Lucene search
K

611 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/03/08 5:28 a.m.35 views

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Postgresql JDBC

Summary Vulnerabilities in Postgresql JDBC were remediated in IBM Observability with Instana build 267. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not limit access to created readabl...

5.5CVSS5.4AI score0.0048EPSS
Exploits1Affected Software1
OSV
OSV
added 2024/03/06 10:59 a.m.36 views

BIT-GRAFANA-2021-41244 Cross organization admin control in Grafana

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a...

9.1CVSS8AI score0.02834EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:58 a.m.25 views

BIT-GRAFANA-2022-21702 Cross site scripting in Grafana proxy

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

6.5CVSS6.5AI score0.02359EPSS
Exploits1References8
OSV
OSV
added 2024/03/06 10:58 a.m.19 views

BIT-GRAFANA-2022-21713 Exposure of Sensitive Information in Grafana

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID,...

4.3CVSS6.2AI score0.01185EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 10:57 a.m.23 views

BIT-GRAFANA-2022-23498 When query caching is enabled in Grafana users can query another users session

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the...

8.8CVSS7.5AI score0.01132EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 10:57 a.m.25 views

BIT-GRAFANA-2022-23552 Grafana stored XSS in FileUploader component

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly...

7.3CVSS6.8AI score0.00779EPSS
Exploits0References7
OSV
OSV
added 2024/03/06 10:55 a.m.30 views

BIT-GRAFANA-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions...

7.5CVSS6.9AI score0.01228EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:54 a.m.24 views

BIT-GRAFANA-2022-39306 Grafana contains Improper Input Validation

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...

8.1CVSS6.7AI score0.0074EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:54 a.m.27 views

BIT-GRAFANA-2022-39307 Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

6.7CVSS6.4AI score0.00696EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:54 a.m.25 views

BIT-GRAFANA-2022-39324 Grafana vulnerable to spoofing originalUrl of snapshots

Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be...

6.7CVSS5.2AI score0.00828EPSS
Exploits0References7
OSV
OSV
added 2024/03/06 10:54 a.m.22 views

BIT-GRAFANA-2022-39328 Grafana vulnerable to race condition allowing privilege escalation

Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patche...

9.8CVSS8.7AI score0.00922EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:54 a.m.23 views

BIT-GRAFANA-2023-0594

Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this...

7.3CVSS6.3AI score0.09216EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:53 a.m.18 views

BIT-GRAFANA-2023-1410 Stored XSS in Graphite FunctionDescription tooltip

Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have contro...

6.2CVSS5.5AI score0.00954EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 10:53 a.m.23 views

BIT-GRAFANA-2023-2801

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public...

7.5CVSS6.1AI score0.00745EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2024/03/04 9:34 p.m.12 views

Lessons from video game companies: automation unleashes robust monitoring & observability

Video game organizations need robust monitoring and observability solutions to stay one step ahead of cyber adversaries. Chances are, so do we all. In this blog post, we’ll delve into how monitoring and observability capabilities enable video game organizations to bolster their cybersecurity...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/02/21 1:32 p.m.41 views

Moderate: Red Hat Security Advisory: Network Observability 1.5.0 for OpenShift

Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a...

7.3CVSS6.7AI score0.00797EPSS
Exploits1References21
Cvelist
Cvelist
added 2024/02/20 6:8 p.m.37 views

CVE-2024-25631 Unencrypted traffic between pods when using Wireguard and an external kvstore

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and...

6.1CVSS6.3AI score0.002EPSS
Exploits0References4
OSV
OSV
added 2024/02/20 6:8 p.m.22 views

CVE-2024-25631 Unencrypted traffic between pods when using Wireguard and an external kvstore

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and...

6.1CVSS6AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2024/02/20 5:53 p.m.332 views

CVE-2024-25630

Cilium vulnerability affecting the v1.14 line before v1.14.7, with default configuration using CRDs to store Cilium state and enabling WireGuard transparent encryption. The issue causes traffic to/from the Ingress and health endpoints to be unencrypted. There is no workaround. The remediation is ...

6.1CVSS5.8AI score0.00184EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/16 8:48 a.m.39 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 265 Vulnerability Details CVEID:CVE-2023-34062 DESCRIPTION: VMware Tanzu Reactor Netty could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An...

7.5CVSS8.3AI score0.01219EPSS
Exploits0Affected Software1
Rows per page
Query Builder