Moderate severityNVD Advisory· Published Jul 27, 2020· Updated Aug 4, 2024
CVE-2020-11110
CVE-2020-11110
Description
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Grafana ≤6.7.1 stored XSS via unsanitized originalUrl field in dashboard snapshots, enabling arbitrary JavaScript execution.
Vulnerability
CVE-2020-11110 is a stored cross-site scripting (XSS) vulnerability in Grafana versions up to and including 6.7.1. The root cause is insufficient input sanitization of the originalUrl field when creating dashboard snapshots. An attacker can inject arbitrary JavaScript into this field, which is later rendered without proper encoding [1].
Exploitation
To exploit the vulnerability, an attacker must have access to create a dashboard snapshot (a standard feature in Grafana). The malicious payload is placed in the originalUrl parameter. When a victim views the snapshot and clicks the "Open Original Dashboard" link, the injected JavaScript executes in the context of the victim's browser session [1][2]. No additional authentication is required beyond the ability to create snapshots.
Impact
Successful exploitation allows the attacker to perform actions on behalf of the victim, such as stealing session cookies, modifying dashboards, or exfiltrating sensitive data displayed in Grafana. Because the XSS is stored, the payload persists until the snapshot is deleted or the fix is applied.
Mitigation
The vulnerability was fixed in Grafana version 6.7.2, released on April 1, 2020. The fix, implemented in pull request #23254, adds proper sanitization of the originalUrl field [2][4]. Users are strongly advised to upgrade to Grafana 6.7.2 or later. No workaround is available for unpatched versions.
References
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/grafana/grafanaGo | < 6.7.2 | 6.7.2 |
Affected products
254- Grafana/Grafanadescription
- osv-coords253 versionspkg:bitnami/grafanapkg:golang/github.com/grafana/grafanapkg:rpm/almalinux/grafanapkg:rpm/almalinux/grafana-azure-monitorpkg:rpm/almalinux/grafana-cloudwatchpkg:rpm/almalinux/grafana-elasticsearchpkg:rpm/almalinux/grafana-graphitepkg:rpm/almalinux/grafana-influxdbpkg:rpm/almalinux/grafana-lokipkg:rpm/almalinux/grafana-mssqlpkg:rpm/almalinux/grafana-mysqlpkg:rpm/almalinux/grafana-opentsdbpkg:rpm/almalinux/grafana-postgrespkg:rpm/almalinux/grafana-prometheuspkg:rpm/almalinux/grafana-stackdriverpkg:rpm/suse/ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-cobbler&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-installer-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-mq&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-opsconsole-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-osconfig&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-swift&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/cassandra&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/cassandra&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grafana&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/grafana-natel-discrete-panel&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-aodh&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-aodh-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-barbican-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-cinder-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-gnocchi&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ironic-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ironic-python-agent&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ironic-python-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-magnum&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-magnum-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-monasca-installer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-murano&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-murano-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-vpnaas-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-sahara&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-sahara-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-ardana-packager&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-ardana-packager&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-elementpath&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-elementpath&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Flask-Cors&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Flask-Cors&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Flask-Cors&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-keystoneclient&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-keystoneclient&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-keystoneclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-keystonemiddleware&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-keystonemiddleware&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-keystonemiddleware&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-kombu&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-kombu&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-kombu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-Pillow&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-straight-plugin&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-straight-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-urllib3&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-xmlschema&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-xmlschema&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/release-notes-hpe-helion-openstack&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-activerecord-session_store&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/storm&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208
< 6.7.2+ 252 more
- (no CPE)range: < 6.7.2
- (no CPE)range: < 6.7.2
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 2.2.3.0-17.2
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 8.0+git.1596735237.54109b1-3.77.1
- (no CPE)range: < 8.0+git.1596735237.54109b1-3.77.1
- (no CPE)range: < 9.0+git.1596813072.110811d-3.25.2
- (no CPE)range: < 8.0+git.1596129856.263f430-3.43.1
- (no CPE)range: < 8.0+git.1596129856.263f430-3.43.1
- (no CPE)range: < 9.0+git.1596129576.0b3d3ce-3.13.2
- (no CPE)range: < 9.0+git.1588258487.3acf8ad-3.16.2
- (no CPE)range: < 8.0+git.1593631779.76fa9b7-3.24.1
- (no CPE)range: < 8.0+git.1593631779.76fa9b7-3.24.1
- (no CPE)range: < 9.0+git.1569535129.ca87ef0-3.13.2
- (no CPE)range: < 8.0+git.1593618123.678c32b-3.26.1
- (no CPE)range: < 8.0+git.1593618123.678c32b-3.26.1
- (no CPE)range: < 9.0+git.1615223676.777f0b3-3.25.2
- (no CPE)range: < 8.0+git.1601298847.dd01585-3.42.1
- (no CPE)range: < 8.0+git.1601298847.dd01585-3.42.1
- (no CPE)range: < 9.0+git.1566593422.813e56c-4.13.2
- (no CPE)range: < 8.0+git.1595885113.93abcbc-3.49.1
- (no CPE)range: < 8.0+git.1595885113.93abcbc-3.49.1
- (no CPE)range: < 9.0+git.1597427032.a062830-3.19.2
- (no CPE)range: < 9.0+git.1618235096.90974ed-3.10.2
- (no CPE)range: < 3.11.10-3.3.3
- (no CPE)range: < 3.11.10-3.3.3
- (no CPE)range: < 4.0+git.1600767499.0615a418f-9.69.3
- (no CPE)range: < 5.0+git.1600432272.b3ad722f0-3.44.1
- (no CPE)range: < 6.0+git.1598519900.770074aa7-3.28.4
- (no CPE)range: < 4.0+git.1599037255.25b759234-9.74.4
- (no CPE)range: < 5.0+git.1599037158.5c4d07480-4.43.1
- (no CPE)range: < 6.0+git.1616146717.a89ae0f4e-3.34.4
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 4.6.5-3.13.1
- (no CPE)range: < 6.7.4-1.17.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 6.7.4-3.17.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 6.7.4-3.17.1
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 0.0.9-1.6.5
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 0.0.9-4.3.3
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 0.0.9-4.3.3
- (no CPE)range: < 4.6.6-4.9.2
- (no CPE)range: < 4.6.6-4.9.2
- (no CPE)range: < 3.0.5~dev2-2.11.2
- (no CPE)range: < 3.0.5~dev2-2.11.1
- (no CPE)range: < 3.0.1~dev9-2.12.4
- (no CPE)range: < 3.0.1~dev9-2.12.2
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 9.1.5~dev6-4.28.1
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 13.0.10~dev16-3.25.3
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 13.0.10~dev16-3.25.3
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 9.1.5~dev6-4.28.1
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 14.1.1~dev7-3.18.3
- (no CPE)range: < 14.1.1~dev7-3.18.3
- (no CPE)range: < 3.0.7~dev1-2.8.2
- (no CPE)range: < 7.0.7~dev10-5.17.3
- (no CPE)range: < 7.0.7~dev10-5.17.2
- (no CPE)range: < 6.2.5~dev3-2.8.2
- (no CPE)range: < 11.1.5~dev16-3.22.3
- (no CPE)range: < 11.1.5~dev16-3.22.3
- (no CPE)range: < 6.2.5~dev3-2.8.2
- (no CPE)range: < 3.3.4~dev5-3.16.2
- (no CPE)range: < 3.3.4~dev5-3.16.2
- (no CPE)range: < 3.3.2~dev7-14.14.4
- (no CPE)range: < 3.3.2~dev7-14.14.2
- (no CPE)range: < 3.0.1~dev30-4.17.2
- (no CPE)range: < 7.4.2~dev54-4.27.3
- (no CPE)range: < 7.4.2~dev54-4.27.3
- (no CPE)range: < 3.0.1~dev30-4.17.1
- (no CPE)range: < 1.10.1~dev4-13.3
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 3.0.1~dev21-7.5.3
- (no CPE)range: < 3.0.1~dev21-7.5.1
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 9.4.2~dev21-7.43.2
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 13.0.8~dev95-3.28.3
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 13.0.8~dev95-3.28.3
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 9.4.2~dev21-7.43.1
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 12.0.1~dev29-3.25.3
- (no CPE)range: < 12.0.1~dev29-3.25.3
- (no CPE)range: < 9.0.1~dev8-5.8.2
- (no CPE)range: < 9.0.1~dev8-5.8.2
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 14.0.11~dev13-4.45.3
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 18.3.1~dev54-3.28.3
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 18.3.1~dev54-3.28.3
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 14.0.11~dev13-4.45.2
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 5.0.2~dev3-14.3
- (no CPE)range: < 5.0.2~dev3-14.1
- (no CPE)range: < 0.0.3-7.7.2
- (no CPE)range: < 0.0.3-7.7.2
- (no CPE)range: < 1.11.29-3.25.1
- (no CPE)range: < 1.11.29-3.25.1
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 1.3.1-1.3.2
- (no CPE)range: < 1.3.1-1.3.2
- (no CPE)range: < 3.0.3-3.3.1
- (no CPE)range: < 3.0.3-3.3.1
- (no CPE)range: < 3.0.3-4.3.2
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 2.8.1-4.17.2
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 1.5.4-3.3.2
- (no CPE)range: < 1.5.4-3.3.2
- (no CPE)range: < 4.5.0-4.6.2
- (no CPE)range: < 4.5.0-4.6.2
- (no CPE)range: < 1.5.0-1.3.1
- (no CPE)range: < 1.5.0-1.3.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 1.0.18-1.3.2
- (no CPE)range: < 1.0.18-1.3.2
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 0.1.2-4.3.2
- (no CPE)range: < 3.9.3-7.23.1
- (no CPE)range: < 3.9.3-1.1
- (no CPE)range: < 3.9.3-3.9.1
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 1.2.3-3.3.4
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 1.2.3-3.3.4
- (no CPE)range: < 5.1.1~dev7-12.28.1
- (no CPE)range: < 5.1.1~dev7-12.28.1
- (no CPE)range: < 5.0.2~dev3-12.29.1
- (no CPE)range: < 5.0.2~dev3-12.29.1
- (no CPE)range: < 7.0.1~dev24-3.23.1
- (no CPE)range: < 9.0.8~dev7-12.26.1
- (no CPE)range: < 9.0.8~dev7-12.26.1
- (no CPE)range: < 11.2.3~dev29-14.30.1
- (no CPE)range: < 11.2.3~dev29-14.30.1
- (no CPE)range: < 13.0.10~dev16-3.22.3
- (no CPE)range: < 5.0.3~dev7-12.27.1
- (no CPE)range: < 5.0.3~dev7-12.27.1
- (no CPE)range: < 7.0.2~dev2-3.23.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.24.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.24.1
- (no CPE)range: < 15.0.3~dev3-12.27.1
- (no CPE)range: < 15.0.3~dev3-12.27.1
- (no CPE)range: < 17.0.1~dev30-3.21.1
- (no CPE)range: < 9.0.8~dev22-12.29.1
- (no CPE)range: < 9.0.8~dev22-12.29.1
- (no CPE)range: < 11.0.4~dev4-3.23.1
- (no CPE)range: < 12.0.5~dev3-14.32.1
- (no CPE)range: < 14.1.1~dev7-4.21.3
- (no CPE)range: < 12.0.5~dev3-14.32.1
- (no CPE)range: < 9.1.8~dev8-12.29.1
- (no CPE)range: < 9.1.8~dev8-12.29.1
- (no CPE)range: < 11.1.5~dev16-4.17.2
- (no CPE)range: < 12.0.4~dev11-11.30.1
- (no CPE)range: < 12.0.4~dev11-11.30.1
- (no CPE)range: < 14.2.1~dev4-3.24.3
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.28.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.28.1
- (no CPE)range: < 7.2.1~dev1-4.23.1
- (no CPE)range: < 5.1.1~dev5-12.33.1
- (no CPE)range: < 5.1.1~dev5-12.33.1
- (no CPE)range: < 7.4.2~dev54-3.23.2
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.24.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.24.1
- (no CPE)range: < 1.8.2~dev3-3.23.2
- (no CPE)range: < 2.2.2~dev1-11.24.1
- (no CPE)range: < 2.2.2~dev1-11.24.1
- (no CPE)range: < 2.7.1~dev10-3.21.1
- (no CPE)range: < 4.0.2~dev2-12.24.1
- (no CPE)range: < 4.0.2~dev2-12.24.1
- (no CPE)range: < 11.0.9~dev69-13.32.1
- (no CPE)range: < 11.0.9~dev69-13.32.1
- (no CPE)range: < 13.0.8~dev95-6.21.3
- (no CPE)range: < 16.1.9~dev76-11.30.1
- (no CPE)range: < 16.1.9~dev76-11.30.1
- (no CPE)range: < 18.3.1~dev54-3.21.2
- (no CPE)range: < 1.0.6~dev3-12.29.1
- (no CPE)range: < 1.0.6~dev3-12.29.1
- (no CPE)range: < 3.2.3~dev7-4.23.1
- (no CPE)range: < 7.0.5~dev4-11.28.1
- (no CPE)range: < 7.0.5~dev4-11.28.1
- (no CPE)range: < 9.0.2~dev15-3.23.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.21.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.21.1
- (no CPE)range: < 2.19.2~dev48-2.18.1
- (no CPE)range: < 8.0.2~dev2-11.28.1
- (no CPE)range: < 8.0.2~dev2-11.28.1
Patches
1fb114a75241aSnapshots: Sanitize orignal url (#23254)
1 file changed · +3 −1
public/app/features/dashboard/components/DashNav/DashNav.tsx+3 −1 modified@@ -17,6 +17,7 @@ import { DashboardModel } from '../../state'; import { CoreEvents, StoreState } from 'app/types'; import { ShareModal } from 'app/features/dashboard/components/ShareModal'; import { SaveDashboardModalProxy } from 'app/features/dashboard/components/SaveDashboard/SaveDashboardModalProxy'; +import { sanitizeUrl } from 'app/core/utils/text'; export interface OwnProps { dashboard: DashboardModel; @@ -134,6 +135,7 @@ export class DashNav extends PureComponent<Props> { const { canStar, canSave, canShare, showSettings, isStarred } = dashboard.meta; const { snapshot } = dashboard; const snapshotUrl = snapshot && snapshot.originalUrl; + return ( <div className="navbar"> {isFullscreen && this.renderBackButton()} @@ -222,7 +224,7 @@ export class DashNav extends PureComponent<Props> { tooltip="Open original dashboard" classSuffix="snapshot-origin" icon="gicon gicon-link" - href={snapshotUrl} + href={sanitizeUrl(snapshotUrl)} /> )}
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-xr3x-62qw-vc4wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-11110ghsaADVISORY
- github.com/grafana/grafana/blob/master/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/grafana/grafana/commit/fb114a75241aaef4c08581b42509c750738b768aghsaWEB
- github.com/grafana/grafana/pull/23254ghsaWEB
- security.netapp.com/advisory/ntap-20200810-0002ghsaWEB
- security.netapp.com/advisory/ntap-20200810-0002/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.