SUSE-SU-2025:4482-1
Vulnerability Summary
Timeline
Description
Security update for grafana This update for grafana fixes the following issues: grafana was updated from version 11.5.5 to 11.5.10: - Security issues fixed: * CVE-2025-64751: Dropped experimental implementation of authorization Zanzana server/client (version 11.5.10) (bsc#1254113) * CVE-2025-47911: Fixed parsing HTML documents (version 11.5.10) (bsc#1251454) * CVE-2025-58190: Fixed excessive memory consumption (version 11.5.10) (bsc#1251657) * CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616) * CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version 11.5.7) (bsc#1246735) * CVE-2025-6197: Fixed open redirect in organization switching (version 11.5.7) (bsc#1246736) * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (version 11.5.6) (bsc#1245302) - Other changes, new features and bugs fixed: * Version 11.5.10: + Use forked wire from Grafana repository instead of external package (jsc#PED-14178) + Auth: Fix render user OAuth passthrough. + LDAP Authentication: Fix URL to propagate username context as parameter. + Plugins: Dependencies do not inherit parent URL for preinstall. * Version 11.5.9: + Auditing: Document new options for recording datasource query request/response body. + Login: Fixed redirection after login when Grafana is served from subpath. * Version 11.5.7: + Azure: Fixed legend formatting and resource name determination in template variable queries.
Affected Systems
- opensuse•grafana&distro=openSUSE Leap 15.6
< 11.5.10-150200.3.80.1
- suse•grafana&distro=SUSE Linux Enterprise Module for Package Hub 15 SP6
< 11.5.10-150200.3.80.1
- suse•grafana&distro=SUSE Linux Enterprise Module for Package Hub 15 SP7
< 11.5.10-150200.3.80.1
References (15)
- https://www.suse.com/support/update/announcement/2025/suse-su-20254482-1/
- https://bugzilla.suse.com/1245302
- https://bugzilla.suse.com/1246735
- https://bugzilla.suse.com/1246736
- https://bugzilla.suse.com/1250616
- https://bugzilla.suse.com/1251454
- https://bugzilla.suse.com/1251657
- https://bugzilla.suse.com/1254113
- https://www.suse.com/security/cve/CVE-2025-11065
- https://www.suse.com/security/cve/CVE-2025-3415
- https://www.suse.com/security/cve/CVE-2025-47911
- https://www.suse.com/security/cve/CVE-2025-58190
- https://www.suse.com/security/cve/CVE-2025-6023
- https://www.suse.com/security/cve/CVE-2025-6197
- https://www.suse.com/security/cve/CVE-2025-64751