SUSE-SU-2020:1273-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:1273-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2020:1273-1
- Related
- Published
- 2020-05-13T14:23:49Z
- Modified
- 2020-05-13T14:23:49Z
- Summary
- Security update for grafana
- Details
-
This update for grafana to version 4.6.5 fixes the following issues:
Security issues fixed:
- CVE-2019-15043: Added authentication to a few rest endpoints (jsc#SOC-10357, bsc#1148383).
- CVE-2018-19039: Fixed File Exfiltration vulnerability (jsc#SOC-9976 bsc#1115960).
- CVE-2018-15727: Fixed an LDAP and OAuth login vulnerability (jsc#SOC-9980 bsc#1106515).
- CVE-2018-12099: Fixed cross site scripting vulnerabilities in dashboard links (bsc#1096985).
- CVE-2019-13068: Fixed an HTML injection in the panel drilldown links (bsc#1139862).
Non-security issue fixed:
- Solve wrongly categorized 'default.ini' file. (bsc#1167424) The configuration file was wrongly classified as documentation instead of configuration file. In systems where the documentation isn't installed by default was not possible to start the 'grafana server' service.
- References
-
- https://www.suse.com/support/update/announcement/2020/suse-su-20201273-1/
- https://bugzilla.suse.com/1096985
- https://bugzilla.suse.com/1106515
- https://bugzilla.suse.com/1115960
- https://bugzilla.suse.com/1139862
- https://bugzilla.suse.com/1148383
- https://bugzilla.suse.com/1167424
- https://www.suse.com/security/cve/CVE-2018-12099
- https://www.suse.com/security/cve/CVE-2018-15727
- https://www.suse.com/security/cve/CVE-2018-19039
- https://www.suse.com/security/cve/CVE-2018-558213
- https://www.suse.com/security/cve/CVE-2019-13068
- https://www.suse.com/security/cve/CVE-2019-15043