172 matches found
CVE-2020-13430
CVE-2020-13430 affects Grafana before 7.0.0, enabling cross-site scripting via the OpenTSDB datasource tag value. The vulnerability is tied to the Grafana OpenTSDB data source handling and is mitigated by upgrading Grafana to version 7.0.0 or newer (as noted in the Grafana 7.0.0 release). Other N...
[SECURITY] Fedora 32 Update: grafana-6.7.3-1.fc32
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
[SECURITY] Fedora 31 Update: grafana-6.7.3-1.fc31
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
Moderate: Red Hat Security Advisory: grafana security, bug fix, and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Fedora Update for grafana FEDORA-2019-77d612eab4
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for grafana FEDORA-2019-0bb6b876da
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 29 Update: grafana-6.3.4-1.fc29
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
[SECURITY] Fedora 30 Update: grafana-6.3.4-1.fc30
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
Cross-Site Scripting (XSS)
opentsdb is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the type parameter with the /suggest URI...
Cross-site Scripting (XSS)
opentsdb is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the json parameter with the /q URL...
Remote Code Execution (RCE)
opentsdb is vulnerable to remote code execution RCE attacks. A malicious user can inject and execute arbitrary commands through a q request using the o, key, style, yrange , y2range parameters and the JSON input...
OpenTSDB cross-site scripting vulnerability (CNVD-2018-13554)
OpenTSDB is a set of open source, scalable distributed time series database. A cross-site scripting vulnerability exists in OpenTSDB version 2.3.0. A remote attacker can exploit this vulnerability by sending the 'type' parameter to the /suggest URI to inject arbitrary Web script or HTML...
Design/Logic Flaw
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...
CVE-2018-13003
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...
CVE-2018-13003
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...
CVE-2018-13003
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...
CVE-2018-13003
OpenTSDB 2.3.0 contains a reflected XSS in the /suggest endpoint where the parameter type is not properly sanitized, enabling injection of arbitrary JavaScript into the browser of a targeted user. The issue’s root cause is related to insufficient input validation of parameters reflected in respon...
Input validation
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input...
CVE-2018-12972
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input...
CVE-2018-12973
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI...