Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana grafana vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-43815
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured...
Grafana Grafana
3.5
CVSSv2
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing f...
Vmware Rabbitmq
3.5
CVSSv2
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x prior to 6.7.6, 7.x prior to 7.3.10, and 7.4.x prior to 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability a...
Grafana Grafana
3.5
CVSSv2
CVE-2020-11110
Grafana up to and including 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an malicious user to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
Grafana Grafana
Netapp E-series Performance Analyzer -
3.5
CVSSv2
CVE-2020-13429
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin prior to 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
Grafana Piechart-panel
3.5
CVSSv2
CVE-2019-16769
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's impleme...
Verizon Serialize-javascript
3.5
CVSSv2
CVE-2018-1000816
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the ...
Grafana Grafana 5.2.4
Grafana Grafana 5.3.0
2.1
CVSSv2
CVE-2022-21702
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (X...
Grafana Grafana
Grafana Grafana 2.0.0
Netapp E-series Performance Analyzer
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
2.1
CVSSv2
CVE-2021-31231
The Alertmanager in Grafana Enterprise Metrics prior to 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a...
Grafana Enterprise Metrics
2.1
CVSSv2
CVE-2020-25678
A flaw was found in ceph in versions before 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Redhat Ceph Storage 4.0
Redhat Ceph
Fedoraproject Fedora 33
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »