rpm package
suse/kiwi-desc-saltboot&distro=SUSE Manager Client Tools 12
pkg:rpm/suse/kiwi-desc-saltboot&distro=SUSE%20Manager%20Client%20Tools%2012
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28370 | — | < 0.1.1687520761.cefb248-1.35.2 | 0.1.1687520761.cefb248-1.35.2 | May 25, 2023 | Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. | ||
| CVE-2022-39307 | — | < 0.1.1673279145.e7616bd-1.32.1 | 0.1.1673279145.e7616bd-1.32.1 | Nov 9, 2022 | Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” m | ||
| CVE-2022-39306 | — | < 0.1.1673279145.e7616bd-1.32.1 | 0.1.1673279145.e7616bd-1.32.1 | Nov 9, 2022 | Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the o | ||
| CVE-2022-39229 | — | < 0.1.1673279145.e7616bd-1.32.1 | 0.1.1673279145.e7616bd-1.32.1 | Oct 13, 2022 | Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are | ||
| CVE-2022-39201 | — | < 0.1.1673279145.e7616bd-1.32.1 | 0.1.1673279145.e7616bd-1.32.1 | Oct 13, 2022 | Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints un | ||
| CVE-2022-31130 | — | < 0.1.1673279145.e7616bd-1.32.1 | 0.1.1673279145.e7616bd-1.32.1 | Oct 13, 2022 | Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoint | ||
| CVE-2022-31123 | — | < 0.1.1673279145.e7616bd-1.32.1 | 0.1.1673279145.e7616bd-1.32.1 | Oct 13, 2022 | Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though uns | ||
| CVE-2022-31107 | — | < 0.1.1661440542.6cbe0da-1.29.1 | 0.1.1661440542.6cbe0da-1.29.1 | Jul 15, 2022 | Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take ove | ||
| CVE-2022-31097 | — | < 0.1.1661440542.6cbe0da-1.29.1 | 0.1.1661440542.6cbe0da-1.29.1 | Jul 15, 2022 | Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability | ||
| CVE-2022-21698 | — | < 0.1.1661440542.6cbe0da-1.29.1 | 0.1.1661440542.6cbe0da-1.29.1 | Feb 15, 2022 | client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde | ||
| CVE-2019-10136 | — | < 0.1.1564399963.cf19a13-1.12.1 | 0.1.1564399963.cf19a13-1.12.1 | Jul 2, 2019 | It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. |
- CVE-2023-28370May 25, 2023affected < 0.1.1687520761.cefb248-1.35.2fixed 0.1.1687520761.cefb248-1.35.2
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
- CVE-2022-39307Nov 9, 2022affected < 0.1.1673279145.e7616bd-1.32.1fixed 0.1.1673279145.e7616bd-1.32.1
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” m
- CVE-2022-39306Nov 9, 2022affected < 0.1.1673279145.e7616bd-1.32.1fixed 0.1.1673279145.e7616bd-1.32.1
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the o
- CVE-2022-39229Oct 13, 2022affected < 0.1.1673279145.e7616bd-1.32.1fixed 0.1.1673279145.e7616bd-1.32.1
Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are
- CVE-2022-39201Oct 13, 2022affected < 0.1.1673279145.e7616bd-1.32.1fixed 0.1.1673279145.e7616bd-1.32.1
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints un
- CVE-2022-31130Oct 13, 2022affected < 0.1.1673279145.e7616bd-1.32.1fixed 0.1.1673279145.e7616bd-1.32.1
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoint
- CVE-2022-31123Oct 13, 2022affected < 0.1.1673279145.e7616bd-1.32.1fixed 0.1.1673279145.e7616bd-1.32.1
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though uns
- CVE-2022-31107Jul 15, 2022affected < 0.1.1661440542.6cbe0da-1.29.1fixed 0.1.1661440542.6cbe0da-1.29.1
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take ove
- CVE-2022-31097Jul 15, 2022affected < 0.1.1661440542.6cbe0da-1.29.1fixed 0.1.1661440542.6cbe0da-1.29.1
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability
- CVE-2022-21698Feb 15, 2022affected < 0.1.1661440542.6cbe0da-1.29.1fixed 0.1.1661440542.6cbe0da-1.29.1
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde
- CVE-2019-10136Jul 2, 2019affected < 0.1.1564399963.cf19a13-1.12.1fixed 0.1.1564399963.cf19a13-1.12.1
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.