374 matches found
CVE-2023-2801
A flaw was found in grafana. This issue occurs when sending an API call to the /ds/query or public dashboard query endpoint that has mixed queries, such as having two or more distinct data sources in one API call. As a result, the Grafana instance will crash. Currently, the only feature that uses...
Chainlink's latestRoundData might return stale or incorrect results
Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...
FreeBSD : Grafana -- Grafana DS proxy race condition (652064ef-056f-11ee-8e16-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 652064ef-056f-11ee-8e16-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Using public dashboards users ca...
Grafana Missing Synchronization vulnerability
Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public...
CVE-2023-2801
Grafana (CVE-2023-2801) is affected by a vulnerability allowing a crash via mixed data-source queries in public dashboards or when calling the query API directly. The issue is tied to Grafana’s handling of mixed queries and could impact availability of the Grafana instance. Fixed versions per the...
Grafana ds proxy race condition
Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public...
CVE-2023-2868
creationtimestamp| type| source ---|---|--- 2023-05-24 22:27:13+00:00| seen| https://t.me/cibsecurity/64708 2023-05-25 09:47:41+00:00| exploited| https://t.me/CyberSecurityIL/23670 2023-05-25 12:46:11+00:00| exploited| https://t.me/ctinow/114122 2023-05-25 14:40:48+00:00| exploited|...
SAP BusinessObjects Business Intelligence Platform Information Disclosure (3038911)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by a information disclosure vulnerability. Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an...
CVE-2023-31404
Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could...
Design/Logic Flaw
Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could...
CVE-2023-31404 Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)
Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could...
Information Disclosure
github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists in the initContextWithJWT function of authjwt.go because the JWT URL-login flow leaks tokens to data sources through request parameters in proxy requests...
SUSE CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...
CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...
Authentication flaw
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...
CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...
UBUNTU-CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...
CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...
JWT URL-login flow leaks token to data sources through request parameter in proxy requests
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the “urllogin” configuration option disabled by default, a...
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor. Hello everyone! This episode will focus on the news from my open source Vulristics project for vulnerability analysis and prioritization. Alternative video link for Russia: https://vk.com/video-149273431456239122 EPSS v3 The third...