{"id":"SUSE-SU-2023:0362-1","summary":"Security update for grafana","details":"This update for grafana fixes the following issues:\n\n- Version update from 8.5.13 to 8.5.15 (jsc#PED-2617):\n  * CVE-2022-39306: Security fix for privilege escalation (bsc#1205225)\n  * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)\n  * CVE-2022-39201: Do not forward login cookie in outgoing requests (bsc#1204303)\n  * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)\n  * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)\n  * CVE-2022-39229: Fix blocking other users from signing in (bsc#1204304)\n","modified":"2026-02-04T03:48:17.489381Z","published":"2023-02-10T14:15:47Z","related":["CVE-2022-31123","CVE-2022-31130","CVE-2022-39201","CVE-2022-39229","CVE-2022-39306","CVE-2022-39307"],"upstream":["CVE-2022-31123","CVE-2022-31130","CVE-2022-39201","CVE-2022-39229","CVE-2022-39306","CVE-2022-39307"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20230362-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204302"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204303"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204304"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204305"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205225"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205227"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-31123"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-31130"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39201"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39229"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39306"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-39307"}],"affected":[{"package":{"name":"grafana","ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP4","purl":"pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.5.15-150200.3.32.1"}]}],"ecosystem_specific":{"binaries":[{"grafana":"8.5.15-150200.3.32.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0362-1.json"}},{"package":{"name":"grafana","ecosystem":"openSUSE:Leap 15.4","purl":"pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.5.15-150200.3.32.1"}]}],"ecosystem_specific":{"binaries":[{"grafana":"8.5.15-150200.3.32.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0362-1.json"}}],"schema_version":"1.7.3"}