15 matches found
EUVD-2021-18144
Malware in sbrugna...
CVE-2021-31231
The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The...
The vulnerability of the Grafana Enterprise Metrics data visualization system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Grafana Enterprise Metrics data visualization system is related to access control based on tags. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
CVE-2022-44643
Grafana Enterprise Metrics (GEM) suffers a label-based access control vulnerability where an access policy with label selector restrictions that also grants access to all tenants bypasses those restrictions. Affected are GEM 1.x < 1.7.1 and GEM 2.x
CVE-2022-44643
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not ...
CVE-2022-44643
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not ...
Design/Logic Flaw
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not ...
PT-2022-7105 · Grafana · Grafana Enterprise Metrics
Name of the Vulnerable Software and Affected Versions: Grafana Enterprise Metrics versions prior to 1.7.1 Grafana Enterprise Metrics versions prior to 2.3.1 Description: The issue is related to the label-based access control in Grafana Enterprise Metrics, allowing an attacker to have more access...
Grafana 安全漏洞
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. A security vulnerability exists in Grafana Enterprise Metrics AMD64 versions prior to 1.7.1, prior to...
CVE-2021-31231
The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The...
CVE-2021-31231
The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The...
CVE-2021-31231
The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The...
CVE-2021-31231
The CVE affects Grafana Enterprise Metrics versions before 1.2.1 and Grafana Metrics Enterprise 1.2.1. It is a local file disclosure vulnerability triggered when experimental.alertmanager.enable-api is enabled. The HTTP basic auth password_file can be exploited to exfiltrate any file content via ...
PT-2021-19211 · Grafana · Grafana Enterprise Metrics +1
Name of the Vulnerable Software and Affected Versions: Grafana Enterprise Metrics versions prior to 1.2.1 Metrics Enterprise version 1.2.1 Description: The issue allows for local file disclosure when the experimental.alertmanager.enable-api is used. The HTTP basic auth password file can be...
Grafana 输入验证错误漏洞
Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana Enterprise Metrics versions prior to 1.2.1...