VYPR

Grafana

by Grafana

Source repositories

CVEs (86)

  • CVE-2022-21673Jan 18, 2022
    risk 0.00cvss epss 0.02

    Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of…

  • CVE-2021-43815Dec 10, 2021
    risk 0.00cvss epss 0.02

    Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and…

  • CVE-2021-41244Nov 15, 2021
    risk 0.00cvss epss 0.03

    Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations.…

  • CVE-2021-41174Nov 3, 2021
    risk 0.00cvss epss 0.85

    Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user…

  • CVE-2020-12052Apr 27, 2020
    risk 0.00cvss epss 0.01

    Grafana version < 6.7.3 is vulnerable for annotation popup XSS.

  • CVE-2019-15635Sep 23, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction…

Page 5 of 5