ALSA-2020:4682

[ALSA-2020:4682] Moderate: grafana security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2021-11-12

Description:

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. 

The following packages have been upgraded to a later upstream version: grafana (6.7.4). (BZ#1807323)

Security Fix(es):

* grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)

* grafana: arbitrary file read via MySQL data source (CVE-2019-19499)

* grafana: stored XSS (CVE-2020-11110)

* grafana: XSS annotation popup vulnerability (CVE-2020-12052)

* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)

* grafana: information disclosure through world-readable /var/lib/grafana/grafana.db (CVE-2020-12458)

* grafana: information disclosure through world-readable grafana configuration files (CVE-2020-12459)

* grafana: XSS via the OpenTSDB datasource (CVE-2020-13430)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
x86_64	grafana-prometheus-6.7.4-3.el8.x86_64.rpm	0c02c31ec3b25adbfbdcf07381492ee5ab1e8785e6c720f68d7c1b6a66aad45e
x86_64	grafana-elasticsearch-6.7.4-3.el8.x86_64.rpm	28142b8263b12377d54fc721c40627e2377813e7187307a3cd41bc8da81c502c
x86_64	grafana-stackdriver-6.7.4-3.el8.x86_64.rpm	3f058e69f074dcaf3708f589df9042d45dd63c36f7f873f0d21dbdb11f1b375a
x86_64	grafana-influxdb-6.7.4-3.el8.x86_64.rpm	4c451ecb0110fbbeff246a7677486c9f0af9979cbc368fc90b7f664717e65499
x86_64	grafana-mysql-6.7.4-3.el8.x86_64.rpm	5aa292e8638322196e0a181d76cb15826ddbc080924d25fd5dcfcbd3e8f56d58
x86_64	grafana-azure-monitor-6.7.4-3.el8.x86_64.rpm	6510ab1fad0167e0e7a2d6b0f20c6703f32482a344bae12d4fc6db034b9cc3f8
x86_64	grafana-cloudwatch-6.7.4-3.el8.x86_64.rpm	90f52b9d5a79cca87945c7d874f7c41df3cf87d2975a38a42bb6155728748c24
x86_64	grafana-opentsdb-6.7.4-3.el8.x86_64.rpm	91a4ee720fa0ae4f18b0476cf0bc8ffdf7cbba9c43c95de9a86c499097d33d23
x86_64	grafana-mssql-6.7.4-3.el8.x86_64.rpm	9907b385319886f9825aac007804930af8589dfdbb0b57cb4a14a3e4c731090a
x86_64	grafana-loki-6.7.4-3.el8.x86_64.rpm	d5f1d49c82be86fe4f992c6e69b894479de5dd2c50a163ac72e5456fa948991f
x86_64	grafana-6.7.4-3.el8.x86_64.rpm	e04f3102b5c67711ac1dd0afb6ebbdb0d7b115df9bd03c409cc40bd030241cd3
x86_64	grafana-postgres-6.7.4-3.el8.x86_64.rpm	e9a5ea828cd31cda6f7bdd424581693afddf4c4f849857d88c48a9636fef8879
x86_64	grafana-graphite-6.7.4-3.el8.x86_64.rpm	fa0591ddca9cbb7a4e2be92e19f102d84665f8206dde32da1827e884fa0b27cc

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.