Количество 15
Количество 15
BDU:2024-02597
Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегий
CVE-2022-21703
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVE-2022-21703
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVE-2022-21703
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVE-2022-21703
Grafana is an open-source platform for monitoring and observability. A ...
GHSA-cmf4-h3xc-jw8w
Grafana Cross Site Request Forgery (CSRF)
SUSE-SU-2022:3765-1
Security update for grafana
SUSE-SU-2022:1396-1
Security update for SUSE Manager Client Tools
SUSE-FU-2022:1419-1
Feature update for grafana
SUSE-SU-2022:2134-1
Security update for SUSE Manager Client Tools
RLSA-2022:8057
Important: grafana security, bug fix, and enhancement update
RLSA-2022:7519
Moderate: grafana security, bug fix, and enhancement update
ELSA-2022-8057
ELSA-2022-8057: grafana security, bug fix, and enhancement update (IMPORTANT)
ELSA-2022-7519
ELSA-2022-7519: grafana security, bug fix, and enhancement update (MODERATE)
ROS-20240403-01
Множественные уязвимости grafana
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-02597 Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с подделкой межсайтовых запросов, позволяющая нарушителю повысить свои привилегий | CVSS3: 8.8 | 2% Низкий | больше 3 лет назад |
 | CVE-2022-21703 Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | CVSS3: 6.3 | 2% Низкий | больше 3 лет назад |
 | CVE-2022-21703 Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | CVSS3: 6.8 | 2% Низкий | больше 3 лет назад |
 | CVE-2022-21703 Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | CVSS3: 6.3 | 2% Низкий | больше 3 лет назад |
| CVE-2022-21703 Grafana is an open-source platform for monitoring and observability. A ... | CVSS3: 6.3 | 2% Низкий | больше 3 лет назад |
| GHSA-cmf4-h3xc-jw8w Grafana Cross Site Request Forgery (CSRF) | CVSS3: 6.8 | 2% Низкий | больше 1 года назад |
 | SUSE-SU-2022:3765-1 Security update for grafana | больше 2 лет назад | ||
| SUSE-SU-2022:1396-1 Security update for SUSE Manager Client Tools | около 3 лет назад | ||
| SUSE-FU-2022:1419-1 Feature update for grafana | около 3 лет назад | ||
| SUSE-SU-2022:2134-1 Security update for SUSE Manager Client Tools | почти 3 года назад | ||
 | RLSA-2022:8057 Important: grafana security, bug fix, and enhancement update | больше 2 лет назад | ||
| RLSA-2022:7519 Moderate: grafana security, bug fix, and enhancement update | больше 2 лет назад | ||
| ELSA-2022-8057 ELSA-2022-8057: grafana security, bug fix, and enhancement update (IMPORTANT) | больше 2 лет назад | ||
| ELSA-2022-7519 ELSA-2022-7519: grafana security, bug fix, and enhancement update (MODERATE) | больше 2 лет назад | ||
 | ROS-20240403-01 Множественные уязвимости grafana | CVSS3: 9.8 | около 1 года назад |
Уязвимостей на страницу