CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-6152
https://notcve.org/view.php?id=CVE-2023-6152
13 Feb 2024 — A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. Un usuario que cambia su correo electrónico después de registrarse y verificarlo puede cambiarlo sin verificación en la configuración del perfil. La opción de configuración "verify_email_enabled" solo validará el correo electrónico al registrarse. • https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 18%CPEs: 10EXPL: 0CVE-2023-3128 – grafana: account takeover possible when using Azure AD OAuth
https://notcve.org/view.php?id=CVE-2023-3128
22 Jun 2023 — Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. A flaw was found in Grafana, which validates Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique across Azure AD tenants, which enables Grafana account takeover and authentication bypass when Azure AD OAuth i... • https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp • CWE-290: Authentication Bypass by Spoofing CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 2CVE-2023-34111 – Command Injection Vulnerability in `Release PR Merged` Workflow in taosdata/grafanaplugin
https://notcve.org/view.php?id=CVE-2023-34111
06 Jun 2023 — The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the wor... • https://github.com/taosdata/grafanaplugin/blob/master/.github/workflows/release-pr-merged.yaml#L25 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.3EPSS: 34%CPEs: 3EXPL: 0CVE-2023-0594 – grafana: cross site scripting
https://notcve.org/view.php?id=CVE-2023-0594
01 Mar 2023 — Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertica... • https://grafana.com/security/security-advisories/cve-2023-0594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39324 – Grafana vulnerable to spoofing originalUrl of snapshots
https://notcve.org/view.php?id=CVE-2022-39324
27 Jan 2023 — Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. Th... • https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39307 – Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password
https://notcve.org/view.php?id=CVE-2022-39307
09 Nov 2022 — Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. • https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39229 – Grafana users with email as a username can block other users from signing in
https://notcve.org/view.php?id=CVE-2022-39229
13 Oct 2022 — Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email addr... • https://github.com/grafana/grafana/commit/5644758f0c5ae9955a4e5480d71f9bef57fdce35 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31123 – Grafana plugin signature bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-31123
13 Oct 2022 — Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources. • https://github.com/grafana/grafana/releases/tag/v9.1.8 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31130 – Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
https://notcve.org/view.php?id=CVE-2022-31130
13 Oct 2022 — Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. • https://github.com/grafana/grafana/commit/4dd56e4dabce10007bf4ba1059bf54178c35b177 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-39201 – Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
https://notcve.org/view.php?id=CVE-2022-39201
13 Oct 2022 — Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. • https://github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •