Overview

File _patchinfo of Package patchinfo.28597

<patchinfo incident="28597">
  <issue tracker="bnc" id="1208819">VUL-0: CVE-2023-0594: grafana: stored XSS in TraceView panel</issue>
  <issue tracker="bnc" id="1208821">VUL-0: CVE-2023-0507: grafana: stored XSS in geomap panel plugin via attribution</issue>
  <issue tracker="bnc" id="1209645">VUL-0: CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip</issue>
  <issue tracker="cve" id="2023-1410"/>
  <issue tracker="cve" id="2023-0507"/>
  <issue tracker="cve" id="2023-0594"/>
  <packager>juliogonzalezgil</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for SUSE Manager Client Tools</summary>
  <description>This update fixes the following issues:

grafana version update from 8.5.20 to 8.5.22:

- Security issues fixed:
  * CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645)
  * CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821)
  * CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819)

- The following non-security bug was fixed:
  * Login: Fix panic when UpsertUser is called without ReqContext

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places