Grafana Security Vulnerabilities and Issues — Grafana CVE List

Lucene search

GrafanaGrafana

8 matches found

CVE•added 2022/02/08 9:15 p.m.•1142 views

CVE-2022-21703

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Edito...

8.8CVSS7.3AI score0.01791EPSS

CVE•added 2024/03/07 6:15 p.m.•420 views

CVE-2024-1442

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *.Doing this will grant the user access to read, query, edit and delete all data sources within the organization.

8.8CVSS6AI score0.00453EPSS

CVE•added 2020/06/03 7:15 p.m.•309 views

CVE-2020-13379

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that...

8.2CVSS8.1AI score0.92743EPSS

In wildWeb

CVE•added 2023/02/03 10:15 p.m.•277 views

CVE-2022-23498

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafana_session. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vuln...

8.8CVSS7.6AI score0.00096EPSS

CVE•added 2022/11/09 10:15 p.m.•190 views

CVE-2022-39306

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non ex...

8.1CVSS6.8AI score0.00276EPSS

CVE•added 2022/07/15 12:15 p.m.•183 views

CVE-2022-31097

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privile...

8.7CVSS7.5AI score0.51102EPSS

CVE•added 2022/05/20 4:15 p.m.•119 views

CVE-2022-29170

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and p...

8.5CVSS7.1AI score0.0006EPSS

CVE•added 2022/04/12 5:15 p.m.•110 views

CVE-2022-24812

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed,...

8.8CVSS8.3AI score0.00122EPSS