SUSE-SU-2022:3676-1

Advisory lineage Upstream: 14 Downstream: 0
Published: 20 Oct 2022, 11:40
Last modified:04 Feb 2026, 04:37

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

20 Oct 2022, 11:40
Published
Vulnerability first disclosed
04 Feb 2026, 04:37
Last Modified
Vulnerability information updated

Description

Security update for grafana This update for grafana fixes the following issues: Updated to version 8.5.13 (jsc#PED-2145, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565): - CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation (bsc#1203596). - CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is used (bsc#1203597). - CVE-2022-31107: Fixed OAuth account takeover (bsc#1201539). - CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535). - CVE-2022-21702: Fixed XSS vulnerability in handling data sources (bsc#1195726). - CVE-2022-21703: Fixed cross-origin request forgery vulnerability (bsc#1195727). - CVE-2022-21713: Fixed Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728). - CVE-2022-21673: Fixed missing error return in GetUserInfo if no user was found (bsc#1194873). - CVE-2021-43815: Fixed directory traversal for .csv files (bsc#1193686). - CVE-2021-41244: Fixed incorrect access control vulnerability(bsc#1192763). - CVE-2021-41174: Fixed XSS vulnerability on unauthenticated pages through interpolation binding expressions for AngularJS in URL (bsc#1192383). - CVE-2021-3711: Fixed SM2 Decryption Buffer Overflow (bsc#1189520). - CVE-2021-36222: Fixed a null pointer dereference in the KDC (bsc#1188571). - CVE-2021-43798: Fixed arbitrary file read in the graph native plugin (bsc#1193492).

Affected Systems

  • susegrafana&distro=SUSE Enterprise Storage 6

    < 8.5.13-150100.3.12.1

References (29)