Vulnerabilities > Grafana > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-05 CVE-2021-39226 Improper Authentication vulnerability in multiple products
Grafana is an open source data visualization platform.
network
low complexity
grafana fedoraproject CWE-287
7.3
2020-06-03 CVE-2020-13379 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue.
network
low complexity
grafana fedoraproject netapp opensuse CWE-918
8.2
2019-09-03 CVE-2019-15043 Missing Authentication for Critical Function vulnerability in Grafana
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use.
network
low complexity
grafana CWE-306
7.5
2018-08-29 CVE-2018-15727 Improper Authentication vulnerability in multiple products
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
network
low complexity
grafana redhat CWE-287
7.5