Initial release of package grafana SUSE Patch security@suse.de SUSE Security Team SUSE-OU-2019:2023-1 Final 1 1 2019-07-30T14:48:01Z current 2019-07-30T14:48:01Z 2019-07-30T14:48:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Initial release of package grafana This update provides package grafana for SUSE Manager: SLE15 Client Tools The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container caasp/v4/grafana:7.5.12-2019-2023,SUSE-2019-2023,SUSE-SLE-Manager-Tools-15-2019-2023 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement//suse-ou-20192023-1/ Link for SUSE-OU-2019:2023-1 https://lists.suse.com/pipermail/sle-updates/2019-July/012151.html E-Mail link for SUSE-OU-2019:2023-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1044444 SUSE Bug 1044444 https://bugzilla.suse.com/1044933 SUSE Bug 1044933 https://bugzilla.suse.com/1115960 SUSE Bug 1115960 https://www.suse.com/security/cve/CVE-2018-19039/ SUSE CVE CVE-2018-19039 page Container caasp/v4/grafana:7.5.12 SUSE Manager Client Tools 15 grafana-6.2.1-1.3.1 grafana-6.2.1-1.3.1 as a component of Container caasp/v4/grafana:7.5.12 grafana-6.2.1-1.3.1 as a component of SUSE Manager Client Tools 15 Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. CVE-2018-19039 Container caasp/v4/grafana:7.5.12:grafana-6.2.1-1.3.1 SUSE Manager Client Tools 15:grafana-6.2.1-1.3.1 moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ou-20192023-1/ https://www.suse.com/security/cve/CVE-2018-19039.html CVE-2018-19039 https://bugzilla.suse.com/1115960 SUSE Bug 1115960