Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana grafana vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-13429
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin prior to 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
Grafana Piechart-panel
5.4
CVSSv3
CVE-2019-16769
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's impleme...
Verizon Serialize-javascript
5.4
CVSSv3
CVE-2019-13068
public/app/features/panel/panel_ctrl.ts in Grafana prior to 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
Grafana Grafana
5.4
CVSSv3
CVE-2018-1000816
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the ...
Grafana Grafana 5.3.0
Grafana Grafana 5.2.4
5.3
CVSSv3
CVE-2023-2801
Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the mo...
Grafana Grafana
5.3
CVSSv3
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the s...
Golang Go
Golang Http2
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
5.3
CVSSv3
CVE-2022-39307
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not fo...
Grafana Grafana
5.3
CVSSv3
CVE-2022-2531
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 prior to 15.0.5, all versions starting from 15.1 prior to 15.1.4, all versions starting from 15.2 prior to 15.2.1. GitLab was not performing correct authentication on Grafana API under specific co...
Gitlab Gitlab
Gitlab Gitlab 15.2
5.3
CVSSv3
CVE-2021-36156
An issue exists in Grafana Loki up to and including 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules...
Grafana Loki
5.3
CVSSv3
CVE-2021-36157
An issue exists in Grafana Cortex up to and including 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a r...
Linuxfoundation Cortex
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »