Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Grafana — Vulnerabilities & Security Advisories 57

All 57 CVE vulnerabilities found in Grafana, with AI-generated Chinese analysis, references, and POCs.

Vendor: grafana

CVE IDTitleCVSSSeverityPublished
CVE-2023-0507 Grafana 跨站脚本漏洞 CWE-79 7.3 High2023-03-01
CVE-2022-23498 When query caching is enabled in Grafana users can query another users session CWE-200 7.1 High2023-02-03
CVE-2022-23552 Grafana stored XSS in FileUploader component CWE-79 7.3 High2023-01-27
CVE-2022-39324 Grafana vulnerable to spoofing originalUrl of snapshots CWE-79 6.7 Medium2023-01-27
CVE-2022-39307 Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password CWE-200 6.7 Medium2022-11-09
CVE-2022-39306 Grafana contains Improper Input Validation CWE-20 6.4 Medium2022-11-09
CVE-2022-39328 Grafana vulnerable to race condition allowing privilege escalation CWE-362 9.8 Critical2022-11-08
CVE-2022-39229 Grafana users with email as a username can block other users from signing in CWE-287 4.3 Medium2022-10-13
CVE-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins CWE-200 6.8 Medium2022-10-13
CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins CWE-200 4.9 Medium2022-10-13
CVE-2022-31123 Grafana plugin signature bypass vulnerability CWE-347 6.1 Medium2022-10-13
CVE-2022-36062 Grafana folders admin only permission privilege escalation CWE-281 7.6 High2022-09-22
CVE-2022-35957 Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin CWE-290 6.6 Medium2022-09-20
CVE-2022-31107 Grafana account takeover via OAuth vulnerability CWE-863 7.1 High2022-07-15
CVE-2022-31097 Stored XSS in Grafana's Unified Alerting CWE-79 7.3 High2022-07-15
CVE-2022-29170 Grafana Enterprise datasource network restrictions bypass via HTTP redirects CWE-601 6.6 Medium2022-05-20
CVE-2022-24812 FGAC API Key privilege escalation in Grafana CWE-269 8.0 High2022-04-12
CVE-2022-21713 Exposure of Sensitive Information in Grafana CWE-863 4.3 Medium2022-02-08
CVE-2022-21703 Cross Site Request Forgery in Grafana CWE-352 6.3 Medium2022-02-08
CVE-2022-21702 Cross site scripting in Grafana proxy CWE-79 6.5 Medium2022-02-08
CVE-2022-21673 OAuth Identity Token exposure in Grafana CWE-200 4.3 Medium2022-01-18
CVE-2021-43815 Grafana directory traversal for `.cvs` files CWE-22 4.3 Medium2021-12-10
CVE-2021-43813 Directory Traversal in Grafana CWE-22 4.3 Medium2021-12-10
CVE-2021-43798 Grafana path traversal CWE-22 7.5 High2021-12-07
CVE-2021-41244 Cross organization admin control in Grafana CWE-610 9.1 Critical2021-11-15
CVE-2021-41174 XSS vulnerability allowing arbitrary JavaScript execution CWE-79 6.9 Medium2021-11-03
CVE-2021-39226 Snapshot authentication bypass in grafana CWE-287 9.8 Critical2021-10-05

All 57 known CVE vulnerabilities affecting Grafana with full Chinese analysis, references, and POCs where available.