grafana-11.6.3+security01-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15372-1 Final 1 1 2025-07-23T00:00:00Z current 2025-07-23T00:00:00Z 2025-07-23T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z grafana-11.6.3+security01-1.1 on GA media These are all security issues fixed in the grafana-11.6.3+security01-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15372 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-6023/ SUSE CVE CVE-2025-6023 page https://www.suse.com/security/cve/CVE-2025-6197/ SUSE CVE CVE-2025-6197 page openSUSE Tumbleweed grafana-11.6.3+security01-1.1 grafana-11.6.3+security01-1.1 as a component of openSUSE Tumbleweed An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01 CVE-2025-6023 openSUSE Tumbleweed:grafana-11.6.3+security01-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-6023.html CVE-2025-6023 https://bugzilla.suse.com/1246735 SUSE Bug 1246735 An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL CVE-2025-6197 openSUSE Tumbleweed:grafana-11.6.3+security01-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-6197.html CVE-2025-6197 https://bugzilla.suse.com/1246736 SUSE Bug 1246736