Security update for grafana-piechart-panel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:3175-1 Final 1 1 2021-09-21T14:27:58Z current 2021-09-21T14:27:58Z 2021-09-21T14:27:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for grafana-piechart-panel This update for grafana-piechart-panel fixes the following issues: - CVE-2020-13429: Fixed XSS via the Values Header option in the piechart-panel (bsc#1172125). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-3175 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JN7UM2F5HQYAKPOO75CIJNTXDGDU6ZTJ/ E-Mail link for openSUSE-SU-2021:3175-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1172125 SUSE Bug 1172125 https://www.suse.com/security/cve/CVE-2020-13429/ SUSE CVE CVE-2020-13429 page openSUSE Leap 15.3 grafana-piechart-panel-1.6.1-3.6.1 grafana-piechart-panel-1.6.1-3.6.1 as a component of openSUSE Leap 15.3 legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option. CVE-2020-13429 openSUSE Leap 15.3:grafana-piechart-panel-1.6.1-3.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JN7UM2F5HQYAKPOO75CIJNTXDGDU6ZTJ/ https://www.suse.com/security/cve/CVE-2020-13429.html CVE-2020-13429 https://bugzilla.suse.com/1172125 SUSE Bug 1172125