Synopsis
The remote openSUSE host is missing one or more security updates.
Description
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21351-1 advisory.
Changes in grafana:
- Add UI web assets as additional source tarball
- Update to version 12.4.5 (jsc#PED-16512):
* Datasources: return 400 when payload UID does not match URL UID in PUT /api/datasources/uid/:uid
- Update to version 12.4.4:
* Security and quality updates.
* Various bug fixes and enhancements.
- Update to version 12.4.3:
* Analytics: Keep internal dashboard id.
* Go: Update to 1.25.9.
* Reporting: Correctly apply appSubURL to report settings requests.
* Alerting: Document Grafana HA Alertmanager cluster metrics prefix change.
- Update to version 12.4.2:
* Various bug fixes and performance improvements.
* Dependency updates to core plugins and UI libraries.
- Update to version 12.4.1:
* Bug fixes and minor quality-of-life enhancements.
* Updates to data source provisioning and dashboard schemas.
- Update to version 12.4.0:
* Introduced dynamic dashboards in public preview.
* Added a new side toolbar that replaces the second top toolbar to provide additional vertical space.
* Added the ability to create dashboards from templates using sample data.
* Revamped the gauge visualization with rounded bars, configurable bar thickness, and endpoint markers.
* Added support to map one variable to multiple values.
* CVE-2025-12141: Fixed information leakage in Grafana Alerting (bsc#1262187)
- Update to version 12.3.0:
* Released a completely redesigned logs visualization.
* Added the ability to export dashboards directly as PNG images.
* Introduced an interactive learning experience within the Grafana UI.
* Added a Switch template variable type to quickly toggle between values in queries.
* Added functionality to style table cells using CSS properties via the field cell option.
- Update to version 12.2.0:
* Routine feature enhancements, minor bug fixes, and security patches.
- Update to version 12.1.0:
* Added support for Entra Workload Identity to enhance authentication capabilities with federated credentials.
* Redesigned the alert rule list page.
* Renamed Mute Timings to Active Time Intervals in Grafana Alerting.
* Added support for Service Account Impersonation in the BigQuery data source.
* Introduced the Grafana Advisor in public preview.
- Update to version 12.0.0:
* BREAKING: Removed AngularJS and all deprecated UI Extensions APIs.
* BREAKING: Enforced stricter version compatibility checks in plugin CLI install commands.
* BREAKING: Enabled the failWrongDSUID feature flag by default, which rejects data sources with incorrect UIDs.
* MIGRATION: Triggered a full-table rewrite for the annotation table, which may temporarily increase disk usage.
* Introduced a new dashboard schema to replace the original single grid layout.
- CVE-2026-41607: Fix potential information disclosure in Apache Thrift (bsc#1263272)
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected grafana package.
Plugin Details
File Name: openSUSE-2026-21351-1.nasl
Agent: unix
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
Vulnerability Information
CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:grafana
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 7/14/2026
Vulnerability Publication Date: 2/25/2026