Context Propagation with Project Reactor 2 - The bumpy road of Spring Cloud Sleuth

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative Spring Cloud Sleuth recently became Micrometer Tracing, part of the Micrometer project. Most of the tracing instrumentation is centered within Micrometer und...

Context Propagation with Project Reactor 2 - The bumpy road of Spring Cloud Sleuth

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative Spring Cloud Sleuth recently became Micrometer Tracing, part of the Micrometer project. Most of the tracing instrumentation is centered within Micrometer und...

About the security content of macOS Ventura 13.3

About the security content of macOS Ventura 13.3 This document describes the security content of macOS Ventura 13.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

About the security content of watchOS 9.4

About the security content of watchOS 9.4 This document describes the security content of watchOS 9.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Context Propagation with Project Reactor 1 - The Basics

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative Spring Boot 3 and Spring Framework 6 brought us a unified and consistent way to enable Observability in applications that use Micrometer. The evolution from...

CVE-2023-1410

Grafana (open-source platform) contains a stored XSS in the Graphite FunctionDescription tooltip due to insufficient sanitization. Exploitation requires attacker control of the Graphite data source and an admin to configure it, followed by a user hovering over a tampered function description. Aff...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:0812-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0812-1 advisory. - Grafana is an open-source platform for monitoring and observability. Starting with the 8.1...

CVE-2023-27595

CVE-2023-27595 affects Cilium 1.13.0 where, on startup, a brief window occurs during which Cilium eBPF programs are not attached to the host, leaving the host without Cilium features. This can disrupt newly established connections due to lack of Load Balancing and may permit Network Policy bypass...

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...

IBM Observability with Instana Access Control Error Vulnerability

IBM Observability with Instana is a powerful application performance monitoring solution from International Business Machines IBM that enables faster performance tracking and incident resolution.IBM Observability with Instana suffers from an access control error vulnerability that stems from the...

CVE-2023-22462

Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be...

CVE-2023-22462

Grafana CVE-2023-22462 describes a stored XSS in the core Text panel/plugin. The vulnerability requires two users with Editor-like access: one to inject JavaScript into the Text panel, and another to toggle to Markdown/HTML so the code executes, enabling vertical privilege escalation (Admin passw...

Grafana vulnerable to Cross-site Scripting

Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...

GHSA-HJV9-HM2F-RPCJ Grafana vulnerable to Cross-site Scripting

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript...

CVE-2023-0594

Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...

CVE-2023-0507

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript...

CVE-2023-0594

Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...

CVE-2023-0813

A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without...

Important: Red Hat Security Advisory: Network observability 1.1.0 security update

Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:0353-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0353-1 advisory. - Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugi...