27 matches found
Grafana 11.6.x < 11.6.3 Multiples Vulnerabilities
According to its self-reported version, the Grafana install hosted on the remote host is prior to 11.3.8, or 11.4.x prior to 11.4.6, or 11.5.x prior to 11.5.6, or 11.6.x prior to 11.6.3, or 12.0.x prior to 12.0.2, or 12.1.x prior to 12.1.2. It is, therefore, affected by multiples vulnerabilities....
EUVD-2024-1473
Malicious code in bioql PyPI...
EUVD-2022-33572
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-1000816
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running...
Linux Distros Unpatched Vulnerability : CVE-2018-15727
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid remember me cookie knowing onl...
U.S. Dept Of Defense: CVE‑2025‑4123 — Grafana Open Redirect → Stored XSS → SSRF (Full Read) at ██████
A vulnerability, identified as CVE-2025-4123, was discovered in Grafana OSS and Enterprise versions 8.x through 12.x. The vulnerability allowed unauthenticated attackers to chain multiple flaws, including an open redirect through path traversal in the public redirect handler, stored cross-site...
PT-2025-25859 · Google +2 · Chromium +2
Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 11.6.2 Description: The issue is caused by an excessively long dashboard title or panel name, leading to Improper Input Validation vulnerability in Grafana, which affects Chromium browsers and causes them to become...
Grafana < 10.4.15 Exposure Of Sensitive Information To An Unauthorized Actor
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.15, or earlier than 11.0.11, or earlier than 11.1.11, or earlier than 11.2.6, or earlier than 11.3.3, or earlier than 11.4.1. It is, therefore, affected by a exposure of sensitive informatio...
Grafana 11.6.x < 11.6.2 Improper Access Control
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.19, or 11.2.x earlier than 11.2.10, or 11.3.x earlier than 11.3.7, or 11.4.x earlier than 11.4.5, or 11.5.x earlier than 11.5.5, or 11.6.x earlier than 11.6.2, or 12.0.x earlier than 12.0.1...
Grafana 11.4.x < 11.4.5 Improper Access Control
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.19, or 11.2.x earlier than 11.2.10, or 11.3.x earlier than 11.3.7, or 11.4.x earlier than 11.4.5, or 11.5.x earlier than 11.5.5, or 11.6.x earlier than 11.6.2, or 12.0.x earlier than 12.0.1...
Grafana 10.0.x < 10.0.11 Incorrect Authorization
According to its self-reported version, the Grafana install hosted on the remote host is 9.5.x earlier than 9.5.16, or 10.0.x earlier than 10.0.11, or 10.1.x earlier than 10.1.7, or 10.2.x earlier than 10.2.4, or 10.3.x earlier than 10.3.3. It is, therefore, affected by a incorrect authorization...
Grafana 9.3.x < 9.3.4 Cross-site Scripting
According to its self-reported version, the Grafana install hosted on the remote host is earlier than 9.2.10, or 9.3.x earlier than 9.3.4. It is, therefore, affected by a cross-site scripting vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the...
Grafana 10.0.x < 10.0.12 Improper Privilege Management
According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 9.5.7, or 10.0.x earlier than 10.0.12, or 10.1.x earlier than 10.1.8, or 10.2.x earlier than 10.2.5, or 10.3.x earlier than 10.3.4. It is, therefore, affected by a improper privilege...
Grafana 10.1.x < 10.1.8 Improper Privilege Management
According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 9.5.7, or 10.0.x earlier than 10.0.12, or 10.1.x earlier than 10.1.8, or 10.2.x earlier than 10.2.5, or 10.3.x earlier than 10.3.4. It is, therefore, affected by a improper privilege...
PT-2025-17602 · Grafana +1 · Grafana +1
Name of the Vulnerable Software and Affected Versions: Grafana versions v0alpha1 through v2alpha1 Description: A security issue in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The impact includes viewers being able to view all...
PT-2025-1685 · Grafana +2 · Grafana +2
Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 10.4.15 Grafana versions prior to 11.0.11 Grafana versions prior to 11.1.11 Grafana versions prior to 11.2.6 Grafana versions prior to 11.3.3 Grafana versions prior to 11.4.1 Grafana versions prior to 11.5.0...
PT-2024-7005
Name of the Vulnerable Software and Affected Versions Grafana versions prior to v11.0.6+security-01 Grafana versions prior to v11.1.7+security-01 Grafana versions prior to v11.2.2+security-01 Description The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queri...
grafana security and enhancement update
9.2.10-7 - resolve RHEL-12649 - resolve CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work - testing is turned off due to test failures caused by testing date mismatch 9.2.10-6 - Add /usr/share/grafana to systemd-sysusers --replace 9.2.10-5 - resolve CVE-2023-3128 grafana:...
Broken Access Control in Alert manager: Viewer can send test alerts
Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...
Stored XSS in Graphite FunctionDescription tooltip
Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have contro...