openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2025:0525-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.18.2.2025.0525.1

Kategorie: openSUSE Local Security Checks

Titel: openSUSE Security Advisory (SUSE-SU-2025:0525-1)

Zusammenfassung: The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2025:0525-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2025:0525-1 advisory.

Vulnerability Insight:
+ Numerous fixes across scraping, API, TSDB, PromQL, and service discovery.
* For a detailed list of changes consult the package changelog or
[link moved to references]

grafana was updated from version 9.5.18 to 10.4.13 (jsc#PED-11591,jsc#PED-11649):

- Security issues fixed:
* CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading
golang.org/x/crypto (bsc#1234554)
* CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth (bsc#1212641)
* CVE-2023-6152: Add email verification when updating user email (bsc#1219912)
* CVE-2024-6837: Fixed potential data source permission escalation (bsc#1236301)
* CVE-2024-8118: Fixed permission on external alerting rule write endpoint (bsc#1231024)

- Potential breaking changes in version 10:
* In panels using the `extract fields` transformation, where one
of the extracted names collides with one of the already
existing ields, the extracted field will be renamed.
* For the existing backend mode users who have table
visualization might see some inconsistencies on their panels.
We have updated the table column naming. This will
potentially affect field transformations and/or field
overrides. To resolve this either: update transformation or
field override.
* For the existing backend mode users who have Transformations
with the `time` field, might see their transformations are
not working. Those panels that have broken transformations
will fail to render. This is because we changed the field
key. To resolve this either: Remove the affected panel and
re-create it, Select the `Time` field again, Edit the `time`
field as `Time` for transformation in `panel.json` or
`dashboard.json`
* The following data source permission endpoints have been removed:
`GET /datasources/:datasourceId/permissions`
`POST /api/datasources/:datasourceId/permissions`
`DELETE /datasources/:datasourceId/permissions`
`POST /datasources/:datasourceId/enable-permissions`
`POST /datasources/:datasourceId/disable-permissions`
+ Please use the following endpoints instead:
`GET /api/access-control/datasources/:uid` for listing data
source permissions
`POST /api/access-control/datasources/:uid/users/:id`,
`POST /api/access-control/datasources/:uid/teams/:id` and
`POST /api/access-control/datasources/:uid/buildInRoles/:id`
for adding or removing data source permissions
* If you are using Terraform Grafana provider to manage data source permissions, you will need to upgrade your
provider.
* For the existing backend mode users who have table visualization might see some inconsistencies on their panels.
We have updated the table column naming. This will potentially affect field transformations and/or field overrides.
* The deprecated `/playlists/{uid}/dashboards` API endpoint has been removed.
Dashboard information can be retrieved from the `/dashboard/...` APIs.
* The `PUT /api/folders/:uid` endpoint ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'SUSE Manager Client Tools' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-3128
https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp
https://grafana.com/security/security-advisories/cve-2023-3128/
Common Vulnerability Exposure (CVE) ID: CVE-2023-6152
https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f
https://grafana.com/security/security-advisories/cve-2023-6152/
Common Vulnerability Exposure (CVE) ID: CVE-2024-22037
Common Vulnerability Exposure (CVE) ID: CVE-2024-45337
Common Vulnerability Exposure (CVE) ID: CVE-2024-51744
Common Vulnerability Exposure (CVE) ID: CVE-2024-6837
Common Vulnerability Exposure (CVE) ID: CVE-2024-8118

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.18.2.2025.0525.1
Kategorie:	openSUSE Local Security Checks
Titel:	openSUSE Security Advisory (SUSE-SU-2025:0525-1)
Zusammenfassung:	The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2025:0525-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'SUSE Manager Client Tools' package(s) announced via the SUSE-SU-2025:0525-1 advisory. Vulnerability Insight: + Numerous fixes across scraping, API, TSDB, PromQL, and service discovery. * For a detailed list of changes consult the package changelog or [link moved to references] grafana was updated from version 9.5.18 to 10.4.13 (jsc#PED-11591,jsc#PED-11649): - Security issues fixed: * CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto (bsc#1234554) * CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth (bsc#1212641) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) * CVE-2024-6837: Fixed potential data source permission escalation (bsc#1236301) * CVE-2024-8118: Fixed permission on external alerting rule write endpoint (bsc#1231024) - Potential breaking changes in version 10: * In panels using the `extract fields` transformation, where one of the extracted names collides with one of the already existing ields, the extracted field will be renamed. * For the existing backend mode users who have table visualization might see some inconsistencies on their panels. We have updated the table column naming. This will potentially affect field transformations and/or field overrides. To resolve this either: update transformation or field override. * For the existing backend mode users who have Transformations with the `time` field, might see their transformations are not working. Those panels that have broken transformations will fail to render. This is because we changed the field key. To resolve this either: Remove the affected panel and re-create it, Select the `Time` field again, Edit the `time` field as `Time` for transformation in `panel.json` or `dashboard.json` * The following data source permission endpoints have been removed: `GET /datasources/:datasourceId/permissions` `POST /api/datasources/:datasourceId/permissions` `DELETE /datasources/:datasourceId/permissions` `POST /datasources/:datasourceId/enable-permissions` `POST /datasources/:datasourceId/disable-permissions` + Please use the following endpoints instead: `GET /api/access-control/datasources/:uid` for listing data source permissions `POST /api/access-control/datasources/:uid/users/:id`, `POST /api/access-control/datasources/:uid/teams/:id` and `POST /api/access-control/datasources/:uid/buildInRoles/:id` for adding or removing data source permissions * If you are using Terraform Grafana provider to manage data source permissions, you will need to upgrade your provider. * For the existing backend mode users who have table visualization might see some inconsistencies on their panels. We have updated the table column naming. This will potentially affect field transformations and/or field overrides. * The deprecated `/playlists/{uid}/dashboards` API endpoint has been removed. Dashboard information can be retrieved from the `/dashboard/...` APIs. * The `PUT /api/folders/:uid` endpoint ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'SUSE Manager Client Tools' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-3128 https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp https://grafana.com/security/security-advisories/cve-2023-3128/ Common Vulnerability Exposure (CVE) ID: CVE-2023-6152 https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f https://grafana.com/security/security-advisories/cve-2023-6152/ Common Vulnerability Exposure (CVE) ID: CVE-2024-22037 Common Vulnerability Exposure (CVE) ID: CVE-2024-45337 Common Vulnerability Exposure (CVE) ID: CVE-2024-51744 Common Vulnerability Exposure (CVE) ID: CVE-2024-6837 Common Vulnerability Exposure (CVE) ID: CVE-2024-8118
Copyright	Copyright (C) 2025 Greenbone AG