Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana grafana vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-1410
Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker nee...
Grafana Grafana
8.5
CVSSv3
CVE-2022-29170
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with ...
Grafana Grafana
3.8
CVSSv3
CVE-2022-36062
Grafana is an open-source platform for monitoring and observability. In versions before 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerabilit...
Grafana Grafana
6.4
CVSSv3
CVE-2023-2183
Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does n...
Grafana Grafana
6.1
CVSSv3
CVE-2021-41174
Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The us...
Grafana Grafana
1 Github repository
6.1
CVSSv3
CVE-2020-12245
Grafana prior to 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
Grafana Grafana
6.5
CVSSv3
CVE-2019-19499
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Grafana Grafana
3.5
CVSSv3
CVE-2022-39324
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the sna...
Grafana Grafana
8.1
CVSSv3
CVE-2022-39328
Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. Thi...
Grafana Grafana
6.1
CVSSv3
CVE-2020-12052
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
Grafana Grafana
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »