Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana grafana vulnerabilities and exploits
(subscribe to this query)
6.6
CVSSv3
CVE-2022-35957
Grafana is an open-source platform for monitoring and observability. Versions before 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana i...
Grafana Grafana
Fedoraproject Fedora 37
8.7
CVSSv3
CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch before 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to...
Grafana Grafana
Netapp E-series Performance Analyzer -
5.4
CVSSv3
CVE-2020-11110
Grafana up to and including 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an malicious user to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
Grafana Grafana
Netapp E-series Performance Analyzer -
7.5
CVSSv3
CVE-2021-27358
The snapshot feature in Grafana 6.7.3 up to and including 7.4.1 can allow an unauthenticated remote malicious users to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
Grafana Grafana
Netapp E-series Performance Analyzer -
7.8
CVSSv3
CVE-2022-31123
Grafana is an open source observability and data visualization platform. Versions before 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsig...
Grafana Grafana
Netapp E-series Performance Analyzer -
7.5
CVSSv3
CVE-2022-31107
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take ove...
Grafana Grafana
Netapp E-series Performance Analyzer -
5.5
CVSSv3
CVE-2020-12459
In certain Red Hat packages for Grafana 6.x up to and including 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
Grafana Grafana
Fedoraproject Fedora 31
Fedoraproject Fedora 32
7.3
CVSSv3
CVE-2021-39226
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "p...
Grafana Grafana
Fedoraproject Fedora 34
Fedoraproject Fedora 35
4.3
CVSSv3
CVE-2022-21673
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the...
Grafana Grafana
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
6.1
CVSSv3
CVE-2018-12099
Grafana prior to 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
Grafana Grafana
Netapp Storagegrid Webscale Nas Bridge -
Netapp Active Iq Performance Analytics Services -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »