Moderate severityNVD Advisory· Published Apr 24, 2020· Updated Aug 4, 2024
CVE-2020-12245
CVE-2020-12245
Description
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/grafana/grafanaGo | < 6.7.3 | 6.7.3 |
Affected products
88- Grafana/Grafanadescription
- osv-coords87 versionspkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-12.2pkg:apk/chainguard/grafana-fips-12.3pkg:apk/chainguard/grafana-fips-12.4pkg:apk/chainguard/grafana-fips-13.0pkg:bitnami/grafanapkg:golang/github.com/grafana/grafanapkg:rpm/almalinux/grafanapkg:rpm/almalinux/grafana-azure-monitorpkg:rpm/almalinux/grafana-cloudwatchpkg:rpm/almalinux/grafana-elasticsearchpkg:rpm/almalinux/grafana-graphitepkg:rpm/almalinux/grafana-influxdbpkg:rpm/almalinux/grafana-lokipkg:rpm/almalinux/grafana-mssqlpkg:rpm/almalinux/grafana-mysqlpkg:rpm/almalinux/grafana-opentsdbpkg:rpm/almalinux/grafana-postgrespkg:rpm/almalinux/grafana-prometheuspkg:rpm/almalinux/grafana-stackdriverpkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/grafana&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/grafana-piechart-panel&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/grafana-status-panel&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/cobbler&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/cobbler&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/cobbler&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/grafana&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/grafana&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/grafana&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/koan&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-cfg&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-cfg&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-custom-info&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-custom-info&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-koan&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-koan&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-oscap&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-oscap&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-remote-utils&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-remote-utils&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/system-user-grafana&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/system-user-grafana&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-base&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/uyuni-base&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Client%20Tools%2015
< 0+ 86 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 6.7.3
- (no CPE)range: < 6.7.3
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 0.1.1590413773.a959db7-lp152.2.3.1
- (no CPE)range: < 7.0.3-lp152.2.3.1
- (no CPE)range: < 7.5.7-1.2
- (no CPE)range: < 1.4.0-lp152.2.3.1
- (no CPE)range: < 1.0.9-lp152.2.3.1
- (no CPE)range: < 2.6.6-49.26.3
- (no CPE)range: < 2.6.6-49.26.3
- (no CPE)range: < 2.6.6-49.26.3
- (no CPE)range: < 2.6.6-49.26.3
- (no CPE)range: < 0.1.1590413773.a959db7-1.12.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 0.18.1-1.6.2
- (no CPE)range: < 2.18.0-1.12.2
- (no CPE)range: < 2.18.0-3.12.2
- (no CPE)range: < 7.3.1-3.6.1
- (no CPE)range: < 7.0.3-1.9.3
- (no CPE)range: < 7.0.3-1.9.2
- (no CPE)range: < 7.1.5-bp151.2.1
- (no CPE)range: < 7.1.5-bp152.3.3.1
- (no CPE)range: < 2.9.0-4.15.2
- (no CPE)range: < 4.1.2-1.12.3
- (no CPE)range: < 4.1.2-1.12.4
- (no CPE)range: < 4.1.1-1.6.1
- (no CPE)range: < 4.1.1-1.6.2
- (no CPE)range: < 4.1.1-1.14.2
- (no CPE)range: < 4.1.1-1.14.2
- (no CPE)range: < 4.1.2-1.15.2
- (no CPE)range: < 4.1.2-1.15.2
- (no CPE)range: < 4.1.1-1.6.3
- (no CPE)range: < 4.1.1-1.6.4
- (no CPE)range: < 4.1.1-1.14.3
- (no CPE)range: < 4.1.1-1.14.2
- (no CPE)range: < 4.1.2-21.22.2
- (no CPE)range: < 4.1.2-3.16.2
- (no CPE)range: < 4.1.4-38.61.2
- (no CPE)range: < 4.1.4-3.38.2
- (no CPE)range: < 4.1.5-52.32.2
- (no CPE)range: < 4.1.5-3.23.2
- (no CPE)range: < 4.1.1-24.12.2
- (no CPE)range: < 4.1.1-3.9.2
- (no CPE)range: < 4.1.1-19.12.1
- (no CPE)range: < 4.1.1-3.6.3
- (no CPE)range: < 4.1.1-24.15.3
- (no CPE)range: < 4.1.1-3.12.4
- (no CPE)range: < 4.1.2-6.15.1
- (no CPE)range: < 4.1.2-3.9.2
- (no CPE)range: < 4.1.2-25.9.2
- (no CPE)range: < 4.1.2-3.6.2
- (no CPE)range: < 1.0.0-3.9.1
- (no CPE)range: < 1.0.0-3.9.1
- (no CPE)range: < 4.1.1-1.3.1
- (no CPE)range: < 4.1.1-1.3.2
- (no CPE)range: < 4.1.5-1.3.2
- (no CPE)range: < 4.1.5-1.3.2
- (no CPE)range: < 1.0.7-30.21.2
- (no CPE)range: < 1.0.7-3.12.2
Patches
Vulnerability mechanics
References
12- lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-ccmg-w4xm-p28vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-12245ghsaADVISORY
- community.grafana.com/t/release-notes-v6-7-x/27119ghsax_refsource_MISCWEB
- github.com/grafana/grafana/blob/master/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88eghsaWEB
- github.com/grafana/grafana/pull/23816ghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20200511-0001ghsaWEB
- security.netapp.com/advisory/ntap-20200511-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.