grafana-10.2.6-13.el9_6

エラータID: AXSA:2025-10490:11

Release date: 
Wednesday, July 16, 2025 - 14:39
Subject: 
grafana-10.2.6-13.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Grafana is an open source, feature rich metrics dashboard and graph editor for
Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins
and Open Redirect (CVE-2025-4123)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2025-4123

Solution: 

Update packages.

CVEs: 
CVE-2025-4123
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Additional Info: 

N/A

Download: 

SRPMS
  1. grafana-10.2.6-13.el9_6.src.rpm
    MD5: b856fe3a0fb005fb68233edd7ef7e88e
    SHA-256: 11f4c7654b1300be0f50ee1a45ea3dc28d1b6116f107ef8e0dda28c0da35755c
    Size: 335.91 MB

Asianux Server 9 for x86_64
  1. grafana-10.2.6-13.el9_6.x86_64.rpm
    MD5: 17348c49251c9f20942a8f663b653b5e
    SHA-256: 2923181c5738226885df69b9e1de093e9d5e06d51453eec050897dd1125e5ee7
    Size: 112.24 MB
  2. grafana-selinux-10.2.6-13.el9_6.x86_64.rpm
    MD5: f4162b564e76c4d30503d0a55f90c154
    SHA-256: 791b71cb7e5f8c18c0e53896350f46f26ba5616ba0ea20c38c9938e7c35744b8
    Size: 25.31 kB