Vulnerabilities > Grafana

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-29	CVE-2020-12458	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An information-disclosure flaw was found in Grafana through 6.7.3. local low complexity grafana redhat fedoraproject CWE-732	5.5
2020-04-27	CVE-2020-12052	Cross-site Scripting vulnerability in Grafana Grafana version < 6.7.3 is vulnerable for annotation popup XSS. network grafana CWE-79	4.3
2020-04-24	CVE-2020-12245	Cross-site Scripting vulnerability in Grafana Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. network grafana CWE-79	4.3
2019-09-23	CVE-2019-15635	Insufficiently Protected Credentials vulnerability in Grafana 5.4.0 An issue was discovered in Grafana 5.4.0. network low complexity grafana CWE-522	4.0
2019-09-03	CVE-2019-15043	Missing Authentication for Critical Function vulnerability in Grafana In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. network low complexity grafana CWE-306	7.5
2019-06-30	CVE-2019-13068	Cross-site Scripting vulnerability in Grafana public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). network low complexity grafana CWE-79	5.4
2019-02-06	CVE-2015-9282	Cross-site Scripting vulnerability in Grafana Piechart-Panel The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. network grafana CWE-79	4.3
2018-12-20	CVE-2018-1000816	Cross-site Scripting vulnerability in Grafana 5.2.4/5.3.0 Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. network grafana CWE-79	3.5
2018-12-13	CVE-2018-19039	Information Exposure vulnerability in multiple products Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. network low complexity grafana redhat netapp CWE-200	4.0
2018-08-29	CVE-2018-15727	Improper Authentication vulnerability in multiple products Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. network low complexity grafana redhat CWE-287	7.5

Vulnerabilities > Grafana {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Grafana"}]}

Vulnerabilities > Grafana