Grafana 安全漏洞

Grafana is a set of open-source monitoring tools provided by Grafana Open Source, which offer a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability; this vulnerability stems from the...

GSA Bounty: 2FA bypass - confirmation tokens don't expire

Hi there, Because of the limitation of the site, accounts may be locked down for 10 minutes. I found 2 ways to bypass this lock period. First one with the confirmation mail that we get when we sign on. If we get the token this way below, we can change account password and bypass the lock period a...