Vulnerabilities > Grafana > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-18 | CVE-2024-9264 | Command Injection vulnerability in Grafana 11.0.0 The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. | 8.8 |
2024-09-25 | CVE-2024-8975 | Unquoted Search Path or Element vulnerability in Grafana Alloy 1.4.0 Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1. | 7.8 |
2024-09-25 | CVE-2024-8996 | Unquoted Search Path or Element vulnerability in Grafana Agent Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2 | 7.8 |
2023-10-17 | CVE-2023-4399 | Unspecified vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 7.2 |
2023-10-16 | CVE-2023-4457 | Information Exposure Through an Error Message vulnerability in Grafana Google Sheets Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2. | 7.5 |
2023-10-16 | CVE-2023-4822 | Unspecified vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 7.2 |
2023-04-26 | CVE-2023-1387 | Unspecified vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 7.5 |
2023-02-03 | CVE-2022-23498 | Unspecified vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 8.8 |
2022-12-20 | CVE-2022-44643 | Unspecified vulnerability in Grafana Enterprise Metrics A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. | 8.8 |
2022-11-09 | CVE-2022-39306 | Improper Input Validation vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 8.1 |