Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana grafana vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-1410
Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker nee...
Grafana Grafana
6.1
CVSSv3
CVE-2020-24303
Grafana prior to 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
Grafana Grafana
7.5
CVSSv3
CVE-2019-15043
In Grafana 2.x up to and including 6.x prior to 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
Grafana Grafana
1 Github repository
6.5
CVSSv3
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x prior to 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to g...
Grafana Grafana
6.5
CVSSv3
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x prior to 6.7.6, 7.x prior to 7.3.10, and 7.4.x prior to 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability a...
Grafana Grafana
7.5
CVSSv3
CVE-2021-28148
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x prior to 6.7.6, 7.x prior to 7.3.10, and 7.4.x prior to 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to ...
Grafana Grafana
3.8
CVSSv3
CVE-2022-36062
Grafana is an open-source platform for monitoring and observability. In versions before 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerabilit...
Grafana Grafana
4.3
CVSSv3
CVE-2021-43815
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured...
Grafana Grafana
6.1
CVSSv3
CVE-2021-41174
Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The us...
Grafana Grafana
1 Github repository
9.8
CVSSv3
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
Grafana Grafana
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »