SUSE: 2020:1273-1 Moderate: Grafana Security Issues Fixed
suse
May 13, 2020
An update that fixes 6 vulnerabilities is now available
Summary
This update for grafana to version 4.6.5 fixes the following issues: Security issues fixed: - CVE-2019-15043: Added authentication to a few rest endpoints (jsc#SOC-10357, bsc#1148383). - CVE-2018-19039: Fixed File Exfiltration vulnerability (jsc#SOC-9976 bsc#1115960). - CVE-2018-15727: Fixed an LDAP and OAuth login vulnerability (jsc#SOC-9980 bsc#1106515). - CVE-2018-12099: Fixed cross site scripting vulnerabilities in dashboard links (bsc#1096985). - CVE-2019-13068: Fixed an HTML injection in the panel drilldown links (bsc#1139862). Non-security issue fixed: - Solve wrongly categorized "default.ini" file. (bsc#1167424) The configuration file was wrongly classified as documentation instead of configuration file. In systems where the documentation isn't installed
References
#1096985 #1106515 #1115960 #1139862 #1148383
#1167424
Cross- CVE-2018-12099 CVE-2018-15727 CVE-2018-19039
CVE-2018-558213 CVE-2019-13068 CVE-2019-15043
Affected Products:
SUSE Enterprise Storage 5
https://www.suse.com/security/cve/CVE-2018-12099.html
https://www.suse.com/security/cve/CVE-2018-15727.html
https://www.suse.com/security/cve/CVE-2018-19039.html
https://www.suse.com/security/cve/CVE-2018-558213.html
https://www.suse.com/security/cve/CVE-2019-13068.html
https://www.suse.com/security/cve/CVE-2019-15043.html
https://bugzilla.suse.com/1096985
https://bugzilla.suse.com/1106515
https://bugzilla.suse.com/1115960
https://bugzilla.suse.com/1139862
https://bugzilla.suse.com/1148383
https://bugzilla.suse.com/1167424
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2020:1273-1
Rating: moderate
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!