exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 403

RLSA-2025:7894

6 месяцев назад

Important: grafana security update

EPSS: Средний

RLSA-2025:7893

4 месяца назад

Important: grafana security update

EPSS: Средний

RLSA-2025:7892

4 месяца назад

Important: grafana security update

EPSS: Средний

RLSA-2023:4030

больше 2 лет назад

Critical: grafana security update

EPSS: Низкий

RLSA-2022:1781

больше 3 лет назад

Low: grafana security, bug fix, and enhancement update

EPSS: Низкий

RLSA-2021:3771

больше 4 лет назад

Important: grafana security update

EPSS: Критический

GHSA-xw5p-hw8j-xg4q

почти 3 года назад

Grafana vulnerable to Cross-site Scripting

CVSS3: 5.4

EPSS: Средний

GHSA-xfc5-hp99-89qr

больше 3 лет назад

The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.

EPSS: Низкий

GHSA-x744-mm8v-vpgr

больше 1 года назад

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

CVSS3: 6.8

EPSS: Низкий

GHSA-x5fh-fvvr-892f

больше 3 лет назад

Grafana XSS Vulnerability

CVSS3: 5.4

EPSS: Низкий

GHSA-x2w4-c67p-g44j

больше 2 лет назад

Grafana Missing Synchronization vulnerability

CVSS3: 7.5

EPSS: Низкий

GHSA-w62r-7c53-fmc5

2 месяца назад

Grafana Incorrect Privilege Assignment vulnerability

CVSS3: 10

EPSS: Низкий

GHSA-vqc4-mpj8-jxch

больше 1 года назад

Grafana Race condition allowing privilege escalation

CVSS3: 9.8

EPSS: Низкий

GHSA-vq62-87gp-hrvv

больше 3 лет назад

Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI.

CVSS3: 7.5

EPSS: Средний

GHSA-vfhw-75mr-pg52

больше 3 лет назад

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box.

CVSS3: 4.9

EPSS: Низкий

GHSA-qrrg-gw7w-vp76

почти 3 года назад

Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip

CVSS3: 6.2

EPSS: Низкий

GHSA-qhvm-m99m-qq44

больше 3 лет назад

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

CVSS3: 7.5

EPSS: Низкий

GHSA-q99m-qcv4-fpm7

больше 1 года назад

Grafana Command Injection And Local File Inclusion Via Sql Expressions

CVSS3: 9.9

EPSS: Критический

GHSA-q8jm-f67m-5xxq

больше 3 лет назад

** DISPUTED ** Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability.

CVSS3: 7.5

EPSS: Низкий

GHSA-q53q-gxq9-mgrj

9 месяцев назад

Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin

CVSS3: 7.6

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
RLSA-2025:7894 Important: grafana security update		14% Средний	6 месяцев назад
RLSA-2025:7893 Important: grafana security update		14% Средний	4 месяца назад
RLSA-2025:7892 Important: grafana security update		14% Средний	4 месяца назад
RLSA-2023:4030 Critical: grafana security update		2% Низкий	больше 2 лет назад
RLSA-2022:1781 Low: grafana security, bug fix, and enhancement update		6% Низкий	больше 3 лет назад
RLSA-2021:3771 Important: grafana security update		94% Критический	больше 4 лет назад
GHSA-xw5p-hw8j-xg4q Grafana vulnerable to Cross-site Scripting	CVSS3: 5.4	52% Средний	почти 3 года назад
GHSA-xfc5-hp99-89qr The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.		0% Низкий	больше 3 лет назад
GHSA-x744-mm8v-vpgr Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins	CVSS3: 6.8	0% Низкий	больше 1 года назад
GHSA-x5fh-fvvr-892f Grafana XSS Vulnerability	CVSS3: 5.4	0% Низкий	больше 3 лет назад
GHSA-x2w4-c67p-g44j Grafana Missing Synchronization vulnerability	CVSS3: 7.5	1% Низкий	больше 2 лет назад
GHSA-w62r-7c53-fmc5 Grafana Incorrect Privilege Assignment vulnerability	CVSS3: 10	0% Низкий	2 месяца назад
GHSA-vqc4-mpj8-jxch Grafana Race condition allowing privilege escalation	CVSS3: 9.8	2% Низкий	больше 1 года назад
GHSA-vq62-87gp-hrvv Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI.	CVSS3: 7.5	65% Средний	больше 3 лет назад
GHSA-vfhw-75mr-pg52 An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box.	CVSS3: 4.9	0% Низкий	больше 3 лет назад
GHSA-qrrg-gw7w-vp76 Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip	CVSS3: 6.2	1% Низкий	почти 3 года назад
GHSA-qhvm-m99m-qq44 One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.	CVSS3: 7.5	6% Низкий	больше 3 лет назад
GHSA-q99m-qcv4-fpm7 Grafana Command Injection And Local File Inclusion Via Sql Expressions	CVSS3: 9.9	94% Критический	больше 1 года назад
GHSA-q8jm-f67m-5xxq DISPUTED Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability.	CVSS3: 7.5	10% Низкий	больше 3 лет назад
GHSA-q53q-gxq9-mgrj Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin	CVSS3: 7.6	14% Средний	9 месяцев назад

Уязвимостей на страницу