Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115 , carries a CVSS score of 10.0. It resides in the System for Cross-domain Identi...

Linux Distros Unpatched Vulnerability : CVE-2022-39307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the...

Email verification is not required after email change

Grafana is an open-source platform for monitoring and observability. A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option “verifyemailenabled” will only validate email only on sign up. This issue has been...

OESA-2022-1870 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has...

OPENSUSE-SU-2021:2662-1 Security update for grafana

This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call bsc1183803 - Update to version 7.5.7: Updated relref to 'Configuring exemplars' section 34240 34243 Added exemplar topic 34147 34226 Quota: D...