RHSA-2020:4682-01 -- Centos grafanaID: oval:org.secpod.oval:def:67993 | Date: (C)2020-12-23 (M)2023-03-08 |
Class: PATCH | Family: unix |
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB amp; OpenTSDB. The following packages have been upgraded to a later upstream version: grafana . Security Fix: * grafana: XSS vulnerability via a column style on the quot;Dashboard gt; Table Panelquot; screen * grafana: arbitrary file read via MySQL data source * grafana: stored XSS * grafana: XSS annotation popup vulnerability * grafana: XSS via column.title or cellLinkTooltip * grafana: information disclosure through world-readable /var/lib/grafana/grafana.db * grafana: information disclosure through world-readable grafana configuration files * grafana: XSS via the OpenTSDB datasource For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the CentOS 8.3 Release Notes linked from the References section.