Количество 13
Количество 13
GHSA-mpv3-g8m3-3fjc
Grafana vulnerable to Authentication Bypass by Spoofing
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
CVE-2023-3128
Grafana is validating Azure AD accounts based on the email claim. On ...
RLSA-2023:4030
Critical: grafana security update
ELSA-2023-6972
ELSA-2023-6972: grafana security and enhancement update (MODERATE)
ELSA-2023-4030
ELSA-2023-4030: grafana security update (CRITICAL)
BDU:2023-03343
Уязвимость веб-инструмента представления данных Grafana, связанная с обходом аутентификации посредством спуфинга, позволяющая нарушителю получить полный доступ к учетной записи пользователя
SUSE-SU-2023:2917-1
Security update for SUSE Manager Client Tools
SUSE-SU-2025:0545-1
Security update for grafana
SUSE-SU-2025:0525-1
Security update for SUSE Manager Client Tools
ROS-20240404-01
Множественные уязвимости grafana
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-mpv3-g8m3-3fjc Grafana vulnerable to Authentication Bypass by Spoofing | CVSS3: 9.4 | 2% Низкий | около 2 лет назад |
 | CVE-2023-3128 Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. | CVSS3: 9.4 | 2% Низкий | около 2 лет назад |
 | CVE-2023-3128 Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. | CVSS3: 9.8 | 2% Низкий | около 2 лет назад |
 | CVE-2023-3128 Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. | CVSS3: 9.4 | 2% Низкий | около 2 лет назад |
| CVE-2023-3128 Grafana is validating Azure AD accounts based on the email claim. On ... | CVSS3: 9.4 | 2% Низкий | около 2 лет назад |
 | RLSA-2023:4030 Critical: grafana security update | 2% Низкий | около 2 лет назад | |
| ELSA-2023-6972 ELSA-2023-6972: grafana security and enhancement update (MODERATE) | больше 1 года назад | ||
| ELSA-2023-4030 ELSA-2023-4030: grafana security update (CRITICAL) | около 2 лет назад | ||
 | BDU:2023-03343 Уязвимость веб-инструмента представления данных Grafana, связанная с обходом аутентификации посредством спуфинга, позволяющая нарушителю получить полный доступ к учетной записи пользователя | CVSS3: 9.4 | 2% Низкий | около 2 лет назад |
 | SUSE-SU-2023:2917-1 Security update for SUSE Manager Client Tools | около 2 лет назад | ||
| SUSE-SU-2025:0545-1 Security update for grafana | 6 месяцев назад | ||
| SUSE-SU-2025:0525-1 Security update for SUSE Manager Client Tools | 6 месяцев назад | ||
 | ROS-20240404-01 Множественные уязвимости grafana | CVSS3: 9.4 | больше 1 года назад |
Уязвимостей на страницу