Grafana — свободная программная система визуализации данных, ориентированная на данные систем ИТ-мониторинга.
Релизный цикл, информация об уязвимостях
График релизов
Количество 380
CVE-2018-18625
Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
CVE-2020-12459
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
CVE-2020-12458
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
CVE-2020-12458
An information-disclosure flaw was found in Grafana through 6.7.3. The ...
CVE-2020-12458
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
CVE-2020-12052
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2018-18625 Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
 | CVE-2020-13430 Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | CVSS3: 6.1 | 0% Низкий | около 5 лет назад |
| CVE-2020-13430 Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | CVSS3: 6.1 | 0% Низкий | около 5 лет назад |
 | CVE-2020-13430 Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | CVSS3: 6.1 | 0% Низкий | около 5 лет назад |
| CVE-2020-13430 Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | CVSS3: 6.1 | 0% Низкий | около 5 лет назад |
| CVE-2020-12459 In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable. | CVSS3: 5.5 | 0% Низкий | около 5 лет назад |
| CVE-2020-12458 An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). | CVSS3: 5.5 | 0% Низкий | около 5 лет назад |
| CVE-2020-12458 An information-disclosure flaw was found in Grafana through 6.7.3. The ... | CVSS3: 5.5 | 0% Низкий | около 5 лет назад |
| CVE-2020-12458 An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). | CVSS3: 5.5 | 0% Низкий | около 5 лет назад |
| CVE-2020-12052 Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
Уязвимостей на страницу