Vulnerabilities > Grafana > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-05 | CVE-2024-5526 | Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. | 9.1 |
| 2023-06-22 | CVE-2023-3128 | Authentication Bypass by Spoofing vulnerability in Grafana Grafana is validating Azure AD accounts based on the email claim. | 9.8 |
| 2022-05-20 | CVE-2022-28660 | Missing Authentication for Critical Function vulnerability in Grafana 1.1.0/1.2.0/1.3.0 The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. | 9.8 |
| 2022-03-21 | CVE-2022-26148 | Cleartext Storage of Sensitive Information vulnerability in multiple products An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. | 9.8 |
| 2020-12-21 | CVE-2020-27846 | Misinterpretation of Input vulnerability in multiple products A signature verification vulnerability exists in crewjam/saml. | 9.8 |
| 2018-08-29 | CVE-2018-15727 | Improper Authentication vulnerability in multiple products Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. | 9.8 |