Page 6 of 30 results (0.007 seconds)

CVSS: 7.5EPSS: 31%CPEs: 2EXPL: 1

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. En Grafana versión 2.x hasta la versión 6.x en versiones anteriores a la 6.3.4, partes de la API HTTP permiten el uso no autenticado. Esto hace posible ejecutar un ataque de denegación de servicio contra el servidor que ejecuta Grafana. • https://github.com/h0ffayyy/CVE-2019-15043 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 https://community.grafana.com/t/release-notes-v6-3-x/19202 https://github.com/grafana/grafana/releases https://grafana.com/blog/2019/08 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). El archivo public/app/features/panel/panel_ctrl.ts en Grafana anterior a versión 6.2.5, permite Inyección HTML en los enlaces de desglose del panel (por medio del campo Title o url). Grafana versions 6.2.4 and below suffer from an html injection vulnerability. • https://www.exploit-db.com/exploits/51073 http://packetstormsecurity.com/files/171500/Grafana-6.2.4-HTML-Injection.html https://github.com/grafana/grafana/issues/17718 https://github.com/grafana/grafana/releases/tag/v6.2.5 https://security.netapp.com/advisory/ntap-20190710-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 0

Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Grafana en versiones anteriores a la 4.6.5 y versiones 5.x anteriores a la 5.3.3 permite que usuarios autenticados remotos lean archivos arbitrarios aprovechando los permisos Editor o Admin. A security issue was found that could allow any users with Editor or Admin permissions in Grafana to read any file that the Grafana process can read from the filesystem. However, in order to exploit this issue you would need to be logged in to the system as a legitimate user with Editor or Admin permissions. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html http://www.securityfocus.com/bid/105994 https://access.redhat.com/errata/RHSA-2019:0747 https://access.redhat.com/errata/RHSA-2019:0911 https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961 https://security.netapp.com/advisory/ntap-20190416-0004 https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management https://access.redhat.com/security/cv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 2

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Grafana en versiones 2.x, 3.x y 4.x anteriores a la 4.6.4 y versiones 5.x anteriores a la 5.2.3 permite la omisión de autenticación debido a que un atacante puede generar una cookie "remember me" válida conociendo solo el nombre de usuario de un usuario LDAP u OAuth. • https://github.com/u238/grafana-CVE-2018-15727 https://github.com/grimbelhax/CVE-2018-15727 http://www.securityfocus.com/bid/105184 https://access.redhat.com/errata/RHSA-2018:3829 https://access.redhat.com/errata/RHSA-2019:0019 https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix https://access.redhat.com/security/cve/CVE-2018-15727 https://bugzilla.redhat.com/show_bug.cgi?id=1624088 • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1

Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. Grafana en versiones anteriores a la 5.2.0-beta1 tiene vulnerabilidades Cross-Site Scripting (XSS) en los enlaces del cuadro de mandos. • https://github.com/grafana/grafana/pull/11813 https://github.com/grafana/grafana/releases/tag/v5.2.0-beta1 https://security.netapp.com/advisory/ntap-20190416-0004 https://access.redhat.com/security/cve/CVE-2018-12099 https://bugzilla.redhat.com/show_bug.cgi?id=1590017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •