{"url":"http://public2.vulnerablecode.io/api/packages/102415?format=json","purl":"pkg:rpm/redhat/grafana@6.7.4-3?arch=el8","type":"rpm","namespace":"redhat","name":"grafana","version":"6.7.4-3","qualifiers":{"arch":"el8"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55467?format=json","vulnerability_id":"VCID-amqf-ytjf-fydp","summary":"Grafana world readable configuration files\nIn certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files `/etc/grafana/grafana.ini` and `/etc/grafana/ldap.toml` (which contain a secret_key and a bind_password) are world readable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12459.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12459.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-12459","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2020-12459"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12459","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24967","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24907","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24836","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24958","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25003","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25015","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25177","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24992","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24914","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24892","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25103","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25184","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25138","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25068","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25295","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25257","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25074","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25104","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25113","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12459"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827765","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827765"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829724","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829724"},{"reference_url":"https://github.com/grafana/grafana","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana"},{"reference_url":"https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00"},{"reference_url":"https://github.com/grafana/grafana/issues/8283","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/issues/8283"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12459","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12459"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200518-0004","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200518-0004"},{"reference_url":"https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2362","reference_id":"RHSA-2020:2362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4682","reference_id":"RHSA-2020:4682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4682"}],"fixed_packages":[],"aliases":["CVE-2020-12459","GHSA-m25m-5778-fm22"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amqf-ytjf-fydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57677?format=json","vulnerability_id":"VCID-drfs-tub9-zqgg","summary":"Grafana XSS via the OpenTSDB datasource\nGrafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13430.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13430.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13430","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60975","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60729","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60802","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60831","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60795","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60844","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6086","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60881","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60868","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6085","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60892","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60896","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6088","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60869","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60874","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60824","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60873","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60931","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60918","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13430"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-7m2x-qhrq-rp8h","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7m2x-qhrq-rp8h"},{"reference_url":"https://github.com/grafana/grafana","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana"},{"reference_url":"https://github.com/grafana/grafana/pull/24539","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/pull/24539"},{"reference_url":"https://github.com/grafana/grafana/releases/tag/v7.0.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/releases/tag/v7.0.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13430","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13430"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200528-0003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200528-0003"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848108","reference_id":"1848108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2796","reference_id":"RHSA-2020:2796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2861","reference_id":"RHSA-2020:2861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4682","reference_id":"RHSA-2020:4682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4682"}],"fixed_packages":[],"aliases":["CVE-2020-13430","GHSA-7m2x-qhrq-rp8h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-drfs-tub9-zqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81388?format=json","vulnerability_id":"VCID-ed2w-eexq-kuam","summary":"grafana: XSS annotation popup vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12052.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12052","reference_id":"","reference_type":"","scores":[{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.7233","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72355","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.7237","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72406","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.7239","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72377","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72419","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72428","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72416","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72467","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72463","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72455","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72485","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.7251","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72472","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72499","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72555","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12052"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848089","reference_id":"1848089","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2796","reference_id":"RHSA-2020:2796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2861","reference_id":"RHSA-2020:2861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4682","reference_id":"RHSA-2020:4682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4682"}],"fixed_packages":[],"aliases":["CVE-2020-12052"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed2w-eexq-kuam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58078?format=json","vulnerability_id":"VCID-fph7-rrjp-uqa1","summary":"Grafana XSS in header column rename\nGrafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12245.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12245.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12245","reference_id":"","reference_type":"","scores":[{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.8698","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.86986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.86991","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.86978","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.8697","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.86938","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.87118","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.87086","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.87071","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.87076","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.87059","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.87043","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.87022","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.87021","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.87015","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.86997","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.86999","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.86995","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.86928","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.8695","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03189","scoring_system":"epss","scoring_elements":"0.86957","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12245"},{"reference_url":"https://community.grafana.com/t/release-notes-v6-7-x/27119","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://community.grafana.com/t/release-notes-v6-7-x/27119"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/grafana/grafana","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana"},{"reference_url":"https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23"},{"reference_url":"https://github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88e"},{"reference_url":"https://github.com/grafana/grafana/pull/23816","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/pull/23816"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12245","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12245"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200511-0001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200511-0001"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848643","reference_id":"1848643","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2796","reference_id":"RHSA-2020:2796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2861","reference_id":"RHSA-2020:2861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4682","reference_id":"RHSA-2020:4682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4682"}],"fixed_packages":[],"aliases":["CVE-2020-12245","GHSA-ccmg-w4xm-p28v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fph7-rrjp-uqa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59995?format=json","vulnerability_id":"VCID-snvt-p8kr-2ucq","summary":"Grafana information disclosure\nAn information-disclosure flaw was found in Grafana. The database directory `/var/lib/grafana` and database file `/var/lib/grafana/grafana.db` are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12458.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12458.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-12458","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2020-12458"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12458","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21349","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21274","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21195","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21174","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21319","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21379","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21418","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21307","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21463","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21517","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.2127","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.2141","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21196","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21109","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21042","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21145","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21169","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21167","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21302","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21327","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12458"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827765","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827765"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/grafana/grafana","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana"},{"reference_url":"https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/commit/102448040d5132460e3b0013e03ebedec0677e00"},{"reference_url":"https://github.com/grafana/grafana/issues/8283","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/issues/8283"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12458","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12458"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200518-0001","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200518-0001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4682","reference_id":"RHSA-2020:4682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4682"}],"fixed_packages":[],"aliases":["CVE-2020-12458","GHSA-3jq7-8ph8-63xm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snvt-p8kr-2ucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55252?format=json","vulnerability_id":"VCID-txvc-2hvr-nkaj","summary":"Grafana stored XSS\nGrafana through 6.7.1 allows stored XSS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11110.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11110","reference_id":"","reference_type":"","scores":[{"value":"0.54022","scoring_system":"epss","scoring_elements":"0.98032","published_at":"2026-05-14T12:55:00Z"},{"value":"0.54022","scoring_system":"epss","scoring_elements":"0.98028","published_at":"2026-05-12T12:55:00Z"},{"value":"0.54022","scoring_system":"epss","scoring_elements":"0.98025","published_at":"2026-05-11T12:55:00Z"},{"value":"0.54022","scoring_system":"epss","scoring_elements":"0.98023","published_at":"2026-05-07T12:55:00Z"},{"value":"0.54022","scoring_system":"epss","scoring_elements":"0.98026","published_at":"2026-05-09T12:55:00Z"},{"value":"0.54022","scoring_system":"epss","scoring_elements":"0.98019","published_at":"2026-04-29T12:55:00Z"},{"value":"0.54022","scoring_system":"epss","scoring_elements":"0.98016","published_at":"2026-04-26T12:55:00Z"},{"value":"0.6164","scoring_system":"epss","scoring_elements":"0.98333","published_at":"2026-04-13T12:55:00Z"},{"value":"0.6164","scoring_system":"epss","scoring_elements":"0.98332","published_at":"2026-04-11T12:55:00Z"},{"value":"0.6164","scoring_system":"epss","scoring_elements":"0.98329","published_at":"2026-04-09T12:55:00Z"},{"value":"0.6164","scoring_system":"epss","scoring_elements":"0.98324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.71419","scoring_system":"epss","scoring_elements":"0.98711","published_at":"2026-04-01T12:55:00Z"},{"value":"0.71419","scoring_system":"epss","scoring_elements":"0.98715","published_at":"2026-04-04T12:55:00Z"},{"value":"0.71419","scoring_system":"epss","scoring_elements":"0.98712","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11110"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/grafana/grafana","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana"},{"reference_url":"https://github.com/grafana/grafana/blob/master/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/blob/master/CHANGELOG.md"},{"reference_url":"https://github.com/grafana/grafana/commit/fb114a75241aaef4c08581b42509c750738b768a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/commit/fb114a75241aaef4c08581b42509c750738b768a"},{"reference_url":"https://github.com/grafana/grafana/pull/23254","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/pull/23254"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11110","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11110"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200810-0002","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200810-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861044","reference_id":"1861044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4682","reference_id":"RHSA-2020:4682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4682"}],"fixed_packages":[],"aliases":["CVE-2020-11110","GHSA-xr3x-62qw-vc4w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txvc-2hvr-nkaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14103?format=json","vulnerability_id":"VCID-w8d1-se9j-e7ew","summary":"Grafana Arbitrary File Read\nGrafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19499.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19499.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19499","reference_id":"","reference_type":"","scores":[{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97572","published_at":"2026-05-14T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97507","published_at":"2026-04-01T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97514","published_at":"2026-04-02T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97517","published_at":"2026-04-04T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97518","published_at":"2026-04-07T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97524","published_at":"2026-04-08T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97525","published_at":"2026-04-09T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97531","published_at":"2026-04-13T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97539","published_at":"2026-04-16T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97541","published_at":"2026-04-26T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97542","published_at":"2026-04-21T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97544","published_at":"2026-04-29T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97551","published_at":"2026-05-05T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97554","published_at":"2026-05-07T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97557","published_at":"2026-05-09T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97559","published_at":"2026-05-11T12:55:00Z"},{"value":"0.4386","scoring_system":"epss","scoring_elements":"0.97565","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19499"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/grafana/grafana","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana"},{"reference_url":"https://github.com/grafana/grafana/blob/master/CHANGELOG.md#644-2019-11-06","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/blob/master/CHANGELOG.md#644-2019-11-06"},{"reference_url":"https://github.com/grafana/grafana/commit/19dbd27c5caa1a160bd5854b65a4e1fe2a8a4f00","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/commit/19dbd27c5caa1a160bd5854b65a4e1fe2a8a4f00"},{"reference_url":"https://github.com/grafana/grafana/pull/20192","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/pull/20192"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19499","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19499"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200918-0003","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200918-0003"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1873615","reference_id":"1873615","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1873615"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4682","reference_id":"RHSA-2020:4682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4682"}],"fixed_packages":[],"aliases":["CVE-2019-19499","GHSA-4pwp-cx67-5cpx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8d1-se9j-e7ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54511?format=json","vulnerability_id":"VCID-y46u-m8e4-9qcn","summary":"Grafana XSS via a column style\nGrafana has a XSS vulnerability via a column style on the \"Dashboard > Table Panel\" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18624.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18624.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18624","reference_id":"","reference_type":"","scores":[{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6856","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68503","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68478","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68512","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68475","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68434","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68456","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68451","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68446","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68399","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68421","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68407","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68369","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68402","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68388","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68371","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68304","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6832","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68343","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68324","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/grafana/grafana","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana"},{"reference_url":"https://github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88e"},{"reference_url":"https://github.com/grafana/grafana/pull/11813","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/pull/11813"},{"reference_url":"https://github.com/grafana/grafana/pull/23816","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grafana/grafana/pull/23816"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18624","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18624"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200608-0008","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200608-0008"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1850572","reference_id":"1850572","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1850572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4682","reference_id":"RHSA-2020:4682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4682"}],"fixed_packages":[],"aliases":["CVE-2018-18624","GHSA-9hv8-4frf-cprf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y46u-m8e4-9qcn"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@6.7.4-3%3Farch=el8"}