Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5123
The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote end...
NA
CVE-2023-5122
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured t...
4.3
CVSSv2
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x prior to 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to ...
Redhat Tectonic
NA
CVE-2023-31634
In TeslaMate prior to 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the defa...
2.1
CVSSv2
CVE-2020-25678
A flaw was found in ceph in versions before 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Redhat Ceph Storage 4.0
Redhat Ceph
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2020-10092
GitLab 12.1 up to and including 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.
Gitlab Gitlab
NA
CVE-2022-38370
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.
Apache Iotdb 0.13.0
NA
CVE-2023-24831
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 up to and including 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.
Apache Iotdb
6
CVSSv2
CVE-2022-29171
Sourcegraph is a fast and featureful code search and navigation engine. Versions prior to 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, wh...
Sourcegraph Sourcegraph
4
CVSSv2
CVE-2020-10791
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT prior to 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.
It-novum Openitcockpit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »