Vulnerabilities > Grafana > Grafana > 5.2.5

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-12458 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An information-disclosure flaw was found in Grafana through 6.7.3.
local
low complexity
grafana redhat fedoraproject CWE-732
5.5
5.5
2020-04-27 CVE-2020-12052 Cross-site Scripting vulnerability in Grafana
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
network
grafana CWE-79
4.3
4.3
2020-04-24 CVE-2020-12245 Cross-site Scripting vulnerability in Grafana
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
network
grafana CWE-79
4.3
4.3
2019-09-03 CVE-2019-15043 Missing Authentication for Critical Function vulnerability in Grafana
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use.
network
low complexity
grafana CWE-306
7.5
7.5
2019-06-30 CVE-2019-13068 Cross-site Scripting vulnerability in Grafana
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
network
low complexity
grafana CWE-79
5.4
5.4
2018-12-13 CVE-2018-19039 Information Exposure vulnerability in multiple products
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
network
low complexity
grafana redhat netapp CWE-200
4.0
4.0