CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

actinia-core (>=4.11.0 <=4.14.1), admetica (>=1.3.0 <=1.4.1) +231 more potentially affected by CVE-2024-49766 via werkzeug (>=3.0.0 <=3.0.4)

werkzeug PYPI version =3.0.0, =4.11.0, =1.3.0, =0.1.1, =0.1.0, =0.0.3.20, =0.9.9, =2024.7.18.1, =0.0.1, =0.0.12, =1.9.0, =3.2.2, =3.4.3 and more Source cves: CVE-2024-49766 Source advisory: SNYK:PYTHON-WERKZEUG-8309091...

Security Bulletin: IBM Storage Ceph is vulnerable to Missing Authorization in Grafana (CVE-2023-2183)

Summary Grafana is used by IBM Storage Ceph as a monitoring dashboard. CVE-2023-2183 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-2183 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive...

CVE-2021-42083

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

CVE-2021-4406

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

GHSA-CVM3-PP2J-CHR3 Grafana has Broken Access Control in Alert manager: Viewer can send test alerts

Summary Grafana allows an attacker in the Viewer role, send alerts by API Alert - Test. The option is not available from the user panel UI for in the Viewer role. Reason for the error: The API does not check access to this function and allows it by users with the least rights, for example, the...

Grafana has Broken Access Control in Alert manager: Viewer can send test alerts

Summary Grafana allows an attacker in the Viewer role, send alerts by API Alert - Test. The option is not available from the user panel UI for in the Viewer role. Reason for the error: The API does not check access to this function and allows it by users with the least rights, for example, the...

Grafana < 8.5.26, 9.x < 9.2.19, 9.3.x < 9.3.15, 9.4.x < 9.4.12, 9.5.0 < 9.5.3 Access Control Vulnerability

Grafana is prone to an access control vulnerability in the alert manager. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Information Disclosure

github.com/cortexproject/cortex is vulnerable to information disclosure. The vulnerability exists in multiple functions of api.go due to a lack of proper validation in OpsGenie alert manager configuration which allows an attacker to gain access to sensitive information...

Apache DolphinScheduler Command Injection Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. A command injection vulnerability exists in Apache DolphinScheduler versions prior to 2.0.6 that stems from the Alert Instance Management Servic...

CVE-2022-30741

Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log...

(0Day) SolarWinds Server and Application Monitor Alert Manager Elevation of Privilege Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. This vulnerability requires the attacker to have an unprivileged account on the system. The specific flaw exists within the Alert Manager component. Alerts withi...