Vulnerabilities > Grafana > Grafana > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-3128 Authentication Bypass by Spoofing vulnerability in Grafana
Grafana is validating Azure AD accounts based on the email claim.
network
low complexity
grafana CWE-290
critical
9.8
2022-05-20 CVE-2022-28660 Missing Authentication for Critical Function vulnerability in Grafana 1.1.0/1.2.0/1.3.0
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used.
network
low complexity
grafana CWE-306
critical
9.8
2022-03-21 CVE-2022-26148 Cleartext Storage of Sensitive Information vulnerability in multiple products
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix.
network
low complexity
grafana redhat CWE-312
critical
9.8
2020-12-21 CVE-2020-27846 A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject
critical
9.8
2018-08-29 CVE-2018-15727 Improper Authentication vulnerability in multiple products
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
network
low complexity
grafana redhat CWE-287
critical
9.8