Lucene search
K

6 matches found

OSV
OSV
added 2026/03/02 8:41 a.m.3 views

BIT-GRAFANA-2026-21725 Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS6AI score0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/25 12:35 p.m.6 views

CVE-2026-21725 Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS5.8AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 5:24 p.m.3 views

GO-2025-3843 Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource

Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource...

5CVSS7.1AI score0.0029EPSS
Exploits0References5
OSV
OSV
added 2025/07/09 12:1 a.m.8 views

MAL-2025-5696 Malicious code in grafana-iot-sitewise-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 97ddf55083335c582abfc892f9b5d93c8b5ee5232f0fa07ae4da45dd8eadc84b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/02 11:35 a.m.4 views

Malicious code in grafana-github-datasource (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 756c8548e63d376422abc6c7f12d97177a86331d9e8f4321c863bf8eeb5bf67a Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/01 2:19 a.m.5 views

Malicious code in esm-appdynamics-grafana-react-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18f395665c4d165d336c17cf90f183b9da91013f0d72574f6b2875830ed057d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Rows per page
Query Builder