Vulnerabilities > Grafana > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-05 CVE-2024-5526 Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall
Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity.
network
low complexity
grafana CWE-918
critical
9.1
2023-06-22 CVE-2023-3128 Authentication Bypass by Spoofing vulnerability in Grafana
Grafana is validating Azure AD accounts based on the email claim.
network
low complexity
grafana CWE-290
critical
9.8
2022-05-20 CVE-2022-28660 Missing Authentication for Critical Function vulnerability in Grafana 1.1.0/1.2.0/1.3.0
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used.
network
low complexity
grafana CWE-306
critical
9.8
2022-03-21 CVE-2022-26148 Cleartext Storage of Sensitive Information vulnerability in multiple products
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix.
network
low complexity
grafana redhat CWE-312
critical
9.8
2020-12-21 CVE-2020-27846 A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject
critical
9.8
2018-08-29 CVE-2018-15727 Improper Authentication vulnerability in multiple products
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
network
low complexity
grafana redhat CWE-287
critical
9.8