File _patchinfo of Package patchinfo.26215

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.26215

<patchinfo incident="26215">
  <issue tracker="bnc" id="1201539">VUL-0: CVE-2022-31107: grafana: OAuth account takeover</issue>
  <issue tracker="bnc" id="1201535">VUL-0: CVE-2022-31097: grafana: stored XSS vulnerability</issue>
  <issue tracker="bnc" id="1195726">VUL-0: CVE-2022-21702: grafana: XSS through attacker-controlled data source</issue>
  <issue tracker="bnc" id="1195727">VUL-0: CVE-2022-21703: grafana: Cross Site Request Forgery</issue>
  <issue tracker="bnc" id="1195728">VUL-0: CVE-2022-21713: grafana: Teams API IDOR</issue>
  <issue tracker="cve" id="2022-31097"/>
  <issue tracker="cve" id="2022-31107"/>
  <issue tracker="cve" id="2022-21702"/>
  <issue tracker="cve" id="2022-21703"/>
  <issue tracker="cve" id="2022-21713"/>
  <issue tracker="jsc" id="SLE-24565"/>
  <issue tracker="jsc" id="SLE-23422"/>
  <issue tracker="jsc" id="SLE-23439"/>
  <category>security</category>
  <rating>important</rating>
  <packager>deneb_alpha</packager>
  <summary>Security update for grafana</summary>
  <description>This update for grafana fixes the following issues:

Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439):

- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535).
  - CVE-2022-31107: Fixed OAuth account takeover vulnerability (bsc#1201539).
  - CVE-2022-21702: Fixed XSS through attacker-controlled data source (bsc#1195726).
  - CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727).
  - CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728).

</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.26215

Places