Количество 6
Количество 6
CVE-2022-29170
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known workarounds.
CVE-2022-29170
Grafana is an open-source platform for monitoring and observability. I ...
BDU:2024-02598
Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с перенаправлением URL-адреса на ненадежный сайт, позволяющая нарушителю перенаправить пользователя на произвольный сайт
SUSE-SU-2022:4437-1
Security update for SUSE Manager Client Tools
SUSE-SU-2022:4428-1
Security update for grafana
ROS-20240403-01
Множественные уязвимости grafana
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-29170 Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known workarounds. | CVSS3: 6.6 | 0% Низкий | около 3 лет назад |
| CVE-2022-29170 Grafana is an open-source platform for monitoring and observability. I ... | CVSS3: 6.6 | 0% Низкий | около 3 лет назад |
 | BDU:2024-02598 Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с перенаправлением URL-адреса на ненадежный сайт, позволяющая нарушителю перенаправить пользователя на произвольный сайт | CVSS3: 8.5 | 0% Низкий | около 3 лет назад |
 | SUSE-SU-2022:4437-1 Security update for SUSE Manager Client Tools | больше 2 лет назад | ||
| SUSE-SU-2022:4428-1 Security update for grafana | больше 2 лет назад | ||
 | ROS-20240403-01 Множественные уязвимости grafana | CVSS3: 9.8 | около 1 года назад |
Уязвимостей на страницу