VYPR

apk package

chainguard/grafana-fips-12.4

pkg:apk/chainguard/grafana-fips-12.4

Vulnerabilities (93)

  • CVE-2022-35957Sep 20, 2022
    affected < 0fixed 0

    Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana

  • CVE-2022-31107Jul 15, 2022
    affected < 0fixed 0

    Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take ove

  • CVE-2022-31097Jul 15, 2022
    affected < 0fixed 0

    Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability

  • CVE-2020-24303Oct 28, 2020
    affected < 0fixed 0

    Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

  • CVE-2019-19499Aug 28, 2020
    affected < 0fixed 0

    Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.

  • CVE-2020-8912Aug 11, 2020
    affected < 0fixed 0

    A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-

  • CVE-2020-8911Aug 11, 2020
    affected < 0fixed 0

    A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket a

  • CVE-2020-11110Jul 27, 2020
    affected < 0fixed 0

    Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

  • CVE-2018-18624Jun 2, 2020
    affected < 0fixed 0

    Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

  • CVE-2020-13430May 24, 2020
    affected < 0fixed 0

    Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.

  • CVE-2020-12458Apr 29, 2020
    affected < 0fixed 0

    An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).

  • CVE-2020-12459Apr 29, 2020
    affected < 0fixed 0

    In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.

  • CVE-2020-12245Apr 24, 2020
    affected < 0fixed 0

    Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.

Page 5 of 5