Vulnerabilities > Grafana > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-24 CVE-2020-13429 Cross-site Scripting vulnerability in Grafana Piechart-Panel
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
network
low complexity
grafana CWE-79
5.4
2020-04-29 CVE-2020-12459 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
local
low complexity
grafana fedoraproject CWE-732
5.5
2020-04-29 CVE-2020-12458 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An information-disclosure flaw was found in Grafana through 6.7.3.
local
low complexity
grafana redhat fedoraproject CWE-732
5.5
2020-04-27 CVE-2020-12052 Cross-site Scripting vulnerability in Grafana
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
network
low complexity
grafana CWE-79
6.1
2020-04-24 CVE-2020-12245 Cross-site Scripting vulnerability in Grafana
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
network
low complexity
grafana CWE-79
6.1
2019-09-23 CVE-2019-15635 Insufficiently Protected Credentials vulnerability in Grafana 5.4.0
An issue was discovered in Grafana 5.4.0.
network
low complexity
grafana CWE-522
4.9
2019-06-30 CVE-2019-13068 Cross-site Scripting vulnerability in Grafana
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
network
low complexity
grafana CWE-79
5.4
2019-02-06 CVE-2015-9282 Cross-site Scripting vulnerability in Grafana Piechart-Panel
The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data.
network
low complexity
grafana CWE-79
6.1
2018-12-20 CVE-2018-1000816 Cross-site Scripting vulnerability in Grafana 5.2.4/5.3.0
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser..
network
low complexity
grafana CWE-79
5.4
2018-12-13 CVE-2018-19039 Information Exposure vulnerability in multiple products
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
network
low complexity
grafana redhat netapp CWE-200
6.5