90 matches found
Grafana Agent flow mode unquoted service path
On a windows machine, the Grafana Agent Flow mode service prior to version 0.43.1 is vulnerable to a privilege escalation from local user to SYSTEM due to an unquoted service path. It is recommended that you remove the Grafana Agent Flow installation and do a clean install. An update will not...
Email verification is not required after email change
Grafana is an open-source platform for monitoring and observability. A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option “verifyemailenabled” will only validate email only on sign up. This issue has been...
Google Sheets data source plugin - API key leaks in error messages
The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerabilit...
Grafana ds proxy race condition
Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public...
JWT URL-login flow leaks token to data sources through request parameter in proxy requests
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the “urllogin” configuration option disabled by default, a...
Forward OAuth Identity Token can allow users to access some data sources
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...
Query resampling can cause unbounded memory allocations
A resample query can be used to trigger out-of-memory crashes in Grafana...
CVE-2025-41116
Grafana is an open-source platform for monitoring and observability. The Grafana-Databricks-Datasource is a plugin allowing Grafana to visualize data from Databricks Enterprise Versions between 1.6.0 and 1.12.0 are vulnerable to a bug when Oauth passthrough is enabled, and multiple users are usin...
Regex DoS in Zabbix Plugin in Grafana
Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...
Grafana Alerting DingDing Integration URL Exposed to Viewers
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...
Privilege escalation vulnerability for Organizations in Grafana
A privilege escalation vulnerability allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant. This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana...
Org admin can delete pending invites in different org
Organization admins can delete pending invites created in an organization they are not part of...
Information Leakage in grafana-plugin-sdk-go
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin . If credentials are included in the repository URI for instance, to allow for fetching of private...
SSRF in CSV Datasource Plugin
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare hos...
Grafana WorldMap Panel Plugin DOM XSS
Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability...
Stored XSS in ResourcePicker component
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren’t properly...
Email addresses and usernames can not be trusted
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...
Using email as a username can block other users from signing in
Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user’s login attempt by registering someone else’e email address as a username. A Grafana user’s username and email address are unique fields, th...
Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...
Grafana account takeover via OAuth vulnerability
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...
Stored XSS in Unified Alerting
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate...
Grafana datasource network restrictions bypass via HTTP redirects
Grafana is an open-source platform for monitoring and observability. In Grafana, the Request security feature allows list allows to configure Grafana in a way so that the instance does not call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to...
Broken Access Control in Alert manager: Viewer can send test alerts
Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...
Stored XSS in TraceView Panel
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span’s attributes/resources were not properly sanitized and this...
Spoofing originalUrl of snapshots
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be...
Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...
Grafana folders admin only permission privilege escalation
Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...
Escalation from admin to server admin when auth proxy is used
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...
Grafana Image Renderer leaking files
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
Grafana fine-grained access control API Key privilege escalation
Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...
Grafana Teams API IDOR
Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID,...
Grafana proxy XSS
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...
Grafana Cross Site Request Forgery
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example,...
Grafana OnCall Webhook SSRF
Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery SSRF...
Grafana authentication bypass using Azure AD OAuth
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...
Stored XSS in Graphite FunctionDescription tooltip
Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have contro...
Text panel plugin XSS
Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin “Text”. The stored XSS vulnerability requires several user interactions in order to be...
XSS In Geomap Via Attribution
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren’t properly sanitized and allowed arbitrary JavaScript...
Use of Cache Containing Sensitive Information
Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafanasession . As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the...
Plugin signature bypass
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...