Количество 9
Количество 9
BDU:2024-02593
Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с раскрытие конфиденциальной информации несанкционированному субъекту, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.
CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.
CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.
CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. ...
GHSA-c3h9-vpfv-3x4m
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.
SUSE-SU-2023:2575-1
Security update for SUSE Manager Client Tools
SUSE-SU-2023:2578-1
Security update for SUSE Manager Client Tools
ROS-20240403-01
Множественные уязвимости grafana
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-02593 Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с раскрытие конфиденциальной информации несанкционированному субъекту, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-1387 Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana. | CVSS3: 4.2 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-1387 Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-1387 Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana. | CVSS3: 4.2 | 0% Низкий | больше 2 лет назад |
| CVE-2023-1387 Grafana is an open-source platform for monitoring and observability. ... | CVSS3: 4.2 | 0% Низкий | больше 2 лет назад |
| GHSA-c3h9-vpfv-3x4m Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana. | CVSS3: 4.2 | 0% Низкий | больше 2 лет назад |
 | SUSE-SU-2023:2575-1 Security update for SUSE Manager Client Tools | больше 2 лет назад | ||
| SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools | больше 2 лет назад | ||
 | ROS-20240403-01 Множественные уязвимости grafana | CVSS3: 9.8 | больше 1 года назад |
Уязвимостей на страницу