Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-39229
Grafana is an open source data visualization platform for metrics, logs, and traces. Versions before 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and emai...
Grafana Grafana
8.1
CVSSv3
CVE-2022-39306
Grafana is an open-source platform for monitoring and observability. Versions before 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the org...
Grafana Grafana
5.3
CVSSv3
CVE-2022-39307
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not fo...
Grafana Grafana
3.5
CVSSv3
CVE-2022-39324
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the sna...
Grafana Grafana
5.4
CVSSv3
CVE-2022-23552
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files ...
Grafana Grafana
7.2
CVSSv3
CVE-2023-4822
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Or...
Grafana Grafana
6.1
CVSSv3
CVE-2020-24303
Grafana prior to 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
Grafana Grafana
7.1
CVSSv3
CVE-2021-27962
Grafana Enterprise 7.2.x and 7.3.x prior to 7.3.10 and 7.4.x prior to 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
Grafana Grafana
6.5
CVSSv3
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x prior to 6.7.6, 7.x prior to 7.3.10, and 7.4.x prior to 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability a...
Grafana Grafana
7.5
CVSSv3
CVE-2021-28148
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x prior to 6.7.6, 7.x prior to 7.3.10, and 7.4.x prior to 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to ...
Grafana Grafana
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »