448 matches found
Grafana Privilege Escalation Vulnerability (GHSA-ff5c-938w-8c9q)
Grafana is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
Privilege Escalation
github.com/grafana/grafana is vulnerable to privilege escalation. A remote admin is able to take over the server admin account and gain full control of the particular grafana instance when auth proxy is used, via calling a fake datasource publicly through this proxying feature...
Information Disclosure
grafana is vulnerable to information disclosure.The vulnerability exits in grafana backend plugin which allows a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource...
CVE-2022-31176
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
CVE-2022-31176 Grafana Image Renderer leaking files
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
Sql injection
Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...
CVE-2022-35942
The CVE-2022-35942 issue affects loopback-connector-postgresql (LoopBack) where improper input validation of the contains filter allows SQL injection when interpreted by the PostgreSQL connector. A patch was released in loopback-connector-postgresql v5.5.1 to fix this. Impacts include cases where...
CVE-2022-35942 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...
GHSA-J259-6C58-9M58 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter
Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...
PT-2022-23048 · Loopback +1 · Loopback +1
Name of the Vulnerable Software and Affected Versions: LoopBack versions prior to 5.5.1 Description: Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34114 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34114 Source advisory: OSV:GHSA-HMVW-66JM-H9FH...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34113 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34113 Source advisory: OSV:GHSA-5469-C5P2-XV5G...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34115 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34115 Source advisory: OSV:GHSA-VJMR-6PMM-RPRF...
Malicious code in upwork-atlas-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef31b105d745aff3f04709c1ee435b5930984fc9925c235afc43c747d1e15c22 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6817 Malicious code in upwork-atlas-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef31b105d745aff3f04709c1ee435b5930984fc9925c235afc43c747d1e15c22 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2764 Malicious code in epam-timebase-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e389d1581bb6ede792d133845ef606c250129ff5917376a70ae4396c6cc51d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in epam-timebase-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e389d1581bb6ede792d133845ef606c250129ff5917376a70ae4396c6cc51d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in paytm-kapacitor-simplejson-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84649341022644835524ed653b8d6c2d04fe565ff315c3fe006b339bce8144da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Grafana XSS via the OpenTSDB datasource
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...