An update that fixes 5 vulnerabilities, contains three
features is now available.

Description:

This update for grafana fixes the following issues:

Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439):

– CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting
(bsc#1201535).
– CVE-2022-31107: Fixed OAuth account takeover vulnerability
(bsc#1201539).
– CVE-2022-21702: Fixed XSS through attacker-controlled data source
(bsc#1195726).
– CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727).
– CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.4:

zypper in -t patch openSUSE-SLE-15.4-2022-3765=1

– openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2022-3765=1

– SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:

zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3765=1Read More