CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 1CVE-2023-3128 – grafana: account takeover possible when using Azure AD OAuth
https://notcve.org/view.php?id=CVE-2023-3128
22 Jun 2023 — Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. A flaw was found in Grafana, which validates Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants, which enables Grafana account takeover and authentication bypass when Azure AD OAuth i... • https://github.com/spyata123/CVE-2023-3128 • CWE-290: Authentication Bypass by Spoofing CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 1CVE-2023-2183 – grafana: missing access control allows test alerts by underprivileged user
https://notcve.org/view.php?id=CVE-2023-2183
06 Jun 2023 — Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade t... • https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34111 – Command Injection Vulnerability in `Release PR Merged` Workflow in taosdata/grafanaplugin
https://notcve.org/view.php?id=CVE-2023-34111
06 Jun 2023 — The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the wor... • https://github.com/taosdata/grafanaplugin/blob/master/.github/workflows/release-pr-merged.yaml#L25 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.2EPSS: 2%CPEs: 3EXPL: 1CVE-2023-1410 – Stored XSS in Graphite FunctionDescription tooltip
https://notcve.org/view.php?id=CVE-2023-1410
23 Mar 2023 — Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the descr... • https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 36%CPEs: 3EXPL: 0CVE-2023-0594 – grafana: cross site scripting
https://notcve.org/view.php?id=CVE-2023-0594
01 Mar 2023 — Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertica... • https://grafana.com/security/security-advisories/cve-2023-0594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39324 – Grafana vulnerable to spoofing originalUrl of snapshots
https://notcve.org/view.php?id=CVE-2022-39324
27 Jan 2023 — Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. Th... • https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39306 – Grafana contains Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-39306
09 Nov 2022 — Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a... • https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84 • CWE-20: Improper Input Validation CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39307 – Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password
https://notcve.org/view.php?id=CVE-2022-39307
09 Nov 2022 — Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. • https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-39201 – Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
https://notcve.org/view.php?id=CVE-2022-39201
13 Oct 2022 — Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. • https://github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39229 – Grafana users with email as a username can block other users from signing in
https://notcve.org/view.php?id=CVE-2022-39229
13 Oct 2022 — Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email addr... • https://github.com/grafana/grafana/commit/5644758f0c5ae9955a4e5480d71f9bef57fdce35 • CWE-287: Improper Authentication •