{"affected":[{"ecosystem_specific":{"binaries":[{"grafana":"11.5.10-150200.3.80.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"grafana","purl":"pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.5.10-150200.3.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"grafana":"11.5.10-150200.3.80.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP7","name":"grafana","purl":"pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.5.10-150200.3.80.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"grafana":"11.5.10-150200.3.80.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"grafana","purl":"pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.5.10-150200.3.80.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for grafana fixes the following issues:\n\ngrafana was updated from version 11.5.5 to 11.5.10:\n\n- Security issues fixed:\n\n  * CVE-2025-64751: Dropped experimental implementation of authorization Zanzana server/client (version 11.5.10)\n    (bsc#1254113)\n  * CVE-2025-47911: Fixed parsing HTML documents (version 11.5.10) (bsc#1251454)\n  * CVE-2025-58190: Fixed excessive memory consumption (version 11.5.10) (bsc#1251657)\n  * CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616)\n  * CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version 11.5.7) (bsc#1246735)\n  * CVE-2025-6197: Fixed open redirect in organization switching (version 11.5.7) (bsc#1246736)\n  * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (version 11.5.6)\n                   (bsc#1245302)\n\n- Other changes, new features and bugs fixed:\n\n  * Version 11.5.10:\n    + Use forked wire from Grafana repository instead of external package (jsc#PED-14178)\n    + Auth: Fix render user OAuth passthrough.\n    + LDAP Authentication: Fix URL to propagate username context as parameter.\n    + Plugins: Dependencies do not inherit parent URL for preinstall.\n\n  * Version 11.5.9:\n    + Auditing: Document new options for recording datasource query request/response body.\n    + Login: Fixed redirection after login when Grafana is served from subpath.\n\n  * Version 11.5.7:\n    + Azure: Fixed legend formatting and resource name determination in template variable queries.\n\n","id":"SUSE-SU-2025:4482-1","modified":"2025-12-18T12:22:20Z","published":"2025-12-18T12:22:20Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20254482-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245302"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246735"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246736"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250616"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251454"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251657"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254113"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11065"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-3415"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47911"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58190"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-6023"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-6197"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-64751"}],"related":["CVE-2025-11065","CVE-2025-3415","CVE-2025-47911","CVE-2025-58190","CVE-2025-6023","CVE-2025-6197","CVE-2025-64751"],"summary":"Security update for grafana","upstream":["CVE-2025-11065","CVE-2025-3415","CVE-2025-47911","CVE-2025-58190","CVE-2025-6023","CVE-2025-6197","CVE-2025-64751"]}