SUSE-SU-2020:1273-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20201273-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:1273-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:1273-1
Related
Published
2020-05-13T14:23:49Z
Modified
2020-05-13T14:23:49Z
Summary
Security update for grafana
Details

This update for grafana to version 4.6.5 fixes the following issues:

Security issues fixed:

  • CVE-2019-15043: Added authentication to a few rest endpoints (jsc#SOC-10357, bsc#1148383).
  • CVE-2018-19039: Fixed File Exfiltration vulnerability (jsc#SOC-9976 bsc#1115960).
  • CVE-2018-15727: Fixed an LDAP and OAuth login vulnerability (jsc#SOC-9980 bsc#1106515).
  • CVE-2018-12099: Fixed cross site scripting vulnerabilities in dashboard links (bsc#1096985).
  • CVE-2019-13068: Fixed an HTML injection in the panel drilldown links (bsc#1139862).

Non-security issue fixed:

  • Solve wrongly categorized 'default.ini' file. (bsc#1167424) The configuration file was wrongly classified as documentation instead of configuration file. In systems where the documentation isn't installed by default was not possible to start the 'grafana server' service.
References

Affected packages

SUSE:Enterprise Storage 5 / grafana

Package

Name
grafana
Purl
pkg:rpm/suse/grafana&distro=SUSE%20Enterprise%20Storage%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.5-3.10.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.6.5-3.10.1"
        }
    ]
}