Vulnerabilities > Grafana
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-06 | CVE-2022-32275 | Path Traversal vulnerability in Grafana 8.4.3 Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. | 7.5 |
| 2022-05-20 | CVE-2022-29170 | Open Redirect vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 8.5 |
| 2022-05-20 | CVE-2022-28660 | Missing Authentication for Critical Function vulnerability in Grafana 1.1.0/1.2.0/1.3.0 The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. | 9.8 |
| 2022-04-12 | CVE-2022-24812 | Improper Privilege Management vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 6.0 |
| 2022-03-21 | CVE-2022-26148 | Cleartext Storage of Sensitive Information vulnerability in multiple products An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. | 7.5 |
| 2022-02-08 | CVE-2022-21703 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. | 8.8 |
| 2022-02-08 | CVE-2022-21713 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. | 4.3 |
| 2022-02-08 | CVE-2022-21702 | Cross-site Scripting vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. | 5.4 |
| 2022-01-18 | CVE-2022-21673 | Grafana is an open-source platform for monitoring and observability. | 4.3 |
| 2021-12-10 | CVE-2021-43815 | Path Traversal vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 3.5 |