UBUNTU-CVE-2025-6023

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-6023

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6023.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-6023

Upstream

CVE-2025-6023

Published

2025-07-18T08:15:00Z

Modified

2025-07-24T05:04:25Z

Severity

7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

References

Affected packages

Ubuntu:Pro:16.04:LTS / grafana

Package

Name: grafana
Purl: pkg:deb/ubuntu/grafana@2.6.0+dfsg-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.0+dfsg-1