38 matches found
EUVD-2024-48948
Malicious code in bioql PyPI...
BIT-GRAFANA-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...
LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input i...
Grafana Labs Incorrect Permission (cve-2024-8118)
The version of Grafana Labs installed on the remote host is prior to 10.3.10, 10.4.9, 11.0.5, 11.1.6, or 11.2.1. It is, therefore, affected by a vulnerability as referenced in the cve-2024-8118 advisory. - In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing...
CVE-2024-8118
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...
UBUNTU-CVE-2024-8118
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...
CVE-2024-8118
Grafana vulnerability CVE-2024-8118: The alert rule write API endpoint uses incorrect permissions, allowing users who can write external alert instances to also write alert rules. This is the same issue described in BIT-GRAFANA-2024-8118 and OSV entries, which confirm the description but do not p...
CVE-2024-8118
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...
Grafana 安全漏洞
Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana suffers from a security vulnerability that stems from incorrect...
Grafana alerting wrong permission on datasource rule write endpoint
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules. This vulnerability first appeared in Grafana v8.5.0, and is fixed in v11.2.1, v11.1.6, v11.0.5, v10.4.9, and v10.3.10...
PT-2024-6552 · Grafana +3 · Grafana +3
Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue is related to the wrong permission being applied to the alert rule write API endpoint in Grafana. This allows users with permission to write external alert instances to also write...
CVE-2022-23709
A flaw was found in Kibana. This issue allows users with read access to the Uptime feature to modify alerting rules, allowing them to create new or overwrite existing ones. However, any rules created this way are not enabled by default and allow the user to disable an existing, enabled alert rule...
Cross-site Scripting (XSS) - Stored
Stored-xss is possible when adding a rule. Create a new Alert Rule like below and adjust the query like below with the following payload " Save the rule and see a xss-pop up...
LibreNMS Cross-Site Scripting Vulnerability
LibreNMS is an open source network monitoring system based on PHP and MySQL. The system features customizable alerts , auto-discovery of the network environment and automatic updates . A cross-site scripting vulnerability exists in the Create User Inventory Add Device Notifications Alert Rule...
Threat Outbreak Alert RuleID28668: Email Messages Distributing Malicious Software on April 7, 2017
Medium Alert ID: 53368 First Published: 2017 April 7 12:52 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28668 may contain the following files: Name | Siz...
Threat Outbreak Alert RuleID28352: Email Messages Distributing Malicious Software on March 23, 2017
Medium Alert ID: 53137 First Published: 2017 March 23 16:00 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28352 may contain the following files: Name | Si...
Threat Outbreak Alert RuleID28311: Email Messages Distributing Malicious Software on March 16, 2017
Medium Alert ID: 53046 First Published: 2017 March 16 13:17 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28311 may contain the following files: Name | Si...
Threat Outbreak Alert RuleID18893: Email Messages Distributing Malicious Software on November 2, 2015
Medium Alert ID: 41891 First Published: 2015 November 2 23:26 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID18893KVR may contain the following files: Name...