Vulnerabilities > Grafana > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2022-24812 Improper Privilege Management vulnerability in Grafana
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana CWE-269
8.8
2022-02-08 CVE-2022-21703 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana netapp fedoraproject CWE-352
8.8
2021-12-08 CVE-2021-41090 Cleartext Storage of Sensitive Information vulnerability in Grafana Agent
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack.
network
low complexity
grafana CWE-312
7.5
2021-12-07 CVE-2021-43798 Path Traversal vulnerability in Grafana
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana CWE-22
7.5
2021-11-15 CVE-2021-41244 Incorrect Authorization vulnerability in Grafana
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana CWE-863
7.2
2021-10-05 CVE-2021-39226 Improper Authentication vulnerability in multiple products
Grafana is an open source data visualization platform.
network
low complexity
grafana fedoraproject CWE-287
7.3
2021-03-22 CVE-2021-28148 Missing Authentication for Critical Function vulnerability in Grafana
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication.
network
low complexity
grafana CWE-306
7.5
2021-03-22 CVE-2021-27962 Unspecified vulnerability in Grafana
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
network
low complexity
grafana
7.1
2021-03-18 CVE-2021-27358 The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
network
low complexity
grafana netapp
7.5
2020-06-03 CVE-2020-13379 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue.
network
low complexity
grafana fedoraproject netapp opensuse CWE-918
8.2