{"affected":[{"ecosystem_specific":{"binaries":[{"grafana":"7.5.12-150100.3.9.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 6","name":"grafana","purl":"pkg:rpm/suse/grafana&distro=SUSE%20Enterprise%20Storage%206"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.5.12-150100.3.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for grafana fixes the following issues:\n\nUpdated to version 7.5.12:\n- CVE-2021-43813: Fixed markdown path traversal (bsc#1193688).\n- CVE-2021-39226: Fixed Snapshot authentication bypass (bsc#1191454).\n","id":"SUSE-SU-2022:3425-1","modified":"2022-09-27T08:42:31Z","published":"2022-09-27T08:42:31Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20223425-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191454"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193688"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-39226"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43813"}],"related":["CVE-2021-39226","CVE-2021-43813"],"summary":"Security update for grafana","upstream":["CVE-2021-39226","CVE-2021-43813"]}