Page 5 of 28 results (0.009 seconds)

CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 1

CVE-2020-12458 – grafana: information disclosure through world-readable /var/lib/grafana/grafana.db

https://notcve.org/view.php?id=CVE-2020-12458

An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). Se encontró un fallo de divulgación de información en Grafana versiones hasta 6.7.3. El directorio de base de datos /var/lib/grafana y el archivo de base de datos /var/lib/grafana/grafana.db son de tipo world readable. • https://access.redhat.com/security/cve/CVE-2020-12458 https://bugzilla.redhat.com/show_bug.cgi?id=1827765 https://github.com/grafana/grafana/issues/8283 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A https://security.netapp.com/advisory/ntap-20200518-0001 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12052 – grafana: XSS annotation popup vulnerability

https://notcve.org/view.php?id=CVE-2020-12052

Grafana version < 6.7.3 is vulnerable for annotation popup XSS. Grafana versiones anteriores a la versión 6.7.3, es vulnerable a un ataque de tipo XSS del popup de anotaciones. A flaw was found in grafana. The software is vulnerable to an annotation popup XSS. • https://community.grafana.com/t/release-notes-v6-7-x/27119 https://security.netapp.com/advisory/ntap-20200511-0001 https://access.redhat.com/security/cve/CVE-2020-12052 https://bugzilla.redhat.com/show_bug.cgi?id=1848089 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12245 – grafana: XSS via column.title or cellLinkTooltip

https://notcve.org/view.php?id=CVE-2020-12245

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. Grafana versiones anteriores a la versiones 6.7.3, permite un ataque de tipo XSS del panel de tabla por medio de column.title o cellLinkTooltip. A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html https://community.grafana.com/t/release-notes-v6-7-x/27119 https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23 https://github.com/grafana/grafana/pull/23816 https://secu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 31%CPEs: 2EXPL: 1

CVE-2019-15043 – grafana: incorrect access control in snapshot HTTP API leads to denial of service

https://notcve.org/view.php?id=CVE-2019-15043

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. En Grafana versión 2.x hasta la versión 6.x en versiones anteriores a la 6.3.4, partes de la API HTTP permiten el uso no autenticado. Esto hace posible ejecutar un ataque de denegación de servicio contra el servidor que ejecuta Grafana. • https://github.com/h0ffayyy/CVE-2019-15043 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 https://community.grafana.com/t/release-notes-v6-3-x/19202 https://github.com/grafana/grafana/releases https://grafana.com/blog/2019/08 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-13068 – Grafana <=6.2.4 - HTML Injection

https://notcve.org/view.php?id=CVE-2019-13068

public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). El archivo public/app/features/panel/panel_ctrl.ts en Grafana anterior a versión 6.2.5, permite Inyección HTML en los enlaces de desglose del panel (por medio del campo Title o url). Grafana versions 6.2.4 and below suffer from an html injection vulnerability. • https://www.exploit-db.com/exploits/51073 http://packetstormsecurity.com/files/171500/Grafana-6.2.4-HTML-Injection.html https://github.com/grafana/grafana/issues/17718 https://github.com/grafana/grafana/releases/tag/v6.2.5 https://security.netapp.com/advisory/ntap-20190710-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •