Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana grafana vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-31130
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints before 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints ...
Grafana Grafana
383
VMScore
CVE-2021-41174
Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The us...
Grafana Grafana
1 Github repository
NA
CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration ...
Grafana Grafana
445
VMScore
CVE-2019-15043
In Grafana 2.x up to and including 6.x prior to 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
Grafana Grafana
1 Github repository
356
VMScore
CVE-2021-43813
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files wi...
Grafana Grafana
383
VMScore
CVE-2020-13430
Grafana prior to 7.0.0 allows tag value XSS via the OpenTSDB datasource.
Grafana Grafana
436
VMScore
CVE-2021-27962
Grafana Enterprise 7.2.x and 7.3.x prior to 7.3.10 and 7.4.x prior to 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
Grafana Grafana
356
VMScore
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x prior to 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to g...
Grafana Grafana
312
VMScore
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x prior to 6.7.6, 7.x prior to 7.3.10, and 7.4.x prior to 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability a...
Grafana Grafana
NA
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
Grafana Grafana
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »