Vulnerabilities > Grafana
|2021-04-30||CVE-2021-31231|| Improper Input Validation vulnerability in Grafana Enterprise Metrics |
The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used.
| 2.1 |
|2021-03-22||CVE-2021-28148|| Improper Authentication vulnerability in Grafana |
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication.
| 5.0 |
|2021-03-22||CVE-2021-28147|| Unspecified vulnerability in Grafana |
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue.
| 3.5 |
|2021-03-22||CVE-2021-28146|| Incorrect Authorization vulnerability in Grafana |
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue.
| 4.0 |
|2021-03-22||CVE-2021-27962|| Incorrect Permission Assignment for Critical Resource vulnerability in Grafana |
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
| 4.9 |
|2021-03-18||CVE-2021-27358|| Unspecified vulnerability in Grafana |
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
| 5.0 |
|2020-12-21||CVE-2020-27846|| Misinterpretation of Input vulnerability in multiple products |
A signature verification vulnerability exists in crewjam/saml.
| 10.0 |
|2020-10-28||CVE-2020-24303|| Cross-Site Scripting vulnerability in Grafana |
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
| 4.3 |
|2020-08-28||CVE-2019-19499|| Information Exposure vulnerability in Grafana |
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
| 4.0 |
|2020-07-27||CVE-2020-11110|| Cross-Site Scripting vulnerability in Grafana |
| 4.3 |