Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana grafana vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-35957
Grafana is an open-source platform for monitoring and observability. Versions before 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana i...
Grafana Grafana
Fedoraproject Fedora 37
NA
CVE-2022-31107
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take ove...
Grafana Grafana
Netapp E-series Performance Analyzer -
NA
CVE-2022-31123
Grafana is an open source observability and data visualization platform. Versions before 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsig...
Grafana Grafana
Netapp E-series Performance Analyzer -
446
VMScore
CVE-2021-27358
The snapshot feature in Grafana 6.7.3 up to and including 7.4.1 can allow an unauthenticated remote malicious users to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
Grafana Grafana
Netapp E-series Performance Analyzer -
NA
CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch before 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to...
Grafana Grafana
Netapp E-series Performance Analyzer -
312
VMScore
CVE-2020-11110
Grafana up to and including 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an malicious user to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
Grafana Grafana
Netapp E-series Performance Analyzer -
187
VMScore
CVE-2020-12459
In certain Red Hat packages for Grafana 6.x up to and including 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
Grafana Grafana
Fedoraproject Fedora 31
Fedoraproject Fedora 32
606
VMScore
CVE-2021-39226
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "p...
Grafana Grafana
Fedoraproject Fedora 34
Fedoraproject Fedora 35
312
VMScore
CVE-2022-21673
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the...
Grafana Grafana
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
383
VMScore
CVE-2018-12099
Grafana prior to 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
Grafana Grafana
Netapp Storagegrid Webscale Nas Bridge -
Netapp Active Iq Performance Analytics Services -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »