NetEye Product Security has rated this update as having a high security impact.
Topic
An update for the grafana packages is now available for NetEye 4.
Security Fix for NetEye 4.48
grafana-12.4.3_neteye3.31.1-1
Summary
A Grafana Editor can overwrite a dashboard not owned by them to acquire admin permission on that specific dashboard. The user must have write access to the dashboard to escalate privilege.
For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section in the User Guide.
Fix: monitoring links from the Event Overview When opening a link from the Event Overview page, the monitoring URL was supposed to be translated into the corresponding IcingaDB link. The translation was only handled on a simple click, though, so Read More
Improve visibility of Feature command state icons Feature command state icons and captions were difficult to see against the white background in the UI. To improve readability and accessibility, we updated the icon and caption colors to provide stronger contrast Read More
Rarely has a title been more fitting: Transform metrics into alerts. It's not just a description of what the system does – it's also the exact name of the Elastic tool that makes it possible. Transforms, in their technical meaning, Read More
Important: Keycloak security update Type/Severity NetEye Product Security has rated this update as having a high security impact. Topic An update for the keycloak packages is now available for NetEye 4. Security Fix for NetEye 4.48 26.6.2_neteye1.40.0-1 Summary This vulnerability allows an attacker Read More
Fix HEAD HTTP method not supported We resolved a compatibility issue affecting HEAD requests to NetEye endpoints. These requests could previously time out because the method was not fully supported by the underlying architecture. As a result, some procedures could Read More
