Количество 11
Количество 11
GHSA-wc9w-wvq2-ffm9
Server Side Request Forgery in Grafana
CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...
ELSA-2020-2641
ELSA-2020-2641: grafana security update (IMPORTANT)
BDU:2021-02136
Уязвимость веб-инструмента представления данных Grafana, связанная с серверной фальсификацией запросов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
openSUSE-SU-2020:0892-1
Security update for grafana, grafana-piechart-panel, grafana-status-panel
ELSA-2020-5726
ELSA-2020-5726: grafana kubernetes-cni kubernetes-cni-plugins kubernetes kubernetes olcne security update (IMPORTANT)
openSUSE-SU-2020:1105-1
Security update for SUSE Manager Client Tools
SUSE-SU-2020:1970-1
Security update for SUSE Manager Client Tools
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-wc9w-wvq2-ffm9 Server Side Request Forgery in Grafana | CVSS3: 5.8 | 93% Критический | больше 3 лет назад |
 | CVE-2020-13379 The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. | CVSS3: 8.2 | 93% Критический | около 5 лет назад |
 | CVE-2020-13379 The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. | CVSS3: 8.2 | 93% Критический | около 5 лет назад |
 | CVE-2020-13379 The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. | CVSS3: 8.2 | 93% Критический | около 5 лет назад |
| CVE-2020-13379 The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ... | CVSS3: 8.2 | 93% Критический | около 5 лет назад |
| ELSA-2020-2641 ELSA-2020-2641: grafana security update (IMPORTANT) | почти 5 лет назад | ||
 | BDU:2021-02136 Уязвимость веб-инструмента представления данных Grafana, связанная с серверной фальсификацией запросов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании | CVSS3: 8.2 | 93% Критический | около 5 лет назад |
 | openSUSE-SU-2020:0892-1 Security update for grafana, grafana-piechart-panel, grafana-status-panel | почти 5 лет назад | ||
| ELSA-2020-5726 ELSA-2020-5726: grafana kubernetes-cni kubernetes-cni-plugins kubernetes kubernetes olcne security update (IMPORTANT) | около 5 лет назад | ||
| openSUSE-SU-2020:1105-1 Security update for SUSE Manager Client Tools | почти 5 лет назад | ||
| SUSE-SU-2020:1970-1 Security update for SUSE Manager Client Tools | почти 5 лет назад |
Уязвимостей на страницу