Grafana — свободная программная система визуализации данных, ориентированная на данные систем ИТ-мониторинга.
Релизный цикл, информация об уязвимостях
График релизов
Количество 380
GHSA-4pff-25fv-cm83
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
CVE-2023-5122
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
CVE-2023-6152
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
GHSA-3hv4-r2fm-h27f
Email Validation Bypass And Preventing Sign Up From Email's Owner
CVE-2023-6152
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
CVE-2023-6152
A user changing their email after signing up and verifying it can chan ...
CVE-2023-6152
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
GHSA-8pjx-jj86-j47p
Grafana path traversal
GHSA-cmf4-h3xc-jw8w
Grafana Cross Site Request Forgery (CSRF)
GHSA-v5gq-qvjq-8p53
Grafana Cross-site Scripting (XSS)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-4pff-25fv-cm83 Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator | CVSS3: 5 | 0% Низкий | больше 1 года назад |
 | CVE-2023-5122 Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator | CVSS3: 5 | 0% Низкий | больше 1 года назад |
 | CVE-2023-6152 A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
| GHSA-3hv4-r2fm-h27f Email Validation Bypass And Preventing Sign Up From Email's Owner | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
| CVE-2023-6152 A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
| CVE-2023-6152 A user changing their email after signing up and verifying it can chan ... | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
 | CVE-2023-6152 A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
| GHSA-8pjx-jj86-j47p Grafana path traversal | CVSS3: 7.5 | 94% Критический | больше 1 года назад |
| GHSA-cmf4-h3xc-jw8w Grafana Cross Site Request Forgery (CSRF) | CVSS3: 6.8 | 2% Низкий | больше 1 года назад |
| GHSA-v5gq-qvjq-8p53 Grafana Cross-site Scripting (XSS) | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу