Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2025:0545-1 moderate: grafana authentication bypass

suse
Calendar Grey February 14, 2025
Dist Suse Esm H88
Cautious Grafana security announcement including assorted flaw resolutions and enhancements for SUSE clientele.
* bsc#1212641 * bsc#1219912 * bsc#1231024 * bsc#1234554 * bsc#1236301

Summary

## This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 (jsc#PED-11591,jsc#PED-11649): * Security issues fixed: * CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto (bsc#1234554) * CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth (bsc#1212641) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) * CVE-2024-6837: Fixed potential data source permission escalation (bsc#1236301) * CVE-2024-8118: Fixed permission on external alerting rule write endpoint (bsc#1231024) * Potential breaking changes in version 10: * In panels using the `extract fields` transformation, where one of the extracted names collides with one of the already existing ields, the

Topics%20covered

Topics Covered

security advisory moderate vulnerability SUSE authentication bypass server security grafana data source permission

References

* bsc#1212641

* bsc#1219912

* bsc#1231024

* bsc#1234554

* bsc#1236301

* jsc#MSQA-914

* jsc#PED-11591

* jsc#PED-11649

Cross-

* CVE-2023-3128

* CVE-2023-6152

* CVE-2024-45337

* CVE-2024-6837

* CVE-2024-8118

CVSS scores:

* CVE-2023-3128 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

* CVE-2023-3128 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

* CVE-2023-3128 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6152 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

* CVE-2023-6152 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

* CVE-2023-6152 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

* CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Announcement ID: SUSE-SU-2025:0545-1
Release Date: 2025-02-14T07:24:23Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate vulnerability SUSE authentication bypass server security grafana data source permission

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here