grafana-9.4.7-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12855 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z grafana-9.4.7-1.1 on GA media These are all security issues fixed in the grafana-9.4.7-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12855 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12855 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-1410/ SUSE CVE CVE-2023-1410 page openSUSE Tumbleweed grafana-9.4.7-1.1 grafana-9.4.7-1.1 as a component of openSUSE Tumbleweed Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. CVE-2023-1410 openSUSE Tumbleweed:grafana-9.4.7-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1410.html CVE-2023-1410 https://bugzilla.suse.com/1209645 SUSE Bug 1209645