Grafana vulnerable to Authentication Bypass by Spoofing

Grafana world readable configuration files

Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.

Grafana vulnerable to Cross-site Scripting

Grafana when using email as a username can block other users from signing in

Grafana privilege escalation vulnerability

Grafana Escalation from admin to server admin when auth proxy is used

Grafana has Broken Access Control in Alert manager: Viewer can send test alerts

Grafana XSS in Dashboard Text Panel

Grafana XSS in header column rename

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.

Grafana XSS via a column style

Grafana path traversal

Grafana vulnerable to Stored Cross-site Scripting in Text plugin

Grafana Cross-site Scripting vulnerability

Grafana XSS via the OpenTSDB datasource

Grafana directory traversal for .cvs files

Grafana XSS via adding a link in General feature