openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:1530-2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856257

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:1530-2)

Resumen: The remote host is missing an update for the 'grafana and mybatis' package(s) announced via the SUSE-SU-2024:1530-2 advisory.

Descripción: Summary:
The remote host is missing an update for the 'grafana and mybatis' package(s) announced via the SUSE-SU-2024:1530-2 advisory.

Vulnerability Insight:
This update for grafana and mybatis fixes the following issues:

grafana was updated to version 9.5.18:

- Grafana now requires Go 1.20
- Security issues fixed:

* CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)
* CVE-2023-6152: Add email verification when updating user email (bsc#1219912)

- Other non-security related changes:

* Version 9.5.17:

+ [FEATURE] Alerting: Backport use Alertmanager API v2

* Version 9.5.16:

+ [BUGFIX] Annotations: Split cleanup into separate queries and
deletes to avoid deadlocks on MySQL

* Version 9.5.15:

+ [FEATURE] Alerting: Attempt to retry retryable errors

* Version 9.5.14:

+ [BUGFIX] Alerting: Fix state manager to not keep
datasource_uid and ref_id labels in state after Error
+ [BUGFIX] Transformations: Config overrides being lost when
config from query transform is applied
+ [BUGFIX] LDAP: Fix enable users on successfull login

* Version 9.5.13:

+ [BUGFIX] BrowseDashboards: Only remember the most recent
expanded folder
+ [BUGFIX] Licensing: Pass func to update env variables when
starting plugin

* Version 9.5.12:

+ [FEATURE] Azure: Add support for Workload Identity
authentication

* Version 9.5.9:

+ [FEATURE] SSE: Fix DSNode to not panic when response has empty
response
+ [FEATURE] Prometheus: Handle the response with different field
key order
+ [BUGFIX] LDAP: Fix user disabling

mybatis:

- `apache-commons-ognl` is now a non-optional dependency
- Fixed building with log4j v1 and v2 dependencies

Affected Software/OS:
'grafana and mybatis' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.5

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-6152
https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f
https://grafana.com/security/security-advisories/cve-2023-6152/
Common Vulnerability Exposure (CVE) ID: CVE-2024-1313
https://grafana.com/security/security-advisories/cve-2024-1313/

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856257
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:1530-2)
Resumen:	The remote host is missing an update for the 'grafana and mybatis' package(s) announced via the SUSE-SU-2024:1530-2 advisory.
Descripción:	Summary: The remote host is missing an update for the 'grafana and mybatis' package(s) announced via the SUSE-SU-2024:1530-2 advisory. Vulnerability Insight: This update for grafana and mybatis fixes the following issues: grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) - Other non-security related changes: * Version 9.5.17: + [FEATURE] Alerting: Backport use Alertmanager API v2 * Version 9.5.16: + [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL * Version 9.5.15: + [FEATURE] Alerting: Attempt to retry retryable errors * Version 9.5.14: + [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error + [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied + [BUGFIX] LDAP: Fix enable users on successfull login * Version 9.5.13: + [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder + [BUGFIX] Licensing: Pass func to update env variables when starting plugin * Version 9.5.12: + [FEATURE] Azure: Add support for Workload Identity authentication * Version 9.5.9: + [FEATURE] SSE: Fix DSNode to not panic when response has empty response + [FEATURE] Prometheus: Handle the response with different field key order + [BUGFIX] LDAP: Fix user disabling mybatis: - `apache-commons-ognl` is now a non-optional dependency - Fixed building with log4j v1 and v2 dependencies Affected Software/OS: 'grafana and mybatis' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-6152 https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f https://grafana.com/security/security-advisories/cve-2023-6152/ Common Vulnerability Exposure (CVE) ID: CVE-2024-1313 https://grafana.com/security/security-advisories/cve-2024-1313/
Copyright	Copyright (C) 2024 Greenbone AG