CVE-2020-11110 vulnerabilities and exploits

(subscribe to this query)

3.5

CVSSv2

Grafana up to and including 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an malicious user to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

Grafana Grafana Netapp E-series Performance Analyzer -

4.3

CVSSv2

Grafana prior to 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.

Grafana Grafana

4.3

CVSSv2

Grafana prior to 7.0.0 allows tag value XSS via the OpenTSDB datasource.

Grafana Grafana

2.1

CVSSv2

An information-disclosure flaw was found in Grafana up to and including 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource p...

Grafana Grafana Redhat Ceph Storage 3.0 Redhat Enterprise Linux 8.0 Redhat Ceph Storage 4.0 Fedoraproject Fedora 31 Fedoraproject Fedora 32

6.4

CVSSv2

The avatar feature in Grafana 3.0.1 up to and including 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain inf...

Grafana Grafana Fedoraproject Fedora 31 Fedoraproject Fedora 32 Netapp E-series Performance Analyzer -Opensuse Leap 15.2 Opensuse Backports Sle 15.0

7 Github repositories

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook