Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1473

Malicious code in bioql PyPI...

4.3CVSS7AI score0.01773EPSS
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/26 8:52 a.m.7 views

Malicious code in @grafanacloud/plugins-platform-backend (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eb7ac91dd5a55c67e31e4875b9f32f5a8778e2d25e69dc79e81d418356990fa8 The OpenSSF Package Analysis project identified...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2024/11/14 9:59 a.m.21 views

CVE-2024-9476

A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizatio...

4.9CVSS6.9AI score0.00213EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/13 4:30 p.m.19 views

CVE-2024-9476 Privilege escalation vulnerability for Organizations in Grafana

A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizatio...

5.1CVSS7.1AI score0.00213EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 10:29 p.m.40 views

GHSA-P978-56HQ-R492 Grafana folders admin only permission privilege escalation

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control RBAC. Release 9.1.6, latest patch, also containing security fix: - Download Grafana...

7.6CVSS6AI score0.00612EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/14 10:29 p.m.38 views

Grafana folders admin only permission privilege escalation

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-36062 that affects Grafana instances which are using Grafana role-based access control RBAC. Release 9.1.6, latest patch, also containing security fix: - Download Grafana...

7.6CVSS7AI score0.00612EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/14 10:26 p.m.40 views

GHSA-VQC4-MPJ8-JXCH Grafana Race condition allowing privilege escalation

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes critical security fixes for CVE-2022-39328. Release 9.2.4, latest patch, also containing security fix: - Download Grafana 9.2.4 Appropriate patches have been applied to Grafana Cloud and as always, we...

9.8CVSS8.9AI score0.00922EPSS
Exploits0References4
OSV
OSV
added 2024/05/14 10:25 p.m.40 views

GHSA-FF5C-938W-8C9Q Grafana Escalation from admin to server admin when auth proxy is used

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: - Download Grafana 9.1.6 - Release not...

7.5CVSS7.2AI score0.01302EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/14 10:25 p.m.34 views

Grafana Escalation from admin to server admin when auth proxy is used

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: - Download Grafana 9.1.6 - Release not...

6.6CVSS7.1AI score0.01302EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/14 10:25 p.m.46 views

Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

7.5CVSS6.7AI score0.00964EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/05/14 10:22 p.m.48 views

GHSA-RHXJ-GH46-JVW8 Grafana Plugin signature bypass

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31123 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

8.4CVSS6.9AI score0.00249EPSS
Exploits0References5
OSV
OSV
added 2024/05/14 10:15 p.m.29 views

GHSA-VW7Q-P2QG-4M5F Grafana Stored Cross-site Scripting in Unified Alerting

Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for a stored Cross Site Scripting in Grafana. Release v.9.0.3, containing this security fix and other patches: - Download Grafana 9.0.3 - Release notes Release v.8.5.9,...

7.3CVSS7.6AI score0.68603EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/05/14 10:10 p.m.29 views

Grafana Fine-grained access control vulnerability

Impact On Nov. 2, during an internal security audit, we discovered that when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, ad...

9.1CVSS6.5AI score0.02834EPSS
Exploits0References6Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2023/01/24 9:0 a.m.18 views

This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. Well see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but before...

2.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/24 12:0 a.m.21 views

This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. We'll see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but befor...

2.4AI score
Exploits0
FreeBSD
FreeBSD
added 2021/12/09 12:0 a.m.39 views

Grafana -- Directory Traversal

GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...

4.3CVSS2.5AI score0.57991EPSS
Exploits0References1
OSV
OSV
added 2021/12/07 7:15 p.m.1 views

UBUNTU-CVE-2021-43798

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 except for patched versions iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: /public/plugins//, where is the plugin ID for any installe...

7.5CVSS7.1AI score0.88849EPSS
Exploits44References6
Rows per page
Query Builder