15 matches found
GO-2026-5355 Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName in github.com/grafana/grafana-operator
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName in github.com/grafana/grafana-operator...
BIT-GRAFANA-2026-33377 Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...
grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation
An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...
CVE-2026-0713
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
EUVD-2015-9124
Malware in sbrugna...
Inside Wallarm Security Edge: Instant Protection at the API Edge
APIs are now the beating heart of digital infrastructure. But as they have risen in importance, they’ve also become prime targets for attackers. Complex, often poorly understood API behaviors present rich opportunities for exploitation, and too often, security teams are left scrambling to protect...
Security Bulletin: IBM Security Verify Information Queue displays the Grafana signing key when setting up the logs stack (CVE-2021-20412)
Summary IBM Security Verify Information Queue ISIQ offers an optional logs stack to demonstrate logging and monitoring. Among the stack's components is a Grafana dashboard. The initialization file for Grafana contains a hard-coded signing key. As of ISIQ v10.0.0, this signing key has been removed...
Virtuozzo Hybrid Infrastructure 6.0 (6.0.0-243)
In this release, Virtuozzo Hybrid Infrastructure provides an upgrade of the Linux distribution, kernel, and toolset packages. This release also contains a range of new features that cover storage performance, object storage, as well as monitoring and alerts. Additionally, this release delivers...
[SECURITY] Fedora 35 Update: grafana-7.5.15-2.fc35
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
Virtuozzo Hybrid Infrastructure 5.4 Update 1 (5.4.1-59)
This update provides new features, as well as stability fixes for the compute and core storage services. Vulnerability id: VSTOR-62742 A VM creation fails with the error 'Unable to update the attachment.' Vulnerability id: VSTOR-65824 Some charts in the admin panel or Grafana dashboard may be...
openSUSE Security Update : ceph (openSUSE-2020-2057)
This update for ceph fixes the following issues : - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - Major batch refactor of ceph-volume that addresses a couple of issues bsc1151612, bsc1158257 - Documented Prometheus' security model bsc1169134 - monclient: Fixed an issue...
Security update for ceph (moderate)
openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2020:2057-1 Rating: moderate References: 1151612 1158257 1169134 1170487 1174591 1175061 1175240 1175781 1177843 Cross-References: CVE-2020-25660 Affected Products: openSUSE Leap 15.1 An update that solves one...
OPENSUSE-SU-2020:2057-1 Security update for ceph
This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - Major batch refactor of ceph-volume that addresses a couple of issues bsc1151612, bsc1158257 - Documented Prometheus' security model bsc1169134 - monclient: Fixed an issue whe...
SUSE-SU-2020:3459-1 Security update for ceph
This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - Major batch refactor of ceph-volume that addresses a couple of issues bsc1151612, bsc1158257 - Documented Prometheus' security model bsc1169134 - monclient: Fixed an issue whe...
GitLab: Stored XSS for Grafana dashboard URL
Hi GitLab Security Team Summary I found a stored XSS vulnerability in the admins page. The administrator can set up a Grafana dashboard. Here, the administrator can either enter a relative URL or an absolute address. However, when adding an absolute URL, the protocol is not checked allowing to ad...