CVE-2019-7004

creationtimestamp| type| source ---|---|--- 2024-03-10 15:16:12+00:00| seen| https://t.me/ctinow/204281...

SUSE CVE-2024-1442

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...

Improper Authorization

github.com/grafana/grafana/ is vulnerable to Improper Authorization. The vulnerability is due to the API allowing the creation of a data source with a universal identifier UID, granting unintended access to all organization data sources...

CVE-2024-23264

creationtimestamp| type| source ---|---|--- 2024-03-08 03:26:28+00:00| seen| https://t.me/ctinow/202987 2024-03-08 03:32:03+00:00| seen| https://t.me/ctinow/203007...

CVE-2024-1442

A flaw was found in Grafana, where setting the Grafana API Data Source UID to '' Grants Unrestricted Access, grants a user the ability to set the UID to '' via the Grafana API poses a severe security risk. This issue enables unauthorized access to read, query, edit, and delete all data sources...

CVE-2024-1442

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...

UBUNTU-CVE-2024-1442

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...

Information disclosure

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...

CVE-2024-1442

CVE-2024-1442 affects Grafana. A user with permission to create a data source can abuse the Grafana API to create a data source with UID set to *, granting the attacker read, query, edit, and delete rights across all data sources in the organization. This is a privilege escalation/compromise of d...

CVE-2024-1442 User with permissions to create a data source can CRUD all data sources

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...

User with permissions to create a data source can CRUD all data sources

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization. Impacted Versions: 8.5.0 9.5.7 10.0.0 10.0.12 10.1.0 10.1.8 10.2.0 10.2...

The vulnerability of the MeshCentral device remote management system, related to deficiencies in the data source verification mechanism, allows a hacker to execute arbitrary code.

The vulnerability of the MeshCentral device management system is related to deficiencies in the mechanism for verifying the source of data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-50740

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

Design/Logic Flaw

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

CVE-2023-50740

CVE-2023-50740 affects Apache Linkis

BIT-REDASH-2020-12725

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

BIT-GRAFANA-2021-27962

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access...

BIT-GRAFANA-2022-21673 OAuth Identity Token exposure in Grafana

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

BIT-GRAFANA-2022-21702 Cross site scripting in Grafana proxy

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

BIT-GRAFANA-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions...