Vulnerabilities > Grafana

DATE CVE VULNERABILITY TITLE RISK
2022-10-13 CVE-2022-31123 Improper Verification of Cryptographic Signature vulnerability in multiple products
Grafana is an open source observability and data visualization platform.
local
low complexity
grafana netapp CWE-347
7.8
7.8
2022-09-22 CVE-2022-36062 Improper Preservation of Permissions vulnerability in Grafana
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana CWE-281
3.8
3.8
2022-09-20 CVE-2022-35957 Authentication Bypass by Spoofing vulnerability in multiple products
Grafana is an open-source platform for monitoring and observability.
network
high complexity
grafana fedoraproject CWE-290
6.6
6.6
2022-09-02 CVE-2022-31176 Missing Authentication for Critical Function vulnerability in Grafana Grafana-Image-Renderer
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome).
network
low complexity
grafana CWE-306
8.1
8.1
2022-07-15 CVE-2022-31107 Incorrect Authorization vulnerability in multiple products
Grafana is an open-source platform for monitoring and observability.
network
high complexity
grafana netapp CWE-863
7.5
7.5
2022-07-15 CVE-2022-31097 Cross-site Scripting vulnerability in multiple products
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana netapp CWE-79
8.7
8.7
2022-06-17 CVE-2022-32276 Improper Authentication vulnerability in Grafana 8.4.3
Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI.
network
low complexity
grafana CWE-287
7.5
7.5
2022-06-06 CVE-2022-32275 Path Traversal vulnerability in Grafana 8.4.3
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/..
network
low complexity
grafana CWE-22
7.5
7.5
2022-05-20 CVE-2022-29170 Open Redirect vulnerability in Grafana
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana CWE-601
8.5
8.5
2022-05-20 CVE-2022-28660 Missing Authentication for Critical Function vulnerability in Grafana 1.1.0/1.2.0/1.3.0
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used.
network
low complexity
grafana CWE-306
critical
 9.8
9.8