Grafana — свободная программная система визуализации данных, ориентированная на данные систем ИТ-мониторинга.
Релизный цикл, информация об уязвимостях
График релизов
Количество 380
GHSA-6858-383c-7xhr
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
GHSA-mvpr-q6rh-8vrp
Grafana XSS via a query alias for the ElasticSearch datasource
GHSA-xr3x-62qw-vc4w
Grafana stored XSS
GHSA-9hv8-4frf-cprf
Grafana XSS via a column style
GHSA-7m2x-qhrq-rp8h
Grafana XSS via the OpenTSDB datasource
GHSA-3jq7-8ph8-63xm
Grafana information disclosure
GHSA-m25m-5778-fm22
Grafana world readable configuration files
GHSA-46x4-c48q-4248
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
GHSA-ccmg-w4xm-p28v
Grafana XSS in header column rename
GHSA-vfhw-75mr-pg52
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-6858-383c-7xhr Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. | CVSS3: 7.1 | 0% Низкий | около 3 лет назад |
| GHSA-mvpr-q6rh-8vrp Grafana XSS via a query alias for the ElasticSearch datasource | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-xr3x-62qw-vc4w Grafana stored XSS | CVSS3: 5.4 | 68% Средний | около 3 лет назад |
| GHSA-9hv8-4frf-cprf Grafana XSS via a column style | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-7m2x-qhrq-rp8h Grafana XSS via the OpenTSDB datasource | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-3jq7-8ph8-63xm Grafana information disclosure | CVSS3: 5.5 | 0% Низкий | около 3 лет назад |
| GHSA-m25m-5778-fm22 Grafana world readable configuration files | CVSS3: 5.5 | 0% Низкий | около 3 лет назад |
| GHSA-46x4-c48q-4248 Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | 1% Низкий | около 3 лет назад | |
| GHSA-ccmg-w4xm-p28v Grafana XSS in header column rename | CVSS3: 6.1 | 3% Низкий | около 3 лет назад |
| GHSA-vfhw-75mr-pg52 An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box. | CVSS3: 4.9 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу