22 matches found
Exposure of Private Personal Information to an Unauthorized Actor
Overview github.com/grafana/grafana/pkg/api is an open and composable observability and data visualization platform. Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in the public dashboards. An attacker can obtain sensitive...
EUVD-2022-34785
Malicious code in bioql PyPI...
EUVD-2024-0834
Malicious code in bioql PyPI...
BIT-GRAFANA-2025-3260
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...
CVE-2025-3454
Grafana’s CVE-2025-3454 affects the datasource proxy API, where an extra slash in the URL path bypasses authorization checks, potentially allowing read access to GET endpoints for Alertmanager and Prometheus datasources. The issue targets route-specific permission implementations and is noted in ...
CVE-2025-3260
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...
CVE-2025-3260
CVE-2025-3260 affects Grafana dashboards: the /apis/dashboard.grafana.app/* endpoints allow authenticated users to bypass dashboard and folder permissions across v0alpha1, v1alpha1, and v2alpha1. Reported impacts include viewers seeing all dashboards/folders, editors viewing/editing/deleting acro...
CVE-2025-3260
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...
CVE-2025-3260
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...
CVE-2024-1442
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...
Information disclosure
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...
CVE-2024-1442 User with permissions to create a data source can CRUD all data sources
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...
CVE-2024-1442 User with permissions to create a data source can CRUD all data sources
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...
User with permissions to create a data source can CRUD all data sources
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization. Impacted Versions: 8.5.0 9.5.7 10.0.0 10.0.12 10.1.0 10.1.8 10.2.0 10.2...
Grafana -- Grafana DS proxy race condition
Grafana Labs reports: We have discovered a vulnerability with Grafana’s data source query endpoints that could end up crashing a Grafana instance. If you have public dashboards PD enabled, we are scoring this as a CVSS 7.5 High. If you have disabled PD, this vulnerability is still a risk, but...
CVE-2022-2531
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing...
UBUNTU-CVE-2022-2531
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing...
CVE-2022-2531
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing...
PT-2022-17203 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.5 through 15.0.4 GitLab EE versions 15.1 through 15.1.3 GitLab EE versions 15.2 through 15.2.0 Description: An issue has been discovered in GitLab EE where it was not performing correct authentication on Grafana API unde...
GitLab 12.5 < 15.0.5 / 15.1 < 15.1.4 / 15.2 < 15.2.1 (CVE-2022-2531)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab...