openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:0353-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0353-1 advisory. - Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugi...

Session fixation

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the...

Open redirect

Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be...

CVE-2022-23552 Grafana stored XSS in FileUploader component

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly...

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today Id like to share with a project Im working on since holidays, where the mentioned...

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...

openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:4437-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4437-1 advisory. - ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote...

This Week in Spring - January 17th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I went to Helsinki, Finland, last week, and this week Im in Atlanta, Georgia, to speak at the Atlanta Java User Group. And, of course, next week, Ill be in New York to join a viewing party for the airing of SpringOne...

This Week in Spring - January 17th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I went to Helsinki, Finland, last week, and this week I'm in Atlanta, Georgia, to speak at the Atlanta Java User Group. And, of course, next week, I'll be in New York to join a viewing party for the airing of SpringOne...

SolarWinds Platform 2022.4.1

The version of SolarWinds Platform installed on the remote host is prior to 2022.4.1. It is, therefore, affected by a vulnerability as referenced in the hybridcloudobservabilitysolarwindsplatform202241 advisory. - Sensitive information was stored in plain text in a file that is accessible by a us...

CVE-2022-47512 Sensitive Data Disclosure Vulnerability

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability HCO/ SolarWinds Platform 2022.4. No other versions are affected...

CVE-2022-47512

CVE-2022-47512 affects SolarWinds Hybrid Cloud Observability / SolarWinds Platform 2022.4 (prior to 2022.4.1). The issue is that sensitive information was stored in plain text in a file accessible to a local-accoung user, leading to potential confidentiality impact (CVE-2022-47512). The CVSS cont...

CVE-2022-47512 Sensitive Data Disclosure Vulnerability

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability HCO/ SolarWinds Platform 2022.4. No other versions are affected...

CVE-2022-47512

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability HCO/ SolarWinds Platform 2022.4. No other versions are affected...

CVE-2022-47512

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability HCO/ SolarWinds Platform 2022.4. No other versions are affected...

PT-2022-28066 · Solarwinds · Hybrid Cloud Observability +1

Name of the Vulnerable Software and Affected Versions: Hybrid Cloud Observability HCO/ SolarWinds Platform version 2022.4 Description: Sensitive information was stored in plain text in a file that is accessible by a user with a local account. Recommendations: For Hybrid Cloud Observability HCO/...

AlmaLinux 9 : grafana (ALSA-2022:8057)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8057 advisory. - The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting XSS due to improper sanitization in sanitizeUrl function...

FreeBSD : Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (6f6c9420-6297-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f6c9420-6297-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open source observability and data visualization platform. Versions of Grafana for...

AlmaLinux 8 : grafana (ALSA-2022:7519)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7519 advisory. - The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting XSS due to improper sanitization in sanitizeUrl function...