pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2020-1966/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

143 lines
5.4 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201966",
"Version": "oval:org.altlinux.errata:def:20201966",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1966: package `grafana` update to version 6.7.3-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1966",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1966",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-03230",
"RefURL": "https://bdu.fstec.ru/vul/2020-03230",
"Source": "BDU"
},
{
"RefID": "CVE-2020-11110",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-11110",
"Source": "CVE"
},
{
"RefID": "CVE-2020-12052",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-12052",
"Source": "CVE"
},
{
"RefID": "CVE-2020-12245",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-12245",
"Source": "CVE"
},
{
"RefID": "CVE-2020-12458",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-12458",
"Source": "CVE"
}
],
"Description": "This update upgrades grafana to version 6.7.3-alt1. \nSecurity Fix(es):\n\n * BDU:2020-03230: Уязвимость компонентов column.title и cellLinkTooltip веб-инструмента представления данных Grafana, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)\n\n * CVE-2020-11110: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.\n\n * CVE-2020-12052: Grafana version \u003c 6.7.3 is vulnerable for annotation popup XSS.\n\n * CVE-2020-12245: Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.\n\n * CVE-2020-12458: An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-05-15"
},
"Updated": {
"Date": "2020-05-15"
},
"BDUs": [
{
"ID": "BDU:2020-03230",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2020-03230",
"Impact": "Low",
"Public": "20200424"
}
],
"CVEs": [
{
"ID": "CVE-2020-11110",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-11110",
"Impact": "Low",
"Public": "20200727"
},
{
"ID": "CVE-2020-12052",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-12052",
"Impact": "Low",
"Public": "20200427"
},
{
"ID": "CVE-2020-12245",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-12245",
"Impact": "Low",
"Public": "20200424"
},
{
"ID": "CVE-2020-12458",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-732",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-12458",
"Impact": "Low",
"Public": "20200429"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201966001",
"Comment": "grafana is earlier than 0:6.7.3-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink