OESA-2022-1599 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin prox...

CVE-2022-26500

creationtimestamp| type| source ---|---|--- 2022-03-14 13:38:49+00:00| seen| https://t.me/ptswarm/115 2022-03-15 17:19:30+00:00| seen| https://t.me/cKure/9039 2022-03-16 14:51:00+00:00| exploited| https://t.me/itsecnews/315 2022-03-17 23:21:50+00:00| seen| https://t.me/cibsecurity/39170 2023-06-1...

CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

UBUNTU-CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

CVE-2022-21702

Grafana CVE-2022-21702 is an XSS vulnerability in the data source proxy and plugin proxy paths. Affected: Grafana HTTP-based datasources configured with Server as Access Mode and a URL, and HTTP-based app plugins configured with a URL (versions up to 8.3.4; back-end plugin resources also mentione...

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

Information Disclosure

github.com/grafana/grafana is vulnerable to information disclosure. When the forward auth identity is enabled, the library sends the OAuth identity of the most recently logged-in user when sending a query to the data source, allowing an attacker to retrieve sensitive data from the most recently...

Medium: aws-kinesis-agent

Issue Overview: Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC...

Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Symphony is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary Apache Log4j is used by IBM Spectrum Symphony for generating logs in some of its components such as ELK, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution CVE-2021-44832 and CVE-2021-45046 and denial of service...

Grafana Information Disclosure Vulnerability (CNVD-2022-06890)

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. Grafana suffers from an information disclosure vulnerability that stems from the fact that in the...

Grafana OAuth Identity Token Vulnerability (GHSA-8wjh-59cw-9xh4)

Grafana is prone to a vulnerability in the OAuth identity token. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2022-21673

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

UBUNTU-CVE-2022-21673

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

CVE-2022-21673 OAuth Identity Token exposure in Grafana

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. Grafana suffers from an information disclosure vulnerability that stems from the fact that in the...

Forward OAuth Identity Token can allow users to access some data sources

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...