Bugzilla – Bug 1172128
VUL-0: CVE-2020-13430: grafana: XSS via the OpenTSDB datasource.
Last modified: 2020-08-04 07:29:03 UTC
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
All our codestreams seem affected. Specifically:
Is this still relevant for SES when we do not need, provide nor support TSDB as data source?
(In reply to Patrick Seidensal from comment #2)
> Is this still relevant for SES when we do not need, provide nor support TSDB
> as data source?
If we do not provide it then no. I will adjust the tracking
(In reply to Alexandros Toptsoglou from comment #1)
> All our codestreams seem affected. Specifically:
> Cloud 7,8,9
> SES 5,6
Cloud also does not need, provide nor support OpenTSDB as data source.
Assigning it back to the security team.
SLE12 and SLE15 are in 7.0.3 version which is an already fixed version storage and cloud products do not need, provide nor support OpenTSDB as data source. Closing