Vulnerabilities > Grafana > Grafana > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-3128 Authentication Bypass by Spoofing vulnerability in Grafana
Grafana is validating Azure AD accounts based on the email claim.
network
low complexity
grafana CWE-290
critical
9.8
2022-05-20 CVE-2022-28660 Missing Authentication for Critical Function vulnerability in Grafana 1.1.0/1.2.0/1.3.0
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used.
network
low complexity
grafana CWE-306
critical
9.8
2020-12-21 CVE-2020-27846 Misinterpretation of Input vulnerability in multiple products
A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject CWE-115
critical
9.8