A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Max CVSS
10.0
EPSS Score
1.25%
Published
2020-12-21
Updated
2021-03-31
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-10-28
Updated
2022-06-03
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-05-24
Updated
2023-02-28
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-05-24
Updated
2020-05-26
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
Max CVSS
8.2
EPSS Score
72.83%
Published
2020-06-03
Updated
2021-01-29
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-04-29
Updated
2022-04-26
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
Max CVSS
5.5
EPSS Score
0.06%
Published
2020-04-29
Updated
2022-04-26
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
Max CVSS
6.1
EPSS Score
0.48%
Published
2020-04-24
Updated
2020-10-10
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-04-27
Updated
2020-05-11
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
Max CVSS
5.4
EPSS Score
0.51%
Published
2020-07-27
Updated
2023-02-10
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Max CVSS
6.5
EPSS Score
0.07%
Published
2020-08-28
Updated
2022-04-28
Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Max CVSS
6.1
EPSS Score
0.10%
Published
2020-06-02
Updated
2020-06-08
Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Max CVSS
6.1
EPSS Score
0.10%
Published
2020-06-02
Updated
2020-06-08
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Max CVSS
6.1
EPSS Score
0.23%
Published
2020-06-02
Updated
2022-03-29
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!