CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5123 – Improper Path Sanitization in JSON Datasource Plugin
https://notcve.org/view.php?id=CVE-2023-5123
14 Feb 2024 — The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configur... • https://grafana.com/security/security-advisories/cve-2023-5123 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-6152
https://notcve.org/view.php?id=CVE-2023-6152
13 Feb 2024 — A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. Un usuario que cambia su correo electrónico después de registrarse y verificarlo puede cambiarlo sin verificación en la configuración del perfil. La opción de configuración "verify_email_enabled" solo validará el correo electrónico al registrarse. • https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4399
https://notcve.org/view.php?id=CVE-2023-4399
17 Oct 2023 — Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the characters in the request address. Grafana es una plataforma de código abierto para monitorización y observabilidad. En Grafana Enterprise, la seguridad de solicitudes es una lista de denegación que permite a los admin... • https://grafana.com/security/security-advisories/cve-2023-4399 • CWE-183: Permissive List of Allowed Inputs •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4822 – grafana: incorrect assessment of permissions across organizations
https://notcve.org/view.php?id=CVE-2023-4822
16 Oct 2023 — Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate th... • https://grafana.com/security/security-advisories/cve-2023-4822 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 18%CPEs: 10EXPL: 0CVE-2023-3128 – grafana: account takeover possible when using Azure AD OAuth
https://notcve.org/view.php?id=CVE-2023-3128
22 Jun 2023 — Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. A flaw was found in Grafana, which validates Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants, which enables Grafana account takeover and authentication bypass when Azure AD OAuth i... • https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp • CWE-290: Authentication Bypass by Spoofing CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 1CVE-2023-2183 – grafana: missing access control allows test alerts by underprivileged user
https://notcve.org/view.php?id=CVE-2023-2183
06 Jun 2023 — Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade t... • https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2801 – grafana: data source proxy race condition
https://notcve.org/view.php?id=CVE-2023-2801
06 Jun 2023 — Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly. This might enable malicious users to crash Grafana instances through that endpoint. • https://grafana.com/security/security-advisories/cve-2023-2801 • CWE-662: Improper Synchronization CWE-820: Missing Synchronization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-1387 – grafana: JWT token leak to data source
https://notcve.org/view.php?id=CVE-2023-1387
26 Apr 2023 — Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana. A flaw was found in Grafana. • https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 1CVE-2023-1410 – Stored XSS in Graphite FunctionDescription tooltip
https://notcve.org/view.php?id=CVE-2023-1410
23 Mar 2023 — Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the descr... • https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 7%CPEs: 2EXPL: 0CVE-2023-22462 – Stored XSS in Grafana Text plugin
https://notcve.org/view.php?id=CVE-2023-22462
02 Mar 2023 — Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to React's render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafana's database. An attacker n... • https://github.com/grafana/grafana/commit/db83d5f398caffe35c5846cfa7727d1a2a414165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •