CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

Linux Distros Unpatched Vulnerability : CVE-2022-21702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or...

CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

Grafana 授权问题漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. An authorization issue vulnerability exists in Grafana versions prior to 10.4....

PT-2025-17604

Name of the Vulnerable Software and Affected Versions Grafana version 10.4.0 Description The issue concerns improper authorization in the Data Source Proxy API. Recommendations For Grafana version 10.4.0, update to a version that includes the fix for this issue. At the moment, there is no...

Grafana -- Authorization bypass in data source proxy API

Grafana Labs reports: This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects Grafana’s data source proxy API and allows authorization checks to be bypassed by adding an extra slash character / in the URL path. Among Grafana-maintained data...

grafana: data source proxy race condition

A flaw was found in grafana. This issue occurs when sending an API call to the /ds/query or public dashboard query endpoint that has mixed queries, such as having two or more distinct data sources in one API call. As a result, the Grafana instance will crash. Currently, the only feature that uses...

SUSE CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

OESA-2022-1599 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin prox...

UBUNTU-CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

CVE-2022-21702

Grafana CVE-2022-21702 is an XSS vulnerability in the data source proxy and plugin proxy paths. Affected: Grafana HTTP-based datasources configured with Server as Access Mode and a URL, and HTTP-based app plugins configured with a URL (versions up to 8.3.4; back-end plugin resources also mentione...