377 matches found
CVE-2024-37603
creationtimestamp| type| source ---|---|--- 2025-01-17 13:35:06+00:00| seen| https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672 2025-01-20 18:30:05+00:00| seen| https://t.me/truesecator/6638 2025-02-13 23:15:53+00:00| seen|...
CVE-2024-12087
creationtimestamp| type| source ---|---|--- 2025-01-14 17:17:49+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113827844477308185 2025-01-14 18:00:52+00:00| seen| https://infosec.exchange/users/cve/statuses/113828013801323601 2025-01-14 18:09:02+00:00| seen|...
CVE-2025-0142
creationtimestamp| type| source ---|---|--- 2025-01-14 11:28:39+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3lfp5igdsmy2m 2025-01-22 17:54:36+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113873287621870613 2025-01-30 19:43:38+00:00| seen|...
CVE-2025-0405
creationtimestamp| type| source ---|---|--- 2025-01-13 00:35:59+00:00| seen| https://infosec.exchange/users/cve/statuses/113818242852918178 2025-01-13 01:08:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1345 2025-01-13 01:15:24+00:00| seen|...
CVE-2024-56413
creationtimestamp| type| source ---|---|--- 2025-01-02 16:15:47+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lerhwpylog22 2025-01-02 16:52:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lerjxlweg32k 2025-01-02 17:36:30+00:00| seen|...
CVE-2024-12983
creationtimestamp| type| source ---|---|--- 2024-12-27 06:35:47+00:00| seen| https://infosec.exchange/users/cve/statuses/113723398348853240 2024-12-27 07:15:30+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lebgx6rkf522 2024-12-27 09:18:00+00:00| seen|...
libuser bug fix and enhancement update
An update is available for libuser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libuser library implements a standardized interface for manipulating and...
BIT-GRAFANA-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
GO-2024-3079 Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
GHSA-HH8P-374F-QGR5 Grafana plugin data sources vulnerable to access control bypass
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
Grafana plugin data sources vulnerable to access control bypass
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
CVE-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
CVE-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
UBUNTU-CVE-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
CVE-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
CVE-2024-6322
CVE-2024-6322 is documented as a Grafana-related issue where access control for plugin data sources protected by the ReqActions field in plugin.json can be bypassed if a user or service account has query access to any other data source. The root cause is that the ReqActions check is not scoped to...
PT-2024-37543 · Grafana · Grafana
Name of the Vulnerable Software and Affected Versions: Grafana versions 11.1.0 through 11.1.1 Grafana versions 11.1.2 through 11.1.3 Description: Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted...
Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All
Security researcher Bill Demirkapi found more than 15,000 hardcoded secrets and 66,000 vulnerable websites—all by searching overlooked data sources...
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency CISA conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch FCEB organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of...
How to Install Grafana with K10 Dashboard and Data Sources Pre-provisioned
Purpose Starting in Veeam Kasten for Kubernetes v7.5.0, Grafana will no longer be included by default. This in-depth technical guide will demonstrate the process of installing Grafana on Kubernetes and populating it with Kasten Data. It will allow you to quickly access pre-provisioned Kasten...