15 matches found
GO-2026-5095 Grafana public dashboards disclose all direct mode datasources in github.com/grafana/grafana
Grafana public dashboards disclose all direct mode datasources in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
ALSA-2026:19134 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of...
grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation
An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...
Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 grafana/grafana/pkg/services/dashboards: Grafana...
CVE-2026-0713
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...
CVE-2026-0713
The Red Hat/CIRCL/EUVD/PTSecurity entries confirm a security issue in Grafana’s API at /apis/dashboard.grafana.app/* affecting all API versions (v0alpha1, v1alpha1, v2alpha1). Root cause: authenticated users can bypass dashboard and folder permissions, allowing Viewer role to access all dashboard...
EUVD-2018-20693
Malware in sbrugna...
UBUNTU-CVE-2025-3260
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...
Virtuozzo Hybrid Infrastructure 6.3 Hotfix 1 (6.3.0-177)
This update provides stability and performance improvements. Vulnerability id: VSTOR-91833 A performance improvement. Vulnerability id: VSTOR-94382 Increased the number of Grafana dashboards that can be added to the Dashboard Directory. Vulnerability id: VSTOR-94508 In the admin panel, LUNs are n...
Virtuozzo Hybrid Infrastructure 6.1 Hotfix 1 (6.1.0-247)
In this release, Virtuozzo Hybrid Infrastructure enables selective updates of specific Kubernetes node groups, as well as provides stability and performance improvements. Vulnerability id: VSTOR-83526 Cannot filter backup plans by using the "Disabled" status. Vulnerability id: VSTOR-83662 Added...
GO-2022-1148 Resource exhaustion in github.com/libp2p/go-libp2p
go-libp2p is vulnerable to targeted resource exhaustion attacks. These attacks target libp2p's connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory ultimately leading to the process getting killed by the host's operating system. While a...
SUSE-SU-2021:2114-1 Security update for SUSE Manager Server 4.0
This update fixes the following issues: cobbler: - Make 'fenceipmitool' a wrapper for 'fenceipmilan' using always lanplus bsc1184361 - Remove unused template for fenceipmitool. - Prevent some race conditions when writing tftpboot files and the destination directory is not existing bsc1186124 - Fi...
SUSE-SU-2020:3235-1 Security update for SUSE Manager Server 4.1
This update fixes the following issues: bind-formula: - Temporarily disable dnssec-validation as hotfix for bsc1177790 grafana-formula: - Use variable for product name - Add HA/SAP dashboards - Add support for system groups in Client Systems dashboard image-sync-formula: - Do not use .gz suffix f...
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2019:2049-1)
This update for ceph fixes the following issues : Security issues fixed : CVE-2019-3821: civetweb: fix file descriptor leak bsc1125080 CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth bsc1121567 Non-security issues fixed: install grafana dashboards world readable...
SUSE-SU-2019:2049-1 Security update for ceph
This update for ceph fixes the following issues: Security issues fixed: - CVE-2019-3821: civetweb: fix file descriptor leak bsc1125080 - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth bsc1121567 Non-security issues fixed: - install grafana dashboards world...