Grafana — свободная программная система визуализации данных, ориентированная на данные систем ИТ-мониторинга.
Релизный цикл, информация об уязвимостях
График релизов
Количество 391
GHSA-jfp3-g5xg-h74p
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.
GHSA-6858-383c-7xhr
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
GHSA-mvpr-q6rh-8vrp
Grafana XSS via a query alias for the ElasticSearch datasource
GHSA-xr3x-62qw-vc4w
Grafana stored XSS
GHSA-9hv8-4frf-cprf
Grafana XSS via a column style
GHSA-7m2x-qhrq-rp8h
Grafana XSS via the OpenTSDB datasource
GHSA-3jq7-8ph8-63xm
Grafana information disclosure
GHSA-m25m-5778-fm22
Grafana world readable configuration files
GHSA-46x4-c48q-4248
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
GHSA-ccmg-w4xm-p28v
Grafana XSS in header column rename
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-jfp3-g5xg-h74p The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have. | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад |
| GHSA-6858-383c-7xhr Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. | CVSS3: 7.1 | 0% Низкий | больше 3 лет назад |
| GHSA-mvpr-q6rh-8vrp Grafana XSS via a query alias for the ElasticSearch datasource | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-xr3x-62qw-vc4w Grafana stored XSS | CVSS3: 5.4 | 74% Высокий | больше 3 лет назад |
| GHSA-9hv8-4frf-cprf Grafana XSS via a column style | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-7m2x-qhrq-rp8h Grafana XSS via the OpenTSDB datasource | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-3jq7-8ph8-63xm Grafana information disclosure | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад |
| GHSA-m25m-5778-fm22 Grafana world readable configuration files | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад |
| GHSA-46x4-c48q-4248 Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | 1% Низкий | больше 3 лет назад | |
| GHSA-ccmg-w4xm-p28v Grafana XSS in header column rename | CVSS3: 6.1 | 3% Низкий | больше 3 лет назад |
Уязвимостей на страницу