SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1904

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1904

Security update for grafana

Type: security

Severity: important

Issued: 2023-04-19

Description:

This version update from 8.5.20 to 8.5.22 for grafana fixes the following issues:

- Security issues fixed:
  * CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645)
  * CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821)
  * CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819)

- The following non-security bug was fixed:
  * Login: Fix panic when UpsertUser is called without ReqContext

References

CVE: CVE-2023-1410
CVE: CVE-2023-0594
CVE: CVE-2023-0507
Bugzilla: 1209645 VUL-0: CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip
Bugzilla: 1208821 VUL-0: CVE-2023-0507: grafana: stored XSS in geomap panel plugin via attribution
Bugzilla: 1208819 VUL-0: CVE-2023-0594: grafana: stored XSS in TraceView panel

Packages

grafana-8.5.22-150200.3.38.1