Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing f...
Vmware Rabbitmq
570
VMScore
CVE-2021-27437
The affected product allows malicious users to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/...
187
VMScore
CVE-2021-31231
The Alertmanager in Grafana Enterprise Metrics prior to 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a...
Grafana Enterprise Metrics
312
VMScore
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x prior to 6.7.6, 7.x prior to 7.3.10, and 7.4.x prior to 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability a...
Grafana Grafana
445
VMScore
CVE-2021-28148
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x prior to 6.7.6, 7.x prior to 7.3.10, and 7.4.x prior to 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to ...
Grafana Grafana
356
VMScore
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x prior to 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to g...
Grafana Grafana
436
VMScore
CVE-2021-27962
Grafana Enterprise 7.2.x and 7.3.x prior to 7.3.10 and 7.4.x prior to 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
Grafana Grafana
446
VMScore
CVE-2021-27358
The snapshot feature in Grafana 6.7.3 up to and including 7.4.1 can allow an unauthenticated remote malicious users to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
Grafana Grafana
Netapp E-series Performance Analyzer -
187
VMScore
CVE-2020-25678
A flaw was found in ceph in versions before 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Redhat Ceph Storage 4.0
Redhat Ceph
Fedoraproject Fedora 33
890
VMScore
CVE-2020-27846
A signature verification vulnerability exists in crewjam/saml. This flaw allows an malicious user to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Grafana Grafana
Saml Project Saml
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Openshift Service Mesh 2.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »