Grafana — свободная программная система визуализации данных, ориентированная на данные систем ИТ-мониторинга.
Релизный цикл, информация об уязвимостях
График релизов
Количество 381
GHSA-jfp3-g5xg-h74p
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.
GHSA-6858-383c-7xhr
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
GHSA-mvpr-q6rh-8vrp
Grafana XSS via a query alias for the ElasticSearch datasource
GHSA-xr3x-62qw-vc4w
Grafana stored XSS
GHSA-9hv8-4frf-cprf
Grafana XSS via a column style
GHSA-7m2x-qhrq-rp8h
Grafana XSS via the OpenTSDB datasource
GHSA-3jq7-8ph8-63xm
Grafana information disclosure
GHSA-m25m-5778-fm22
Grafana world readable configuration files
GHSA-46x4-c48q-4248
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
GHSA-ccmg-w4xm-p28v
Grafana XSS in header column rename
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-jfp3-g5xg-h74p The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have. | CVSS3: 6.5 | 1% Низкий | около 3 лет назад |
| GHSA-6858-383c-7xhr Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. | CVSS3: 7.1 | 0% Низкий | около 3 лет назад |
| GHSA-mvpr-q6rh-8vrp Grafana XSS via a query alias for the ElasticSearch datasource | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-xr3x-62qw-vc4w Grafana stored XSS | CVSS3: 5.4 | 68% Средний | около 3 лет назад |
| GHSA-9hv8-4frf-cprf Grafana XSS via a column style | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-7m2x-qhrq-rp8h Grafana XSS via the OpenTSDB datasource | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-3jq7-8ph8-63xm Grafana information disclosure | CVSS3: 5.5 | 0% Низкий | около 3 лет назад |
| GHSA-m25m-5778-fm22 Grafana world readable configuration files | CVSS3: 5.5 | 0% Низкий | около 3 лет назад |
| GHSA-46x4-c48q-4248 Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | 1% Низкий | около 3 лет назад | |
| GHSA-ccmg-w4xm-p28v Grafana XSS in header column rename | CVSS3: 6.1 | 3% Низкий | около 3 лет назад |
Уязвимостей на страницу