SUSE-SU-2023:0362-1
Advisory lineage Upstream: 6 Downstream: 0
Published: 10 Feb 2023, 14:15
Last modified:04 Feb 2026, 03:48
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
10 Feb 2023, 14:15
Published
Vulnerability first disclosed
04 Feb 2026, 03:48
Last Modified
Vulnerability information updated
Description
Security update for grafana This update for grafana fixes the following issues: - Version update from 8.5.13 to 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Security fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) * CVE-2022-39201: Do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocking other users from signing in (bsc#1204304)
Affected Systems
- opensuse•grafana&distro=openSUSE Leap 15.4
< 8.5.15-150200.3.32.1
- suse•grafana&distro=SUSE Linux Enterprise Module for Package Hub 15 SP4
< 8.5.15-150200.3.32.1
References (13)
- https://www.suse.com/support/update/announcement/2023/suse-su-20230362-1/
- https://bugzilla.suse.com/1204302
- https://bugzilla.suse.com/1204303
- https://bugzilla.suse.com/1204304
- https://bugzilla.suse.com/1204305
- https://bugzilla.suse.com/1205225
- https://bugzilla.suse.com/1205227
- https://www.suse.com/security/cve/CVE-2022-31123
- https://www.suse.com/security/cve/CVE-2022-31130
- https://www.suse.com/security/cve/CVE-2022-39201
- https://www.suse.com/security/cve/CVE-2022-39229
- https://www.suse.com/security/cve/CVE-2022-39306
- https://www.suse.com/security/cve/CVE-2022-39307