Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.27398
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.27398
<patchinfo incident="27398"> <issue tracker="bnc" id="1204304">VUL-0: CVE-2022-39229: grafana: using email as a username can block other users from signing in</issue> <issue tracker="bnc" id="1204303">VUL-0: CVE-2022-39201: grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins</issue> <issue tracker="bnc" id="1205225">VUL-0: CVE-2022-39306: grafana: email addresses and usernames cannot be trusted</issue> <issue tracker="bnc" id="1204305">VUL-0: CVE-2022-31130: grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins</issue> <issue tracker="bnc" id="1205227">VUL-0: CVE-2022-39307: grafana: user enumeration via forget password</issue> <issue tracker="bnc" id="1204302">VUL-0: CVE-2022-31123: grafana: plugin signature bypass</issue> <issue tracker="cve" id="2022-39307"/> <issue tracker="cve" id="2022-31130"/> <issue tracker="cve" id="2022-39229"/> <issue tracker="cve" id="2022-39306"/> <issue tracker="cve" id="2022-39201"/> <issue tracker="cve" id="2022-31123"/> <packager>juliogonzalezgil</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for grafana</summary> <description>This update for grafana fixes the following issues: - Version update from 8.5.13 to 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Security fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) * CVE-2022-39201: Do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocking other users from signing in (bsc#1204304) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor