rpm package
suse/grafana&distro=SUSE Enterprise Storage 6
pkg:rpm/suse/grafana&distro=SUSE%20Enterprise%20Storage%206
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-12052 | Med | 6.1 | < 7.3.1-3.6.1 | 7.3.1-3.6.1 | Apr 27, 2020 | Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | |
| CVE-2020-12245 | Med | 6.1 | < 7.3.1-3.6.1 | 7.3.1-3.6.1 | Apr 24, 2020 | Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. | |
| CVE-2019-15043 | Hig | 7.5 | < 7.3.1-3.6.1 | 7.3.1-3.6.1 | Sep 3, 2019 | In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. |
- affected < 7.3.1-3.6.1fixed 7.3.1-3.6.1
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
- affected < 7.3.1-3.6.1fixed 7.3.1-3.6.1
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
- affected < 7.3.1-3.6.1fixed 7.3.1-3.6.1
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
Page 2 of 2