📦 Grafana

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision users with numeric external IDs, potentially overriding internal user IDs. This could lead to imperso...

This vulnerability allows attackers to bypass authentication and take over Grafana accounts when Azure AD OAuth is configured with multi-tenant applications. Attackers can modify email claims in Azure...

This vulnerability allows unauthenticated access to Grafana Enterprise Logs querier component when X-Scope-OrgID header is used, bypassing authentication requirements. It affects Grafana Enterprise Lo...

This vulnerability exposes Zabbix account passwords in Grafana's HTML source code when integrated with Zabbix. Attackers can discover credentials by viewing page source, potentially compromising the Z...

This vulnerability in Grafana allows organization administrators to access and modify users in other organizations when fine-grained access control is enabled. It affects Grafana instances with multip...

This vulnerability in Grafana allows unauthenticated or authenticated users to view and delete the snapshot with the lowest database key via specific API endpoints. When public_mode is enabled, unauth...

CVE-2020-27846 is a signature verification vulnerability in the crewjam/saml library that allows attackers to bypass SAML authentication. This affects any application using vulnerable versions of this...

This vulnerability in Grafana allows attackers to cause denial of service by exhausting system memory through uncontrolled goroutine creation. Attackers can send sustained requests with random avatar ...

This CVE describes a cross-site scripting (XSS) vulnerability in Grafana that combines client path traversal with open redirect. Attackers can redirect users to malicious websites hosting frontend plu...

This vulnerability in Grafana allows attackers to crash instances by exploiting mixed queries in public dashboards or directly through the query API. It affects Grafana instances with public dashboard...

Grafana has a stored cross-site scripting (XSS) vulnerability in the trace view visualization that allows attackers with Editor role to inject malicious JavaScript. When an Admin user views a dashboar...

Grafana's datasource query caching feature inadvertently caches session headers, allowing authenticated users to potentially acquire other users' sessions when querying cached datasources. This affect...

This vulnerability allows an authenticated malicious user to take over another user's Grafana account via OAuth login manipulation. It affects Grafana instances with OAuth authentication enabled where...

Grafana versions 8.x and 9.x before specific patched releases are vulnerable to stored cross-site scripting (XSS) in the Unified Alerting feature. An attacker can exploit this to escalate privileges f...

CVE-2022-32276 allows unauthenticated access to Grafana dashboard snapshots via specific URLs, bypassing authentication requirements. This affects Grafana instances with snapshot sharing enabled. The ...

This vulnerability in Grafana Enterprise allows privilege escalation when fine-grained access control is enabled. An attacker can use a lower-privilege API key to inherit cached permissions from a pre...

CVE-2021-43798 is a directory traversal vulnerability in Grafana that allows attackers to read arbitrary files on the server by exploiting a flaw in the plugin URL handling. This affects self-hosted G...

This vulnerability allows unauthenticated attackers to send unlimited requests to a specific Grafana Enterprise API endpoint, causing denial of service (DoS) by overwhelming the server. It affects Gra...

This vulnerability in Grafana's snapshot feature allows unauthenticated remote attackers to trigger a Denial of Service via API calls when a commonly used configuration is enabled. It affects Grafana ...

This vulnerability in Grafana allows attackers to view annotation data outside the locked timerange on public dashboards with annotations enabled. Organizations using Grafana with public dashboards an...