Update Info


Security update for grafana

Type: security
Severity: moderate
Issued: 2023-02-10
This update for grafana fixes the following issues:

- Version update from 8.5.13 to 8.5.15 (jsc#PED-2617):
  * CVE-2022-39306: Security fix for privilege escalation (bsc#1205225)
  * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)
  * CVE-2022-39201: Do not forward login cookie in outgoing requests (bsc#1204303)
  * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
  * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
  * CVE-2022-39229: Fix blocking other users from signing in (bsc#1204304)



  • grafana-8.5.15-150200.3.32.1