Vulnerabilities > Grafana > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-05 CVE-2024-5526 Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall
Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity.
network
low complexity
grafana CWE-918
critical
9.1
2023-06-22 CVE-2023-3128 Authentication Bypass by Spoofing vulnerability in Grafana
Grafana is validating Azure AD accounts based on the email claim.
network
low complexity
grafana CWE-290
critical
9.8
2022-05-20 CVE-2022-28660 Missing Authentication for Critical Function vulnerability in Grafana 1.1.0/1.2.0/1.3.0
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used.
network
low complexity
grafana CWE-306
critical
9.8
2020-12-21 CVE-2020-27846 Misinterpretation of Input vulnerability in multiple products
A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject CWE-115
critical
9.8