The vulnerability of the Grafana monitoring and observation platform lies in the redirection of the URL address to an unreliable website, allowing a hacker to redirect users to any desired website.

The vulnerability of the Grafana monitoring and observation platform relates to bypassing security configurations, if a malicious data source operates on a permitted host. Exploiting this vulnerability could allow a remote attacker to redirect users to an arbitrary website...

CVE-2024-24976

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigge...

CVE-2024-24976

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigge...

CVE-2024-24976

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigge...

PT-2024-20684 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 19.00.0057 Description: A denial of service issue exists in the OAS Engine File Data Source Configuration functionality. It can be triggered by a specially crafted series of network requests,...

Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability

Talos Vulnerability Report TALOS-2024-1948 Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability April 3, 2024 CVE Number CVE-2024-24976 SUMMARY A denial of service vulnerability exists in the OAS Engine File Data Source Configuration...

Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...

GO-2024-2661 Arbitrary file read in github.com/grafana/grafana

An authenticated attacker that has privileges to modify the data source configurations can read arbitrary files...

The vulnerability of the microprogramming software for UniLogic Studio programmable logic controllers of the UniStream series arises from the use of an unreliable data source, allowing a intruder to execute arbitrary code.

The vulnerability of the microprogramming software for UniLogic Studio series UniStream is related to the use of an unreliable data source. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

CVE-2019-19398

creationtimestamp| type| source ---|---|--- 2024-03-17 12:11:21+00:00| seen| https://t.me/ctinow/209880...

CVE-2024-2495

creationtimestamp| type| source ---|---|--- 2024-03-15 14:26:42+00:00| seen| https://t.me/ctinow/208797 2025-08-12 13:33:28+00:00| seen| MISP/02fb130c-7874-4693-9b66-81ed91a2e996 2025-08-21 03:19:29+00:00| seen| MISP/02fb130c-7874-4693-9b66-81ed91a2e996...

Grafana Labs 10.0.x < 10.0.12 / 10.1.x < 10.1.8 / 10.2.x < 10.2.5 / 10.3.x < 10.3.4 / 8.5.x < 9.5.7 (CVE-2024-1442)

The version of Grafana Labs installed on the remote host is prior to 10.0.12, 10.1.8, 10.2.5, 10.3.4, or 9.5.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1442 advisory. - A user with the permissions to create a data source can use Grafana API to create a data...

BIT-GRAFANA-2024-1442 User with permissions to create a data source can CRUD all data sources

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...

Apache Linkis Log Information Disclosure Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.4.0 and earlier versions have a log information disclosure vulnerability, the vulnerability stems...

CVE-2019-7004

creationtimestamp| type| source ---|---|--- 2024-03-10 15:16:12+00:00| seen| https://t.me/ctinow/204281...

SUSE CVE-2024-1442

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...

Improper Authorization

github.com/grafana/grafana/ is vulnerable to Improper Authorization. The vulnerability is due to the API allowing the creation of a data source with a universal identifier UID, granting unintended access to all organization data sources...

CVE-2024-23264

creationtimestamp| type| source ---|---|--- 2024-03-08 03:26:28+00:00| seen| https://t.me/ctinow/202987 2024-03-08 03:32:03+00:00| seen| https://t.me/ctinow/203007...

CVE-2024-1442

A flaw was found in Grafana, where setting the Grafana API Data Source UID to '' Grants Unrestricted Access, grants a user the ability to set the UID to '' via the Grafana API poses a severe security risk. This issue enables unauthorized access to read, query, edit, and delete all data sources...

CVE-2024-1442

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...