23 matches found
Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016678)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016678 advisory. Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin...
CVE-2026-22641
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2026-22641
...
CVE-2026-22641
...
EUVD-2026-2803
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
PT-2026-3008
Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A flaw exists in Grafana’s datasource proxy API that permits bypassing authorization checks. This is achieved by including an additional slash character within the URL path. Users with limite...
Grafana 11.4.x < 11.4.3 Improper Authorization
According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...
Grafana 11.5.x < 11.5.3 Improper Authorization
According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...
Grafana 11.2.x < 11.2.8 Improper Authorization
According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...
Grafana 11.3.x < 11.3.5 Improper Authorization
According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...
Grafana < 10.4.17 Improper Authorization
According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...
EUVD-2025-16644
Malicious code in bioql PyPI...
Grafana Labs < 11.6.1+security-01 Authorization Bypass (CVE-2025-3260)
The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3260 advisory. Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could...
BIT-GRAFANA-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
Grafana's datasource proxy API allows authorization checks to be bypassed
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
GHSA-9J65-RV5X-4VRF Grafana's datasource proxy API allows authorization checks to be bypassed
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
UBUNTU-CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
Authorization Bypass in Datasource Proxy
This vulnerability in Grafana’s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...