Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016678 advisory. Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin...

EUVD-2024-1853

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-21702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or...

GHSA-X744-MM8V-VPGR Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-39201 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

GHSA-XC3P-28HW-Q24G Grafana proxy Cross-site Scripting

Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5.15 -...

grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability...

SUSE CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

SUSE CVE-2022-31130

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

grafana: XSS vulnerability in data source handling

A Cross-site scripting XSS vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting...

FreeBSD : Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (6877e164-6296-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6877e164-6296-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open source observability and data visualization platform. Starting with version...

OESA-2022-2077 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin prox...

grafana: XSS vulnerability in data source handling

A Cross-site scripting XSS vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting...

UBUNTU-CVE-2022-39201

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...

CVE-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...

Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...

Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana Labs reports: On September 7th as a result of an internal security audit we have discovered that Grafana could leak the authentication cookie of users to plugins. After further analysis the vulnerability impacts data source and plugin proxy endpoints under certain conditions. We believe...

Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana Labs reports: On June 26 a security researcher contacted Grafana Labs to disclose a vulnerability with the GitLab data source plugin that could leak the API key to GitLab. After further analysis the vulnerability impacts data source and plugin proxy endpoints with authentication tokens bu...

OESA-2022-1599 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin prox...