Grafana Labs < 11.6.14+security-04 / 12.2.0 < 12.2.8+security-04 / 12.3.0 < 12.3.6+security-04 / 12.4.0 < 12.4.3+security-02 / 13.0.0 < 13.0.1+security-01 Multiple Vulnerabilities

The version of Grafana Labs installed on the remote host is affected by multiple vulnerabilities, including: - A broken access control flaw in the Snapshot API allows any Editor to delete dashboard snapshots, even those they have no read or write access to. CVE-2026-28380 - When using an IPv6...

The vulnerability of the Grafana data visualization web tool, related to bypassing authentication, allows a perpetrator to circumvent the authentication process and delete the live snapshot.

The vulnerability of the Grafana data visualization web tool is related to the bypassing of authentication processes. Exploiting this vulnerability allows a malicious actor to circumvent authentication procedures and delete instant snapshots by sending a deletion request to /api/snapshots/...

grafana: vulnerable to authorization bypass

A vulnerability was found in Grafana. Due to an error in authorization logic, it is possible for an unprivileged user in a different organization other than the snapshot owner to perform unauthorized actions such as deleting it using a view key...

PT-2024-3766 · Grafana +6 · Grafana +6

Name of the Vulnerable Software and Affected Versions: Grafana versions 9.5.0 through 9.5.17 Grafana versions 10.0.0 through 10.0.12 Grafana versions 10.1.0 through 10.1.8 Grafana versions 10.2.0 through 10.2.5 Grafana versions 10.3.0 through 10.3.4 Description: The issue is related to a Broken...

grafana: Snapshot authentication bypass

An authentication bypass was found in grafana. An attacker on the network is able to view and delete snapshots by accessing a literal path...

CVE-2021-39226

An authentication bypass was found in grafana. An attacker on the network is able to view and delete snapshots by accessing a literal path...

PT-2021-7655 · Grafana +5 · Grafana +5

Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 7.5.11 Grafana versions prior to 8.1.6 Description: The issue in Grafana allows unauthenticated and authenticated users to view the snapshot with the lowest database key by accessing the literal paths:...

ceph: ceph-mon does not perform authorization on OSD pool ops

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete and corrupt snapshot images...

How to resolve "A general system error has occurred:vim.fault.genericvmconfigfault" error

You may receive an error when performing any operation on a Unidesk machine, including backups or even just powering the machine on: A general system error has occurred:vim.fault.genericvmconfigfault If your investigation leads you to check the snapshot configuration, and the snapshots are just...