Name
grafana-postgres

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-prometheus

Package

Name
grafana-prometheus

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8

AlmaLinux:8 / grafana-stackdriver

Package

Name
grafana-stackdriver

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.4-3.el8