77 matches found
CVE-2026-41518
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
SUSE-SU-2026:2258-1 Security update for grafana
This update for grafana to version to 11.6.14+security01 fixes the following issues: - Security Fixes: - CVE-2026-34986: Fixed unrecoverable error in JWE decryption that could lead to a denial of service bsc1262950 - CVE-2026-41602: Fixed Integer Overflow or Wraparound vulnerability in Apache...
FreeBSD : Grafana -- Public Dashboards time range restriction on annotations can be bypassed (83cd53f7-58ff-11f1-b525-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 83cd53f7-58ff-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-21722 reports: Public dashboards with...
FreeBSD : Grafana -- Public dashboards discloses all direct mode datasources (6b2bf8e9-5900-11f1-b525-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6b2bf8e9-5900-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-27877 reports: When using public dashboards a...
grafana: Grafana: Information disclosure of data-source passwords via public dashboards
A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...
grafana: Grafana: Information disclosure of data-source passwords via public dashboards
A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...
Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of...
CLSA-2026-1777944610 grafana: Fix of CVE-2026-27877
CVE-2026-27877: fix exposure of direct data-source passwords via public dashboards by limiting frontend settings to data sources actually used by the dashboard - Note: upstream test additions in pkg/api/frontendsettingstest.go are not backported. The %check stage only runs the Jest frontend suite...
AlmaLinux 10 : grafana (ALSA-2026:10223)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:10223 advisory. grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 Tenable has extracted the preceding description block...
RHEL 9 : grafana (RHSA-2026:11416)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11416 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana:...
Important: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
grafana: Grafana: Information disclosure of data-source passwords via public dashboards
A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...
grafana: Grafana: Information disclosure of data-source passwords via public dashboards
A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...
Important: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
grafana security update
An update is available for grafana. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor f...
RLSA-2026:10223 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 For more details about the security issues, including the impact, a...
RLSA-2026:10226 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 For more details about the security issues, including the impact, a...
grafana security update
An update is available for grafana. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...
RockyLinux 9 : grafana (RLSA-2026:10226)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:10226 advisory. grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 Tenable has extracted the preceding description block...
RockyLinux 10 : grafana (RLSA-2026:10223)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:10223 advisory. grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 Tenable has extracted the preceding description block...