Vulnerabilities > Grafana > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-12 | CVE-2022-24812 | Improper Privilege Management vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 8.8 |
| 2022-02-08 | CVE-2022-21703 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. | 8.8 |
| 2021-12-08 | CVE-2021-41090 | Cleartext Storage of Sensitive Information vulnerability in Grafana Agent Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. | 7.5 |
| 2021-12-07 | CVE-2021-43798 | Path Traversal vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 7.5 |
| 2021-11-15 | CVE-2021-41244 | Incorrect Authorization vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 7.2 |
| 2021-10-05 | CVE-2021-39226 | Improper Authentication vulnerability in multiple products Grafana is an open source data visualization platform. | 7.3 |
| 2021-03-22 | CVE-2021-28148 | Missing Authentication for Critical Function vulnerability in Grafana One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. | 7.5 |
| 2021-03-22 | CVE-2021-27962 | Unspecified vulnerability in Grafana Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. | 7.1 |
| 2021-03-18 | CVE-2021-27358 | The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. | 7.5 |
| 2020-06-03 | CVE-2020-13379 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. | 8.2 |