{"affected":[{"ecosystem_specific":{"binaries":[{"grafana":"10.4.15-1.71.1"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"grafana","purl":"pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"10.4.15-1.71.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for grafana fixes the following issues:\n\ngrafana was updated from version 10.4.13 to 10.4.15:\n\n- Security issues fixed:\n    * CVE-2024-45339: Fixed vulnerability when creating log files (bsc#1236559)\n    * CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration (bsc#1236734)\n    * CVE-2025-21613: Removed vulnerable library github.com/go-git/go-git/v5 (bsc#1235574)\n    * CVE-2024-28180: Fixed improper handling of highly compressed data (bsc#1235206)\n- Other bugs fixed and changes:\n    * Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key\n    * Added provisioning directories\n    * Use /bin/bash in wrapper scripts\n","id":"SUSE-SU-2025:0622-1","modified":"2025-02-21T10:59:56Z","published":"2025-02-21T10:59:56Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20250622-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235206"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235574"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236559"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236734"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11741"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-28180"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45339"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21613"}],"related":["CVE-2024-11741","CVE-2024-28180","CVE-2024-45339","CVE-2025-21613"],"summary":"Security update for grafana","upstream":["CVE-2024-11741","CVE-2024-28180","CVE-2024-45339","CVE-2025-21613"]}