9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.012 Low
EPSS
Percentile
85.3%
A vulnerability in the column.title and cellLinkTooltip components of the Grafana web-based data presentation tool
is related to insufficient protection of the web page structure. Exploitation of the vulnerability could allow
an attacker acting remotely to escalate privileges
A vulnerability in the Grafana monitoring and surveillance platform is related to the forwarding of the OAuth identifier of the last logged in user
of the last logged in user. Exploitation of the vulnerability could allow an attacker,
acting remotely to obtain sensitive data
A vulnerability in the Grafana monitoring and surveillance platform is related to attacks from multiple sources
against authenticated Grafana users with high privileges. Exploitation of the vulnerability could
Allow an attacker acting remotely to escalate privileges
A vulnerability in the mapValues() function of the Async service module for handling asynchronous JavaScript is related to
improperly controlled modification of object prototype attributes. Exploitation of the vulnerability could
allow an attacker acting remotely to escalate his privileges
A vulnerability in the Grafana monitoring and surveillance platform is related to logging into Grafana via a customized
OAuth IdP identifier, which provides a login name to take over the account management of a
of another user. Exploitation of the vulnerability could allow an attacker acting remotely to have an
impact data integrity
Node.js follow-redirects module vulnerability is related to cookie handling errors. Exploitation
vulnerability could allow a remote attacker to gain unauthorized access to protected information.
protected information
Grafana monitoring and surveillance platform vulnerability is related to a security configuration bypass,
if a malicious data source is running on an authorized host. Exploitation of the vulnerability could allow
An attacker acting remotely could redirect a user to an arbitrary site
A vulnerability in the JSON Schema JSON file validation and testing application is due to insufficient
control over modification of dynamically defined object characteristics when processing JSON files.
Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
Grafana monitoring and surveillance platform vulnerability is related to administrator permissions
organization to modify permissions associated with the organization viewer, organization editor, and organization administrator roles.
organization administrator. Exploitation of the vulnerability could allow an attacker acting remotely,
elevate their privileges
A vulnerability in the Grafana monitoring and surveillance platform involves bypassing the ban list using
punycode character encoding in the request address. Exploitation of the vulnerability could allow an attacker,
acting remotely, to bypass existing access restrictions
A vulnerability in the Grafana monitoring and surveillance platform is related to the transmission of HTML content through a Grafana data source or proxy.
Grafana data source or plugin proxy server, forcing a user to visit that HTML page via a specially crafted link.
via a specially crafted link. Exploitation of the vulnerability could allow an attacker acting
remotely to perform cross-site scripting (XSS) attacks
The Ansi-regex ANSI escape code regular expression comparison library vulnerability is associated with an
uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service
A vulnerability in the WorldMap panel plugin of the Grafana monitoring and surveillance platform is related to improperly
input neutralization during web page creation. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized cross-site scripting (XSS) attacks
A vulnerability in the GeoMap plugin of the Grafana web data representation tool is related to insufficient protection of the web page structure.
web page structure. Exploitation of the vulnerability could allow an attacker acting remotely,
escalate their privileges
A vulnerability in the Grafana monitoring and surveillance platform is related to the ability to search for JWTs in a parameter of the
auth_token URL request parameter and use it as an authentication token. Exploitation of the vulnerability
could allow an attacker acting remotely to gain unauthorized access to protected information.
information
A vulnerability in the Google Sheets data source of the Grafana monitoring and surveillance platform is related to the failure to properly handle error messages.
handling error messages properly, potentially exposing the Google Sheet API key.
Exploitation of the vulnerability could allow an attacker acting remotely to gain access to the
sensitive data
A vulnerability in the Grafana monitoring and surveillance platform involves having to select a spoofed
function and hovering over the description. Exploitation of the vulnerability could allow an attacker,
acting remotely, to perform cross-site scripting (XSS) attacks
The trim package vulnerability is related to the use of regular expressions (ReDoS) and trim(). Exploitation
vulnerability could allow an attacker acting remotely to cause a denial of service
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.012 Low
EPSS
Percentile
85.3%