Vulnerabilidades em Grafana
102 resultadosCVE-2021-43815MEDIUMGrafana directory traversal for `.cvs` filesEPSS 1.8%CVE-2023-22462MEDIUMStored XSS in Grafana Text pluginEPSS 1.6%CVE-2023-1387MEDIUMGrafana is an open-source platform for monitoring and observability.
Starting with the 9.1 branch, Grafana introduced the ability to searcEPSS 1.5%CVE-2023-6152MEDIUMA user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration optEPSS 1.4%CVE-2026-27876CRITICALRCE on Grafana via sqlExpressionsEPSS 1.3%CVE-2022-35957MEDIUMAuthentication Bypass in Grafana via auth proxy allowing escalation from admin to server adminEPSS 1.3%CVE-2022-39201MEDIUMData source and plugin proxy endpoints could leak the authentication cookie to some destination pluginsEPSS 1.2%CVE-2022-21713MEDIUMExposure of Sensitive Information in GrafanaEPSS 1.2%CVE-2022-23498HIGHWhen query caching is enabled in Grafana users can query another users sessionEPSS 1.1%CVE-2022-29170MEDIUMGrafana Enterprise datasource network restrictions bypass via HTTP redirectsEPSS 1.1%CVE-2023-4399MEDIUMGrafana is an open-source platform for monitoring and observability.
In Grafana Enterprise, Request security is a deny list that allows adEPSS 1.1%CVE-2023-4822MEDIUMGrafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations,EPSS 1.1%CVE-2023-2183MEDIUMGrafana is an open-source platform for monitoring and observability.
The option to send a test alert is not available from the user panel EPSS 1.0%CVE-2022-31130MEDIUMGrafana data source and plugin proxy endpoints leaking authentication tokens to some destination pluginsEPSS 1.0%CVE-2023-1410MEDIUMStored XSS in Graphite FunctionDescription tooltipEPSS 1.0%CVE-2022-39328CRITICALGrafana vulnerable to race condition allowing privilege escalationEPSS 0.9%CVE-2025-3415MEDIUMGrafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected anEPSS 0.9%CVE-2022-31176HIGHGrafana Image Renderer leaking filesEPSS 0.9%CVE-2022-39324MEDIUMGrafana vulnerable to spoofing originalUrl of snapshotsEPSS 0.8%CVE-2022-39229MEDIUMGrafana users with email as a username can block other users from signing inEPSS 0.8%