Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/grafana@6.7.4-3?arch=el8
purl pkg:rpm/redhat/grafana@6.7.4-3?arch=el8
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-amqf-ytjf-fydp
Aliases:
CVE-2020-12459
GHSA-m25m-5778-fm22
Grafana world readable configuration files In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files `/etc/grafana/grafana.ini` and `/etc/grafana/ldap.toml` (which contain a secret_key and a bind_password) are world readable. There are no reported fixed by versions.
VCID-drfs-tub9-zqgg
Aliases:
CVE-2020-13430
GHSA-7m2x-qhrq-rp8h
Grafana XSS via the OpenTSDB datasource Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. There are no reported fixed by versions.
VCID-ed2w-eexq-kuam
Aliases:
CVE-2020-12052
grafana: XSS annotation popup vulnerability There are no reported fixed by versions.
VCID-fph7-rrjp-uqa1
Aliases:
CVE-2020-12245
GHSA-ccmg-w4xm-p28v
Grafana XSS in header column rename Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. There are no reported fixed by versions.
VCID-snvt-p8kr-2ucq
Aliases:
CVE-2020-12458
GHSA-3jq7-8ph8-63xm
Grafana information disclosure An information-disclosure flaw was found in Grafana. The database directory `/var/lib/grafana` and database file `/var/lib/grafana/grafana.db` are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). There are no reported fixed by versions.
VCID-txvc-2hvr-nkaj
Aliases:
CVE-2020-11110
GHSA-xr3x-62qw-vc4w
Grafana stored XSS Grafana through 6.7.1 allows stored XSS. There are no reported fixed by versions.
VCID-w8d1-se9j-e7ew
Aliases:
CVE-2019-19499
GHSA-4pwp-cx67-5cpx
Grafana Arbitrary File Read Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. There are no reported fixed by versions.
VCID-y46u-m8e4-9qcn
Aliases:
CVE-2018-18624
GHSA-9hv8-4frf-cprf
Grafana XSS via a column style Grafana has a XSS vulnerability via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:09:27.674818+00:00 RedHat Importer Affected by VCID-txvc-2hvr-nkaj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11110.json 38.0.0
2026-04-01T14:08:46.378010+00:00 RedHat Importer Affected by VCID-fph7-rrjp-uqa1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12245.json 38.0.0
2026-04-01T14:08:39.660451+00:00 RedHat Importer Affected by VCID-amqf-ytjf-fydp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12459.json 38.0.0
2026-04-01T14:08:39.615522+00:00 RedHat Importer Affected by VCID-snvt-p8kr-2ucq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12458.json 38.0.0
2026-04-01T14:08:38.599268+00:00 RedHat Importer Affected by VCID-ed2w-eexq-kuam https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12052.json 38.0.0
2026-04-01T14:06:43.867829+00:00 RedHat Importer Affected by VCID-drfs-tub9-zqgg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13430.json 38.0.0
2026-04-01T14:06:42.041653+00:00 RedHat Importer Affected by VCID-y46u-m8e4-9qcn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18624.json 38.0.0
2026-04-01T14:04:55.152636+00:00 RedHat Importer Affected by VCID-w8d1-se9j-e7ew https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19499.json 38.0.0