Bug 1115960 - (CVE-2018-19039) VUL-0: CVE-2018-19039: grafana: users with Editor or Admin permissions can exfiltrate files
(CVE-2018-19039)
VUL-0: CVE-2018-19039: grafana: users with Editor or Admin permissions can ex...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: E-Mail List
Security Team bot
https://smash.suse.de/issue/219235/
CVSSv2:NVD:CVE-2018-19039:4.0:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-11-14 10:52 UTC by Robert Frohl
Modified: 2022-09-15 15:59 UTC (History)
10 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2018-11-14 10:52:04 UTC
rh#1649697


A security issue was found that could allow any users with Editor or Admin permissions in Grafana to read any file that the Grafana process can read from the filesystem. Note, that in order to exploit this you would need to be logged in to the system as a legitimate user with Editor or Admin permissions.

External References:

https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1649697
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19039
Comment 1 Robert Frohl 2018-11-14 14:41:40 UTC
Can someone look into this for Cloud7, Cloud8 and SES5 ?
Comment 9 Swamp Workflow Management 2019-07-11 09:20:21 UTC
This is an autogenerated message for OBS integration:
This bug (1115960) was mentioned in
https://build.opensuse.org/request/show/714594 Factory / grafana
Comment 13 Swamp Workflow Management 2019-07-30 19:11:08 UTC
SUSE-OU-2019:2022-1: An update that solves one vulnerability and has two fixes is now available.

Category: optional (low)
Bug References: 1044444,1044933,1115960
CVE References: CVE-2018-19039
Sources used:
SUSE Manager Tools 12 (src):    grafana-6.2.1-1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2019-07-30 19:12:00 UTC
SUSE-OU-2019:2023-1: An update that solves one vulnerability and has two fixes is now available.

Category: optional (low)
Bug References: 1044444,1044933,1115960
CVE References: CVE-2018-19039
Sources used:
SUSE Manager Tools 15 (src):    grafana-6.2.1-1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-08-05 19:10:32 UTC
SUSE-SU-2019:2046-1: An update that solves three vulnerabilities and has 14 fixes is now available.

Category: security (moderate)
Bug References: 1115960,1120657,1121530,1122053,1122825,1124170,1128453,1131712,1131791,1131899,1132542,1132654,1132832,1132852,1132853,1132860,1134336
CVE References: CVE-2018-19039,CVE-2019-10876,CVE-2019-11068
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-3.3.5, crowbar-6.0+git.1561125496.b7508480-3.6.5, crowbar-core-6.0+git.1562154525.5e2983308-3.3.8, crowbar-ha-6.0+git.1560951093.4af1ee5-3.3.7, crowbar-openstack-6.0+git.1562153583.4735fcf34-3.3.7, documentation-suse-openstack-cloud-crowbar-deployment-9.20190621-3.3.7, documentation-suse-openstack-cloud-crowbar-operations-9.20190621-3.3.7, documentation-suse-openstack-cloud-supplement-9.20190621-3.3.7, galera-python-clustercheck-0.0+git.1562242499.36b8b64-6.3.5, grafana-5.3.3-3.3.1, openstack-ceilometer-11.0.2~dev13-3.3.9, openstack-cinder-13.0.6~dev12-3.3.8, openstack-dashboard-14.0.4~dev4-3.3.8, openstack-designate-7.0.1~dev20-3.3.8, openstack-heat-11.0.3~dev5-3.3.8, openstack-horizon-plugin-designate-ui-7.0.1~dev7-3.3.8, openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.3.7, openstack-horizon-plugin-magnum-ui-5.0.2~dev9-3.3.8, openstack-horizon-plugin-monasca-ui-1.14.1~dev7-3.3.9, openstack-ironic-11.1.4~dev2-3.3.9, openstack-ironic-python-agent-3.3.2~dev13-3.3.6, openstack-keystone-14.1.1~dev7-3.3.9, openstack-magnum-7.1.1~dev24-3.3.8, openstack-manila-7.3.1~dev2-4.3.8, openstack-monasca-agent-2.8.1~dev10-3.3.6, openstack-monasca-notification-1.14.1~dev8-6.3.6, openstack-neutron-13.0.4~dev89-3.3.7, openstack-neutron-fwaas-13.0.2~dev14-3.3.7, openstack-neutron-gbp-5.0.1~dev443-3.3.6, openstack-neutron-lbaas-13.0.1~dev12-3.3.7, openstack-neutron-vpnaas-13.0.2~dev4-3.3.7, openstack-nova-18.2.2~dev9-3.3.8, openstack-octavia-3.1.2~dev2-3.3.6, python-barbican-tempest-plugin-0.1.0-4.3.1, python-cinderclient-4.0.2-3.3.7, python-ironicclient-2.5.2-4.3.7, python-manila-tempest-plugin-0.1.0-3.3.5, python-manilaclient-1.24.2-3.3.7, python-os-brick-2.5.7-3.3.7, python-oslo.db-4.40.2-3.3.8, python-proliantutils-2.8.4-1.1, supportutils-plugin-suse-openstack-cloud-9.0.1562324636.e7046a3-1.1
SUSE OpenStack Cloud 9 (src):    ardana-ansible-9.0+git.1560211997.7ac9792-3.3.5, ardana-barbican-9.0+git.1559292830.208d258-3.3.5, ardana-cassandra-9.0+git.1557220194.6a90deb-3.3.3, ardana-ceilometer-9.0+git.1557219517.7b97993-3.3.5, ardana-cinder-9.0+git.1559039284.6fc1d47-3.3.5, ardana-cluster-9.0+git.1557219586.7c96a6d-3.3.5, ardana-cobbler-9.0+git.1557219626.b190680-3.3.5, ardana-db-9.0+git.1560868957.42bcb70-3.3.5, ardana-designate-9.0+git.1558588538.9211022-3.3.5, ardana-glance-9.0+git.1559033522.5e5be1c-3.3.5, ardana-heat-9.0+git.1559036788.b727b53-3.3.5, ardana-horizon-9.0+git.1557219807.6036a8e-3.3.5, ardana-input-model-9.0+git.1557220534.883f8c9-3.3.5, ardana-installer-ui-9.0+git.1559171053.476225c-3.3.6, ardana-ironic-9.0+git.1560365077.17250c6-3.3.5, ardana-keystone-9.0+git.1559292289.b5ed172-3.3.5, ardana-logging-9.0+git.1557219914.6d7ebb5-3.3.5, ardana-magnum-9.0+git.1557219960.226e32b-3.3.5, ardana-manila-9.0+git.1556646861.58ce24f-3.3.5, ardana-memcached-9.0+git.1557219995.cd49525-3.3.5, ardana-monasca-9.0+git.1556731170.c8210e0-3.3.5, ardana-monasca-transform-9.0+git.1557220073.7e88cfa-3.3.5, ardana-mq-9.0+git.1560214193.fc0378b-3.3.5, ardana-neutron-9.0+git.1560464557.d2f6200-3.3.5, ardana-nova-9.0+git.1559869848.7a706df-3.3.5, ardana-octavia-9.0+git.1560519270.e0a2620-3.3.5, ardana-opsconsole-9.0+git.1553642196.ba23382-3.3.5, ardana-opsconsole-ui-9.0+git.1555530925.206f1a8-4.3.7, ardana-osconfig-9.0+git.1560269313.7ddaff2-3.3.5, ardana-service-9.0+git.1560974342.47a5b12-3.3.5, ardana-service-ansible-9.0+git.1557220501.ebd3011-3.3.5, ardana-ses-9.0+git.1554740095.48252d3-3.3.5, ardana-spark-9.0+git.1557220247.e78d1c3-3.3.5, ardana-swift-9.0+git.1559038506.cc119d9-3.3.5, ardana-tempest-9.0+git.1560949748.f0bd816-3.3.5, ardana-tls-9.0+git.1557220381.5641a2e-3.3.5, caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-3.3.5, documentation-suse-openstack-cloud-deployment-9.20190621-3.3.7, documentation-suse-openstack-cloud-operations-9.20190621-3.3.7, documentation-suse-openstack-cloud-security-9.20190621-3.3.7, documentation-suse-openstack-cloud-supplement-9.20190621-3.3.7, galera-python-clustercheck-0.0+git.1562242499.36b8b64-6.3.5, grafana-5.3.3-3.3.1, openstack-ceilometer-11.0.2~dev13-3.3.9, openstack-cinder-13.0.6~dev12-3.3.8, openstack-dashboard-14.0.4~dev4-3.3.8, openstack-designate-7.0.1~dev20-3.3.8, openstack-heat-11.0.3~dev5-3.3.8, openstack-horizon-plugin-designate-ui-7.0.1~dev7-3.3.8, openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.3.7, openstack-horizon-plugin-magnum-ui-5.0.2~dev9-3.3.8, openstack-horizon-plugin-monasca-ui-1.14.1~dev7-3.3.9, openstack-ironic-11.1.4~dev2-3.3.9, openstack-ironic-python-agent-3.3.2~dev13-3.3.6, openstack-keystone-14.1.1~dev7-3.3.9, openstack-magnum-7.1.1~dev24-3.3.8, openstack-manila-7.3.1~dev2-4.3.8, openstack-monasca-agent-2.8.1~dev10-3.3.6, openstack-monasca-notification-1.14.1~dev8-6.3.6, openstack-neutron-13.0.4~dev89-3.3.7, openstack-neutron-fwaas-13.0.2~dev14-3.3.7, openstack-neutron-gbp-5.0.1~dev443-3.3.6, openstack-neutron-lbaas-13.0.1~dev12-3.3.7, openstack-neutron-vpnaas-13.0.2~dev4-3.3.7, openstack-nova-18.2.2~dev9-3.3.8, openstack-octavia-3.1.2~dev2-3.3.6, python-ardana-configurationprocessor-9.0+git.1558039547.f0d0ddf-3.4.1, python-barbican-tempest-plugin-0.1.0-4.3.1, python-cinderclient-4.0.2-3.3.7, python-cinderlm-0.0.2+git.1541454501.6148725-3.3.5, python-ironicclient-2.5.2-4.3.7, python-manila-tempest-plugin-0.1.0-3.3.5, python-manilaclient-1.24.2-3.3.7, python-os-brick-2.5.7-3.3.7, python-oslo.db-4.40.2-3.3.8, python-proliantutils-2.8.4-1.1, supportutils-plugin-suse-openstack-cloud-9.0.1562324636.e7046a3-1.1, venv-openstack-barbican-7.0.1~dev18-3.2.1, venv-openstack-cinder-13.0.6~dev12-3.2.1, venv-openstack-designate-7.0.1~dev20-3.3.1, venv-openstack-glance-17.0.1~dev16-3.3.1, venv-openstack-heat-11.0.3~dev5-3.3.1, venv-openstack-horizon-14.0.4~dev4-4.3.2, venv-openstack-ironic-11.1.4~dev2-4.3.2, venv-openstack-keystone-14.1.1~dev7-3.3.1, venv-openstack-magnum-7.1.1~dev24-4.3.2, venv-openstack-manila-7.3.1~dev2-3.3.1, venv-openstack-monasca-2.7.1~dev10-3.3.1, venv-openstack-monasca-ceilometer-1.8.2~dev3-3.3.1, venv-openstack-neutron-13.0.4~dev89-6.3.1, venv-openstack-nova-18.2.2~dev9-3.3.1, venv-openstack-octavia-3.1.2~dev2-4.3.1, venv-openstack-sahara-9.0.2~dev9-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Joseph Davis 2019-09-09 16:05:50 UTC
@Robert Can you agree that this has been addressed and can be closed?

https://build.suse.de/package/show/Devel:Cloud:9/grafana shows SOC 9 was updated to 5.3.3
https://build.suse.de/package/show/Devel:Cloud:8/grafana is 4.6.5 as is https://build.suse.de/package/show/Devel:Cloud:7/grafana
Comment 17 Swamp Workflow Management 2019-10-15 16:17:47 UTC
SUSE-SU-2019:2671-1: An update that solves 6 vulnerabilities and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1019074,1052286,1106515,1108033,1115960,1118159,1118900,1120657,1127558,1128954,1128987,1131053,1131961,1132860,1133719,1133722,1136784,1143475,1145796,1145867,1148383,1150895,1152916
CVE References: CVE-2016-10127,CVE-2018-15727,CVE-2018-19039,CVE-2018-558213,CVE-2019-15043,CVE-2019-5477
Sources used:
SUSE OpenStack Cloud 7 (src):    crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1, crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1, grafana-4.6.5-1.11.2, novnc-1.0.0-12.1, openstack-keystone-10.0.3~dev9-7.18.2, openstack-keystone-doc-10.0.3~dev9-7.18.2, openstack-neutron-9.4.2~dev21-7.32.1, openstack-neutron-doc-9.4.2~dev21-7.32.1, openstack-neutron-lbaas-9.2.2~dev11-4.18.3, openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3, openstack-nova-14.0.11~dev13-4.34.3, openstack-nova-doc-14.0.11~dev13-4.34.2, openstack-tempest-12.2.1~a0~dev177-4.6.3, python-pysaml2-4.0.2-3.11.3, python-urllib3-1.16-3.9.2, rubygem-chef-10.32.2-5.12.1, rubygem-easy_diff-1.0.0-3.3.1, sleshammer-0.7.0-0.18.12.3
SUSE Enterprise Storage 4 (src):    crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1, rubygem-chef-10.32.2-5.12.1, rubygem-easy_diff-1.0.0-3.3.1, sleshammer-0.7.0-0.18.12.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2019-10-30 20:16:41 UTC
SUSE-SU-2019:2867-1: An update that solves 11 vulnerabilities and has 10 fixes is now available.

Category: security (moderate)
Bug References: 1019074,1096985,1106515,1115960,1116846,1118900,1120657,1125893,1126088,1132593,1132666,1136035,1141121,1141676,1143215,1145796,1146578,1148158,1148383,1150895,917802
CVE References: CVE-2015-3448,CVE-2016-10127,CVE-2018-15727,CVE-2018-19039,CVE-2018-558213,CVE-2019-13611,CVE-2019-15043,CVE-2019-2614,CVE-2019-2627,CVE-2019-2628,CVE-2019-5477
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    crowbar-core-5.0+git.1569597589.1f025c557-3.32.2, crowbar-ha-5.0+git.1567673535.607aada-3.26.2, crowbar-openstack-5.0+git.1570141351.058c8bd44-4.31.2, crowbar-ui-1.2.0+git.1568396400.0344a727-3.12.3, galera-3-25.3.25-4.6.3, grafana-4.6.5-4.6.3, mariadb-10.2.25-4.14.2, mariadb-connector-c-3.1.2-3.12.3, novnc-1.0.0-3.6.3, openstack-cinder-11.2.3~dev16-3.21.4, openstack-cinder-doc-11.2.3~dev16-3.21.3, openstack-glance-15.0.3~dev3-3.12.4, openstack-glance-doc-15.0.3~dev3-3.12.3, openstack-heat-9.0.8~dev13-3.24.4, openstack-heat-doc-9.0.8~dev13-3.24.3, openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4, openstack-keystone-12.0.4~dev4-5.27.4, openstack-keystone-doc-12.0.4~dev4-5.27.3, openstack-monasca-installer-20190923_16.32-3.9.3, openstack-neutron-11.0.9~dev51-3.24.5, openstack-neutron-doc-11.0.9~dev51-3.24.4, openstack-neutron-gbp-7.3.1~dev56-3.9.4, openstack-neutron-lbaas-11.0.4~dev6-3.15.4, openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4, openstack-nova-16.1.9~dev7-3.29.3, openstack-nova-doc-16.1.9~dev7-3.29.3, python-amqp-2.2.2-3.6.3, python-ovs-2.7.2-3.6.1, python-pysaml2-4.0.2-5.3.3, python-urllib3-1.22-5.9.3, release-notes-suse-openstack-cloud-8.20190911-3.20.3, rubygem-easy_diff-1.0.0-3.4.2
SUSE OpenStack Cloud 8 (src):    ardana-ansible-8.0+git.1566374355.c509923-3.67.3, ardana-glance-8.0+git.1566376789.be0fe01-3.17.3, ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3, ardana-input-model-8.0+git.1566517401.98450e6-3.33.3, ardana-manila-8.0+git.1568835837.2452e7a-1.21.3, ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3, ardana-nova-8.0+git.1566902754.c58ff69-3.35.3, ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3, ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3, galera-3-25.3.25-4.6.3, grafana-4.6.5-4.6.3, mariadb-10.2.25-4.14.2, mariadb-connector-c-3.1.2-3.12.3, novnc-1.0.0-3.6.3, openstack-cinder-11.2.3~dev16-3.21.4, openstack-cinder-doc-11.2.3~dev16-3.21.3, openstack-glance-15.0.3~dev3-3.12.4, openstack-glance-doc-15.0.3~dev3-3.12.3, openstack-heat-9.0.8~dev13-3.24.4, openstack-heat-doc-9.0.8~dev13-3.24.3, openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4, openstack-keystone-12.0.4~dev4-5.27.4, openstack-keystone-doc-12.0.4~dev4-5.27.3, openstack-monasca-installer-20190923_16.32-3.9.3, openstack-neutron-11.0.9~dev51-3.24.5, openstack-neutron-doc-11.0.9~dev51-3.24.4, openstack-neutron-gbp-7.3.1~dev56-3.9.4, openstack-neutron-lbaas-11.0.4~dev6-3.15.4, openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4, openstack-nova-16.1.9~dev7-3.29.3, openstack-nova-doc-16.1.9~dev7-3.29.3, python-amqp-2.2.2-3.6.3, python-ovs-2.7.2-3.6.1, python-pysaml2-4.0.2-5.3.3, python-python-engineio-2.0.2-3.3.3, python-urllib3-1.22-5.9.3, release-notes-suse-openstack-cloud-8.20190911-3.20.3, venv-openstack-aodh-5.1.1~dev7-12.20.2, venv-openstack-barbican-5.0.2~dev3-12.21.2, venv-openstack-ceilometer-9.0.8~dev7-12.18.2, venv-openstack-cinder-11.2.3~dev16-14.21.2, venv-openstack-designate-5.0.3~dev7-12.19.2, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.16.2, venv-openstack-glance-15.0.3~dev3-12.19.2, venv-openstack-heat-9.0.8~dev13-12.21.2, venv-openstack-horizon-12.0.4~dev6-14.26.2, venv-openstack-ironic-9.1.8~dev7-12.21.2, venv-openstack-keystone-12.0.4~dev4-11.22.3, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.20.2, venv-openstack-manila-5.1.1~dev2-12.23.2, venv-openstack-monasca-2.2.2~dev1-11.18.2, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.16.2, venv-openstack-murano-4.0.2~dev2-12.16.2, venv-openstack-neutron-11.0.9~dev51-13.24.3, venv-openstack-nova-16.1.9~dev7-11.22.3, venv-openstack-octavia-1.0.6~dev2-12.21.2, venv-openstack-sahara-7.0.4~dev1-11.20.2, venv-openstack-swift-2.15.2-11.13.3, venv-openstack-trove-8.0.1~dev13-11.20.2
HPE Helion Openstack 8 (src):    ardana-ansible-8.0+git.1566374355.c509923-3.67.3, ardana-glance-8.0+git.1566376789.be0fe01-3.17.3, ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3, ardana-input-model-8.0+git.1566517401.98450e6-3.33.3, ardana-manila-8.0+git.1568835837.2452e7a-1.21.3, ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3, ardana-nova-8.0+git.1566902754.c58ff69-3.35.3, ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3, ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3, galera-3-25.3.25-4.6.3, grafana-4.6.5-4.6.3, mariadb-10.2.25-4.14.2, mariadb-connector-c-3.1.2-3.12.3, novnc-1.0.0-3.6.3, openstack-cinder-11.2.3~dev16-3.21.4, openstack-cinder-doc-11.2.3~dev16-3.21.3, openstack-glance-15.0.3~dev3-3.12.4, openstack-glance-doc-15.0.3~dev3-3.12.3, openstack-heat-9.0.8~dev13-3.24.4, openstack-heat-doc-9.0.8~dev13-3.24.3, openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4, openstack-keystone-12.0.4~dev4-5.27.4, openstack-keystone-doc-12.0.4~dev4-5.27.3, openstack-monasca-installer-20190923_16.32-3.9.3, openstack-neutron-11.0.9~dev51-3.24.5, openstack-neutron-doc-11.0.9~dev51-3.24.4, openstack-neutron-gbp-7.3.1~dev56-3.9.4, openstack-neutron-lbaas-11.0.4~dev6-3.15.4, openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4, openstack-nova-16.1.9~dev7-3.29.3, openstack-nova-doc-16.1.9~dev7-3.29.3, python-amqp-2.2.2-3.6.3, python-pysaml2-4.0.2-5.3.3, python-python-engineio-2.0.2-3.3.3, python-urllib3-1.22-5.9.3, release-notes-hpe-helion-openstack-8.20190911-3.20.3, venv-openstack-aodh-5.1.1~dev7-12.20.2, venv-openstack-barbican-5.0.2~dev3-12.21.2, venv-openstack-ceilometer-9.0.8~dev7-12.18.2, venv-openstack-cinder-11.2.3~dev16-14.21.2, venv-openstack-designate-5.0.3~dev7-12.19.2, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.16.2, venv-openstack-glance-15.0.3~dev3-12.19.2, venv-openstack-heat-9.0.8~dev13-12.21.2, venv-openstack-horizon-hpe-12.0.4~dev6-14.26.2, venv-openstack-ironic-9.1.8~dev7-12.21.2, venv-openstack-keystone-12.0.4~dev4-11.22.3, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.20.2, venv-openstack-manila-5.1.1~dev2-12.23.2, venv-openstack-monasca-2.2.2~dev1-11.18.2, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.16.2, venv-openstack-murano-4.0.2~dev2-12.16.2, venv-openstack-neutron-11.0.9~dev51-13.24.3, venv-openstack-nova-16.1.9~dev7-11.22.3, venv-openstack-octavia-1.0.6~dev2-12.21.2, venv-openstack-sahara-7.0.4~dev1-11.20.2, venv-openstack-swift-2.15.2-11.13.3, venv-openstack-trove-8.0.1~dev13-11.20.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Marcus Meissner 2020-03-25 06:25:31 UTC
ses5 is eol , rest is released
Comment 22 Marcus Meissner 2020-03-25 12:40:16 UTC
ses5 is NOT EOL. sorry for this.

as far as I see however Grafana is not thart relevant for SES5, so we can skip it
Comment 24 Swamp Workflow Management 2020-05-13 19:16:05 UTC
SUSE-SU-2020:1273-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1096985,1106515,1115960,1139862,1148383,1167424
CVE References: CVE-2018-12099,CVE-2018-15727,CVE-2018-19039,CVE-2018-558213,CVE-2019-13068,CVE-2019-15043
Sources used:
SUSE Enterprise Storage 5 (src):    grafana-4.6.5-3.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 OBSbugzilla Bot 2020-09-30 17:50:19 UTC
This is an autogenerated message for OBS integration:
This bug (1115960) was mentioned in
https://build.opensuse.org/request/show/838812 Backports:SLE-15 / grafana
https://build.opensuse.org/request/show/838813 Backports:SLE-15-SP1 / grafana
Comment 27 Swamp Workflow Management 2020-10-04 16:15:40 UTC
openSUSE-SU-2020:1611-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1044444,1044933,1115960,1170557
CVE References: CVE-2018-19039,CVE-2019-15043,CVE-2020-12245,CVE-2020-13379
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP1 (src):    grafana-7.1.5-bp151.2.1
Comment 30 Swamp Workflow Management 2021-06-11 16:26:15 UTC
SUSE-SU-2021:1962-1: An update that fixes 23 vulnerabilities, contains two features is now available.

Category: security (moderate)
Bug References: 1044849,1048688,1115960,1148383,1170657,1171909,1172409,1172450,1174583,1178243,1179805,1181277,1181278,1181689,1181690,1182317,1182433,1183174,1183803,1184148,1185623,1186608,1186611
CVE References: CVE-2017-11481,CVE-2017-11499,CVE-2018-18623,CVE-2018-18624,CVE-2018-18625,CVE-2018-19039,CVE-2019-15043,CVE-2019-25025,CVE-2020-10743,CVE-2020-11110,CVE-2020-12052,CVE-2020-13379,CVE-2020-17516,CVE-2020-24303,CVE-2020-29651,CVE-2021-21238,CVE-2021-21239,CVE-2021-23336,CVE-2021-27358,CVE-2021-28658,CVE-2021-31542,CVE-2021-33203,CVE-2021-33571
JIRA References: SOC-10357,SOC-11453
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    cassandra-3.11.10-3.3.3, crowbar-openstack-6.0+git.1616146717.a89ae0f4e-3.34.4, grafana-6.7.4-3.23.2, kibana-4.6.6-4.9.2, openstack-dashboard-14.1.1~dev11-3.24.6, openstack-ironic-11.1.5~dev17-3.25.5, openstack-neutron-13.0.8~dev164-3.37.4, openstack-neutron-gbp-12.0.1~dev29-3.25.3, openstack-nova-18.3.1~dev82-3.37.6, python-Django1-1.11.29-3.25.1, python-elementpath-1.3.1-1.3.2, python-py-1.5.4-3.3.2, python-pysaml2-4.5.0-4.6.2, python-xmlschema-1.0.18-1.3.2, rubygem-activerecord-session_store-0.1.2-4.3.2
SUSE OpenStack Cloud 9 (src):    ardana-neutron-9.0+git.1615223676.777f0b3-3.25.2, ardana-swift-9.0+git.1618235096.90974ed-3.10.2, cassandra-3.11.10-3.3.3, grafana-6.7.4-3.23.2, kibana-4.6.6-4.9.2, openstack-dashboard-14.1.1~dev11-3.24.6, openstack-ironic-11.1.5~dev17-3.25.5, openstack-neutron-13.0.8~dev164-3.37.4, openstack-neutron-gbp-12.0.1~dev29-3.25.3, openstack-nova-18.3.1~dev82-3.37.6, python-Django1-1.11.29-3.25.1, python-elementpath-1.3.1-1.3.2, python-py-1.5.4-3.3.2, python-pysaml2-4.5.0-4.6.2, python-xmlschema-1.0.18-1.3.2, venv-openstack-barbican-7.0.1~dev24-3.23.1, venv-openstack-cinder-13.0.10~dev20-3.26.1, venv-openstack-designate-7.0.2~dev2-3.23.1, venv-openstack-glance-17.0.1~dev30-3.21.1, venv-openstack-heat-11.0.4~dev4-3.23.1, venv-openstack-horizon-14.1.1~dev11-4.27.3, venv-openstack-ironic-11.1.5~dev17-4.21.2, venv-openstack-keystone-14.2.1~dev4-3.24.3, venv-openstack-magnum-7.2.1~dev1-4.23.1, venv-openstack-manila-7.4.2~dev60-3.29.1, venv-openstack-monasca-2.7.1~dev10-3.21.1, venv-openstack-monasca-ceilometer-1.8.2~dev3-3.23.2, venv-openstack-neutron-13.0.8~dev164-6.27.3, venv-openstack-nova-18.3.1~dev82-3.27.3, venv-openstack-octavia-3.2.3~dev7-4.23.1, venv-openstack-sahara-9.0.2~dev15-3.23.1, venv-openstack-swift-2.19.2~dev48-2.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.