Vulnerabilities > Grafana
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-05 | CVE-2024-5526 | Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. | 9.1 |
2023-10-25 | CVE-2023-3010 | Cross-site Scripting vulnerability in Grafana Worldmap Panel Grafana is an open-source platform for monitoring and observability. | 6.1 |
2023-10-17 | CVE-2023-4399 | Unspecified vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 7.2 |
2023-10-16 | CVE-2023-4457 | Information Exposure Through an Error Message vulnerability in Grafana Google Sheets Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2. | 7.5 |
2023-10-16 | CVE-2023-4822 | Unspecified vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 7.2 |
2023-06-22 | CVE-2023-3128 | Authentication Bypass by Spoofing vulnerability in Grafana Grafana is validating Azure AD accounts based on the email claim. | 9.8 |
2023-06-06 | CVE-2023-2183 | Missing Authorization vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 6.4 |
2023-06-06 | CVE-2023-2801 | Improper Synchronization vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 5.3 |
2023-04-26 | CVE-2023-1387 | Unspecified vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 7.5 |
2023-03-23 | CVE-2023-1410 | Cross-site Scripting vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. | 4.8 |