SUSE-SU-2025:01991-1
Vulnerability Summary
Timeline
Description
Security update for grafana This update for grafana fixes the following issues: grafana was updated from version 10.4.15 to 11.5.5 (jsc#PED-12918): - Security issues fixed: * CVE-2025-4123: Fix cross-site scripting vulnerability (bsc#1243714). * CVE-2025-22872: Bump golang.org/x/net/html (bsc#1241809) * CVE-2025-3580: Prevent unauthorized server admin deletion (bsc#1243672). * CVE-2025-29923: Bump github.com/redis/go-redis/v9 to 9.6.3. * CVE-2025-3454: Sanitize paths before evaluating access to route (bsc#1241683). * CVE-2025-2703: Fix built-in XY Chart plugin (bsc#1241687). * CVE-2025-22870: Bump golang.org/x/net (bsc#1238703). * CVE-2024-9476: Fix Migration Assistant issue (bsc#1233343) * CVE-2024-9264: SQL Expressions (bsc#1231844) * CVE-2023-45288: Bump golang.org/x/net (bsc#1236510) * CVE-2025-22870: Bump golang.org/x/net to version 0.37.0 (bsc#1238686) - Potential breaking changes in version 11.5.0: * Loki: Default to /labels API with query param instead of /series API. - Potential breaking changes in version 11.0.1: * If you had selected your language as 'Portugu�s Brasileiro' previously, this will be reset. You have to select it again in your Preferences for the fix to be applied and the translations will then be shown. - Potential breaking changes in version 11.0.0: * AngularJS support is turned off by default. * Legacy alerting is entirely removed. * Subfolders cause very rare issues with folders which have slashes in their names. * The input data source is removed. * Data sources: Responses which are associated with hidden queries will be removed (filtered) by Grafana. * The URL which is generated when viewing an individual repeated panel has changed. * React Router is deprecated. * The grafana/e2e testing tool is deprecated. - This update brings many new features, enhancements and fixes highlighted at: * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-5/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-4/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-3/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-2/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-1/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-0/
Affected Systems
- opensuse•grafana&distro=openSUSE Leap 15.6
< 11.5.5-150200.3.72.2
- suse•grafana&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6
< 11.5.5-150200.3.72.2
- suse•grafana&distro=SUSE Linux Enterprise Module for Package Hub 15 SP7
< 11.5.5-150200.3.72.2
References (20)
- https://www.suse.com/support/update/announcement/2025/suse-su-202501991-1/
- https://bugzilla.suse.com/1231844
- https://bugzilla.suse.com/1233343
- https://bugzilla.suse.com/1236510
- https://bugzilla.suse.com/1236516
- https://bugzilla.suse.com/1238686
- https://bugzilla.suse.com/1238703
- https://bugzilla.suse.com/1241683
- https://bugzilla.suse.com/1241687
- https://bugzilla.suse.com/1241809
- https://bugzilla.suse.com/1243672
- https://bugzilla.suse.com/1243714
- https://www.suse.com/security/cve/CVE-2023-45288
- https://www.suse.com/security/cve/CVE-2024-9264
- https://www.suse.com/security/cve/CVE-2024-9476
- https://www.suse.com/security/cve/CVE-2025-22870
- https://www.suse.com/security/cve/CVE-2025-22872
- https://www.suse.com/security/cve/CVE-2025-2703
- https://www.suse.com/security/cve/CVE-2025-29923
- https://www.suse.com/security/cve/CVE-2025-3454