SUSE-SU-2023:0362-1
- Source
- https://www.suse.com/support/update/announcement/2023/suse-su-20230362-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0362-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2023:0362-1
- Upstream
- Related
- Published
- 2023-02-10T14:15:47Z
- Modified
- 2025-05-08T17:30:02.716858Z
- Summary
- Security update for grafana
- Details
-
This update for grafana fixes the following issues:
- Version update from 8.5.13 to 8.5.15 (jsc#PED-2617):
- CVE-2022-39306: Security fix for privilege escalation (bsc#1205225)
- CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)
- CVE-2022-39201: Do not forward login cookie in outgoing requests (bsc#1204303)
- CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
- CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
- CVE-2022-39229: Fix blocking other users from signing in (bsc#1204304)
- Version update from 8.5.13 to 8.5.15 (jsc#PED-2617):
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20230362-1/
- https://bugzilla.suse.com/1204302
- https://bugzilla.suse.com/1204303
- https://bugzilla.suse.com/1204304
- https://bugzilla.suse.com/1204305
- https://bugzilla.suse.com/1205225
- https://bugzilla.suse.com/1205227
- https://www.suse.com/security/cve/CVE-2022-31123
- https://www.suse.com/security/cve/CVE-2022-31130
- https://www.suse.com/security/cve/CVE-2022-39201
- https://www.suse.com/security/cve/CVE-2022-39229
- https://www.suse.com/security/cve/CVE-2022-39306
- https://www.suse.com/security/cve/CVE-2022-39307
Affected packages
SUSE:Linux Enterprise Module for Package Hub 15 SP4 / grafana
Package
- Name
- grafana
- Purl
- pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4