Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana grafana vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-43798
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 up to and including 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/p...
Grafana Grafana 8.0.0
Grafana Grafana
Grafana Grafana 8.3.0
53 Github repositories
8.8
CVSSv3
CVE-2022-23498
Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s se...
Grafana Grafana
Grafana Grafana 8.3.0
7.5
CVSSv3
CVE-2022-39201
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints un...
Grafana Grafana 5.0.0
Grafana Grafana
9.8
CVSSv3
CVE-2022-28660
The querier component in Grafana Enterprise Logs 1.1.x up to and including 1.3.x prior to 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode
Grafana Grafana
Grafana Grafana 1.3.0
5.4
CVSSv3
CVE-2018-1000816
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the ...
Grafana Grafana 5.2.4
Grafana Grafana 5.3.0
6.5
CVSSv3
CVE-2019-19499
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Grafana Grafana
7.2
CVSSv3
CVE-2021-41244
Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana...
Grafana Grafana
4.3
CVSSv3
CVE-2021-43813
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files wi...
Grafana Grafana
4.3
CVSSv3
CVE-2021-43815
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured...
Grafana Grafana
5.3
CVSSv3
CVE-2023-2801
Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the mo...
Grafana Grafana
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »