Количество 380
Количество 380
BDU:2023-07919
Уязвимость функции Read() библиотеки криптографических алгоритмов с открытым исходным кодом Circl, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
BDU:2023-03205
Уязвимость программного интерфейса веб-инструмента представления данных Grafana, позволяющая нарушителю повысить свои привилегии и проводить фишинг-атаки
BDU:2023-01731
Уязвимость веб-инструмента представления данных Grafana, связанная с недостаточной очисткой пользовательских данныхt, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
BDU:2023-01605
Уязвимость плагина GeoMap веб-инструмента представления данных Grafana, связанная с недостаточной защитой структуры веб-страницы, позволяющая нарушителю повысить свои привилегии
BDU:2023-01071
Уязвимость веб-инструмента представления данных Grafana, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить доступ к сеансу текущего пользователя
BDU:2022-07077
Уязвимость компонентов column.title и cellLinkTooltip веб-инструмента представления данных Grafana, позволяющая нарушителю повысить свои привилегии
GHSA-wc9w-wvq2-ffm9
Server Side Request Forgery in Grafana
GHSA-v5gq-qvjq-8p53
Grafana Cross-site Scripting (XSS)
GHSA-97c5-jw9r-3fwj
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with ...
CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...
CVE-2018-12099
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
CVE-2018-12099
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
CVE-2018-12099
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-07919 Уязвимость функции Read() библиотеки криптографических алгоритмов с открытым исходным кодом Circl, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации | CVSS3: 5.3 | 0% Низкий | около 2 лет назад |
| BDU:2023-03205 Уязвимость программного интерфейса веб-инструмента представления данных Grafana, позволяющая нарушителю повысить свои привилегии и проводить фишинг-атаки | CVSS3: 4.1 | 1% Низкий | около 2 лет назад |
| BDU:2023-01731 Уязвимость веб-инструмента представления данных Grafana, связанная с недостаточной очисткой пользовательских данныхt, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS) | CVSS3: 6.4 | 7% Низкий | около 2 лет назад |
| BDU:2023-01605 Уязвимость плагина GeoMap веб-инструмента представления данных Grafana, связанная с недостаточной защитой структуры веб-страницы, позволяющая нарушителю повысить свои привилегии | CVSS3: 7.3 | 66% Средний | больше 2 лет назад |
| BDU:2023-01071 Уязвимость веб-инструмента представления данных Grafana, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить доступ к сеансу текущего пользователя | CVSS3: 7.1 | 0% Низкий | больше 2 лет назад |
| BDU:2022-07077 Уязвимость компонентов column.title и cellLinkTooltip веб-инструмента представления данных Grafana, позволяющая нарушителю повысить свои привилегии | CVSS3: 8.7 | 49% Средний | почти 3 года назад |
| GHSA-wc9w-wvq2-ffm9 Server Side Request Forgery in Grafana | CVSS3: 5.8 | 93% Критический | больше 3 лет назад |
| GHSA-v5gq-qvjq-8p53 Grafana Cross-site Scripting (XSS) | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
| GHSA-97c5-jw9r-3fwj An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. | CVSS3: 9.8 | 82% Высокий | около 3 лет назад |
 | CVE-2022-26148 An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. | CVSS3: 9.8 | 82% Высокий | около 3 лет назад |
 | CVE-2022-26148 An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. | CVSS3: 9.8 | 82% Высокий | около 3 лет назад |
 | CVE-2022-26148 An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. | CVSS3: 9.8 | 82% Высокий | около 3 лет назад |
| CVE-2022-26148 An issue was discovered in Grafana through 7.3.4, when integrated with ... | CVSS3: 9.8 | 82% Высокий | около 3 лет назад |
| CVE-2020-13379 The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. | CVSS3: 8.2 | 93% Критический | около 5 лет назад |
| CVE-2020-13379 The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. | CVSS3: 8.2 | 93% Критический | около 5 лет назад |
| CVE-2020-13379 The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. | CVSS3: 8.2 | 93% Критический | около 5 лет назад |
| CVE-2020-13379 The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ... | CVSS3: 8.2 | 93% Критический | около 5 лет назад |
| CVE-2018-12099 Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | CVSS3: 6.1 | 1% Низкий | около 7 лет назад |
| CVE-2018-12099 Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | CVSS3: 6.8 | 1% Низкий | около 7 лет назад |
| CVE-2018-12099 Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | CVSS3: 6.1 | 1% Низкий | около 7 лет назад |
Уязвимостей на страницу