VulnerableCode Package Details - pkg:rpm/redhat/grafana@6.3.6-2?arch=el8_2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/grafana@6.3.6-2?arch=el8_2

Essentials
History (1)

purl	pkg:rpm/redhat/grafana@6.3.6-2?arch=el8_2

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-j6nn-jkc5-k3f6 Aliases: CVE-2020-13379 GHSA-wc9w-wvq2-ffm9	Server Side Request Forgery in Grafana The avatar feature in Grafana (github.com/grafana/grafana/pkg/api/avatar) 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue that allows remote code execution. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:06:27.158395+00:00	RedHat Importer	Affected by	VCID-j6nn-jkc5-k3f6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13379.json	38.0.0