GHSA-FW8G-CG8F-9J28 vulnerabilities

Vulnerabilities for packages: fluent-bit-plugin-loki, node-problem-detector, telegraf, mcp-grafana, opentelemetry-collector-contrib, mc, opentelemetry-operator, tempo, istio, cloud-sql-proxy, amazon-cloudwatch-agent-operator, minio-object-browser, loki, datadog-agent, karma, trillian,...

ROS-20260311-73-0010

A vulnerability in the application programming interface of the Grafana monitoring and surveillance platform involves insecure privilege management. Exploitation of the vulnerability could allow a remote attacker to escalate privileges and gain unauthorized access to protected information...

Cross-dashboard privilege escalation via permission management

Grafana is an open-source platform for monitoring and observability. The platform supports creating dashboards, which collate various visualisation panels onto one plane. These can have per-user permissions. If a user has permission management rights on one dashboard, they could edit the...

EUVD-2023-2733

Malicious code in bioql PyPI...

EUVD-2022-29612

Malicious code in bioql PyPI...

EUVD-2023-57460

Malicious code in bioql PyPI...

EUVD-2023-54262

Malicious code in bioql PyPI...

EUVD-2023-1778

Malicious code in bioql PyPI...

EUVD-2023-1909

Malicious code in bioql PyPI...

EUVD-2024-1372

Malicious code in bioql PyPI...

The vulnerability of the Grafana monitoring and surveillance platform’s interface allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the Grafana monitoring and observation platform’s interface is related to the lack of measures taken to protect the website structure during the processing of the /swagger endpoint. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

CVE-2024-11741

A flaw was found in Grafana Alerting VictorOps, Integration is not properly protected and could be exposed to users with Viewer permission. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising...

The vulnerability of the Grafana monitoring and observation platform, related to the disclosure of confidential information to unauthorized entities, allows attackers to expose the protected information.

The vulnerability of the Grafana monitoring and observation platform relates to the redirection of the OAuth identifier of the user who enters the system last. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

The vulnerability of the Grafana monitoring and observation platform, related to deficiencies in access control lists (ACLs), allows attackers to circumvent existing access restrictions.

The vulnerability of the Grafana monitoring and observation platform relates to bypassing a list of restrictions by using punycode encoding in the request URL. Exploiting this vulnerability allows an attacker to circumvent existing access restrictions remotely...