[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2022:3676-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":42,"duplicates":43,"related":44,"reserved_at":9,"published_at":59,"modified_at":60,"state":9,"summary":61,"references_raw":63,"kevs":184,"epss":9,"epss_history":185,"metrics":186,"affected":187},"SUSE-SU-2022:3676-1","Security update for grafana\n\nThis update for grafana fixes the following issues:\n\nUpdated to version 8.5.13 (jsc#PED-2145, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565):    \n    \n- CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation (bsc#1203596).    \n- CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is used (bsc#1203597).    \n- CVE-2022-31107: Fixed OAuth account takeover (bsc#1201539).     \n- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535).    \n- CVE-2022-21702: Fixed XSS vulnerability in handling data sources (bsc#1195726).    \n- CVE-2022-21703: Fixed cross-origin request forgery vulnerability (bsc#1195727).    \n- CVE-2022-21713: Fixed Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728).    \n- CVE-2022-21673: Fixed missing error return in GetUserInfo if no user was found (bsc#1194873).    \n- CVE-2021-43815: Fixed directory traversal for .csv files (bsc#1193686).    \n- CVE-2021-41244: Fixed incorrect access control vulnerability(bsc#1192763).    \n- CVE-2021-41174: Fixed XSS vulnerability on unauthenticated pages through interpolation binding expressions for AngularJS in URL (bsc#1192383).    \n- CVE-2021-3711: Fixed SM2 Decryption Buffer Overflow (bsc#1189520).    \n- CVE-2021-36222: Fixed a null pointer dereference in the KDC (bsc#1188571).    \n- CVE-2021-43798: Fixed arbitrary file read in the graph native plugin (bsc#1193492).  \n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40],{"_key":15},"CVE-2021-36222",{"_key":17},"CVE-2021-3711",{"_key":19},"CVE-2021-41174",{"_key":21},"CVE-2021-41244",{"_key":23},"CVE-2021-43798",{"_key":25},"CVE-2021-43815",{"_key":27},"CVE-2022-21673",{"_key":29},"CVE-2022-21702",{"_key":31},"CVE-2022-21703",{"_key":33},"CVE-2022-21713",{"_key":35},"CVE-2022-31097",{"_key":37},"CVE-2022-31107",{"_key":39},"CVE-2022-35957",{"_key":41},"CVE-2022-36062",[],[],[45,46,47,48,49,50,51,52,53,54,55,56,57,58],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},"2022-10-20T11:40:04Z","2026-02-04T04:37:42.897768Z",{"cisa_kev":62,"cisa_ransomware":62,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[64,70,75,79,83,87,91,95,99,103,107,111,115,119,123,127,132,136,140,144,148,152,156,160,164,168,172,176,180],{"url":65,"sources":66,"tags":68},"https://www.suse.com/support/update/announcement/2022/suse-su-20223676-1/",[67],"osv_suse",[69],"Advisory",{"url":71,"sources":72,"tags":73},"https://bugzilla.suse.com/1188571",[67],[74],"REPORT",{"url":76,"sources":77,"tags":78},"https://bugzilla.suse.com/1189520",[67],[74],{"url":80,"sources":81,"tags":82},"https://bugzilla.suse.com/1192383",[67],[74],{"url":84,"sources":85,"tags":86},"https://bugzilla.suse.com/1192763",[67],[74],{"url":88,"sources":89,"tags":90},"https://bugzilla.suse.com/1193492",[67],[74],{"url":92,"sources":93,"tags":94},"https://bugzilla.suse.com/1193686",[67],[74],{"url":96,"sources":97,"tags":98},"https://bugzilla.suse.com/1194873",[67],[74],{"url":100,"sources":101,"tags":102},"https://bugzilla.suse.com/1195726",[67],[74],{"url":104,"sources":105,"tags":106},"https://bugzilla.suse.com/1195727",[67],[74],{"url":108,"sources":109,"tags":110},"https://bugzilla.suse.com/1195728",[67],[74],{"url":112,"sources":113,"tags":114},"https://bugzilla.suse.com/1201535",[67],[74],{"url":116,"sources":117,"tags":118},"https://bugzilla.suse.com/1201539",[67],[74],{"url":120,"sources":121,"tags":122},"https://bugzilla.suse.com/1203596",[67],[74],{"url":124,"sources":125,"tags":126},"https://bugzilla.suse.com/1203597",[67],[74],{"url":128,"sources":129,"tags":130},"https://www.suse.com/security/cve/CVE-2021-36222",[67],[131],"WEB",{"url":133,"sources":134,"tags":135},"https://www.suse.com/security/cve/CVE-2021-3711",[67],[131],{"url":137,"sources":138,"tags":139},"https://www.suse.com/security/cve/CVE-2021-41174",[67],[131],{"url":141,"sources":142,"tags":143},"https://www.suse.com/security/cve/CVE-2021-41244",[67],[131],{"url":145,"sources":146,"tags":147},"https://www.suse.com/security/cve/CVE-2021-43798",[67],[131],{"url":149,"sources":150,"tags":151},"https://www.suse.com/security/cve/CVE-2021-43815",[67],[131],{"url":153,"sources":154,"tags":155},"https://www.suse.com/security/cve/CVE-2022-21673",[67],[131],{"url":157,"sources":158,"tags":159},"https://www.suse.com/security/cve/CVE-2022-21702",[67],[131],{"url":161,"sources":162,"tags":163},"https://www.suse.com/security/cve/CVE-2022-21703",[67],[131],{"url":165,"sources":166,"tags":167},"https://www.suse.com/security/cve/CVE-2022-21713",[67],[131],{"url":169,"sources":170,"tags":171},"https://www.suse.com/security/cve/CVE-2022-31097",[67],[131],{"url":173,"sources":174,"tags":175},"https://www.suse.com/security/cve/CVE-2022-31107",[67],[131],{"url":177,"sources":178,"tags":179},"https://www.suse.com/security/cve/CVE-2022-35957",[67],[131],{"url":181,"sources":182,"tags":183},"https://www.suse.com/security/cve/CVE-2022-36062",[67],[131],[],[],[],[188],{"ecosystem":189,"name":190,"vendor":191,"product":192,"cpe_part":9,"purl_type":193,"purl_namespace":191,"purl_name":192,"source":9,"versions":194},"SUSE Linux Enterprise","grafana","suse","grafana&distro=SUSE Enterprise Storage 6","rpm",[195],{"version":196,"is_range":197,"range_type":198,"version_start":9,"version_start_type":9,"version_end":199,"version_end_type":200,"fixed_in":9},"lt8_5_13_150100_3_12_1",true,"ecosystem","8.5.13-150100.3.12.1","excluding"]