Grafana
by Grafana
Source repositories
CVEs (86)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-21673 | 0.00 | — | 0.02 | Jan 18, 2022 | Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of… | |||
| CVE-2021-43815 | 0.00 | — | 0.02 | Dec 10, 2021 | Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and… | |||
| CVE-2021-41244 | 0.00 | — | 0.03 | Nov 15, 2021 | Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations.… | |||
| CVE-2021-41174 | 0.00 | — | 0.85 | Nov 3, 2021 | Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user… | |||
| CVE-2020-12052 | 0.00 | — | 0.01 | Apr 27, 2020 | Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | |||
| CVE-2019-15635 | 0.00 | — | 0.02 | Sep 23, 2019 | An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction… |
- CVE-2022-21673Jan 18, 2022risk 0.00cvss —epss 0.02
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of…
- CVE-2021-43815Dec 10, 2021risk 0.00cvss —epss 0.02
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and…
- CVE-2021-41244Nov 15, 2021risk 0.00cvss —epss 0.03
Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations.…
- CVE-2021-41174Nov 3, 2021risk 0.00cvss —epss 0.85
Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user…
- CVE-2020-12052Apr 27, 2020risk 0.00cvss —epss 0.01
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
- CVE-2019-15635Sep 23, 2019risk 0.00cvss —epss 0.02
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction…
Page 5 of 5