Vulnerabilities > Grafana > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-05 | CVE-2024-5526 | Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. | 9.1 |
| 2023-06-22 | CVE-2023-3128 | Authentication Bypass by Spoofing vulnerability in Grafana Grafana is validating Azure AD accounts based on the email claim. | 9.8 |
| 2022-05-20 | CVE-2022-28660 | Missing Authentication for Critical Function vulnerability in Grafana 1.1.0/1.2.0/1.3.0 The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. | 9.8 |
| 2020-12-21 | CVE-2020-27846 | Misinterpretation of Input vulnerability in multiple products A signature verification vulnerability exists in crewjam/saml. | 9.8 |