| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-23498 | When query caching is enabled in Grafana users can query another users session | grafana | grafana | High | 7.1 | 2023-02-03 21:34:59 | Deep Dive |
| CVE-2022-23552 | Grafana stored XSS in FileUploader component | grafana | grafana | High | 7.3 | 2023-01-27 22:59:17 | Deep Dive |
| CVE-2022-39324 | Grafana vulnerable to spoofing originalUrl of snapshots | grafana | grafana | Medium | 6.7 | 2023-01-27 22:42:02 | Deep Dive |
| CVE-2022-46156 | Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information | grafana | synthetic-monitoring-agent | High | 7.2 | 2022-11-30 00:00:00 | Deep Dive |
| CVE-2022-39307 | Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password | grafana | grafana | Medium | 6.7 | 2022-11-09 00:00:00 | Deep Dive |
| CVE-2022-39306 | Grafana contains Improper Input Validation | grafana | grafana | Medium | 6.4 | 2022-11-09 00:00:00 | Deep Dive |
| CVE-2022-39328 | Grafana vulnerable to race condition allowing privilege escalation | grafana | grafana | Critical | 9.8 | 2022-11-08 00:00:00 | Deep Dive |
| CVE-2022-31130 | Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins | grafana | grafana | Medium | 4.9 | 2022-10-13 00:00:00 | Deep Dive |
| CVE-2022-31123 | Grafana plugin signature bypass vulnerability | grafana | grafana | Medium | 6.1 | 2022-10-13 00:00:00 | Deep Dive |
| CVE-2022-39201 | Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins | grafana | grafana | Medium | 6.8 | 2022-10-13 00:00:00 | Deep Dive |
| CVE-2022-39229 | Grafana users with email as a username can block other users from signing in | grafana | grafana | Medium | 4.3 | 2022-10-13 00:00:00 | Deep Dive |
| CVE-2022-36062 | Grafana folders admin only permission privilege escalation | grafana | grafana | High | 7.6 | 2022-09-22 00:00:00 | Deep Dive |
| CVE-2022-35957 | Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin | grafana | grafana | Medium | 6.6 | 2022-09-20 00:00:00 | Deep Dive |
| CVE-2022-31176 | Grafana Image Renderer leaking files | grafana | grafana-image-renderer | High | 8.3 | 2022-09-02 00:00:00 | Deep Dive |
| CVE-2022-31107 | Grafana account takeover via OAuth vulnerability | grafana | grafana | High | 7.1 | 2022-07-15 12:30:14 | Deep Dive |
| CVE-2022-31097 | Stored XSS in Grafana's Unified Alerting | grafana | grafana | High | 7.3 | 2022-07-15 12:10:10 | Deep Dive |
| CVE-2022-29170 | Grafana Enterprise datasource network restrictions bypass via HTTP redirects | grafana | grafana | Medium | 6.6 | 2022-05-20 16:10:12 | Deep Dive |
| CVE-2022-24812 | FGAC API Key privilege escalation in Grafana | grafana | grafana | High | 8.0 | 2022-04-12 17:00:19 | Deep Dive |
| CVE-2022-21713 | Exposure of Sensitive Information in Grafana | grafana | grafana | Medium | 4.3 | 2022-02-08 20:50:17 | Deep Dive |
| CVE-2022-21703 | Cross Site Request Forgery in Grafana | grafana | grafana | Medium | 6.3 | 2022-02-08 20:40:10 | Deep Dive |