Vulnerabilities > Grafana

DATE CVE VULNERABILITY TITLE RISK
2020-05-24 CVE-2020-13430 Cross-site Scripting vulnerability in Grafana
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
network
low complexity
grafana CWE-79
6.1
2020-05-24 CVE-2020-13429 Cross-site Scripting vulnerability in Grafana Piechart-Panel
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
network
grafana CWE-79
3.5
2020-04-29 CVE-2020-12459 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
local
low complexity
grafana fedoraproject CWE-732
5.5
2020-04-29 CVE-2020-12458 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An information-disclosure flaw was found in Grafana through 6.7.3.
local
low complexity
grafana redhat fedoraproject CWE-732
5.5
2020-04-27 CVE-2020-12052 Cross-site Scripting vulnerability in Grafana
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
network
grafana CWE-79
4.3
2020-04-24 CVE-2020-12245 Cross-site Scripting vulnerability in Grafana
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
network
grafana CWE-79
4.3
2019-09-23 CVE-2019-15635 Insufficiently Protected Credentials vulnerability in Grafana 5.4.0
An issue was discovered in Grafana 5.4.0.
network
low complexity
grafana CWE-522
4.0
2019-09-03 CVE-2019-15043 Missing Authentication for Critical Function vulnerability in Grafana
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use.
network
low complexity
grafana CWE-306
7.5
2019-06-30 CVE-2019-13068 Cross-site Scripting vulnerability in Grafana
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
network
low complexity
grafana CWE-79
5.4
2019-02-06 CVE-2015-9282 Cross-site Scripting vulnerability in Grafana Piechart-Panel
The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data.
network
grafana CWE-79
4.3