Grafana Latest High & Critical Vulnerabilities

Latest High & Critical vulnerabilities published by grafana

JSON RSS CSV 🔔 Create Alert Trigger

18 October 2024

Grafana SQL Expressions Vulnerability: Command Injection and Local File Inclusion Risks
CVE-2024-9264
GrafanaGrafana🥇📈👾🟡EPSS 92%📰9.4CRITICAL

25 September 2024

Privilege Escalation Vulnerability in Grafana Alloy
CVE-2024-8975
GrafanaAlloy7.8HIGH
Privilege Escalation Vulnerability in Grafana Agent Flow Mode for Windows
CVE-2024-8996
GrafanaAgent Flow7.8HIGH

5 June 2024

Server Side Request Forgery in Grafana OnCall by Grafana Labs
CVE-2024-5526
GrafanaOncall9.1CRITICAL

7 March 2024

Granting Unrestricted Access to Data Sources Through UID
CVE-2024-1442
GrafanaGrafana8.8HIGH

14 February 2024

Grafana JSON datasource plugin vulnerability
CVE-2023-5123
GrafanaGrafana-json-datasource8HIGH

17 October 2023

Request Filtering Bypass in Grafana Enterprise by Grafana Labs
CVE-2023-4399
GrafanaGrafana Enterprise7.2HIGH

16 October 2023

Privilege Escalation in Grafana by Organization Admins
CVE-2023-4822
GrafanaGrafana Enterprise7.2HIGH

22 June 2023

Account Takeover Vulnerability in Grafana for Azure AD Accounts
CVE-2023-3128
GrafanaGrafana9.8CRITICAL

26 April 2023

Authentication Bypass in Grafana Monitoring Platform
CVE-2023-1387
GrafanaGrafana7.5HIGH

1 March 2023

3 February 2023

When query caching is enabled in Grafana users can query another users session
CVE-2022-23498
GrafanaGrafana7.1HIGH

27 January 2023

Grafana stored XSS in FileUploader component
CVE-2022-23552
GrafanaGrafana7.3HIGH

20 December 2022

Access policy with access to all tenants and using label selectors has more access
CVE-2022-44643
GrafanaEnterprise Metrics👾8.8HIGH

30 November 2022

Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information
CVE-2022-46156
GrafanaSynthetic-monitoring-a...7.2HIGH

8 November 2022

Grafana vulnerable to race condition allowing privilege escalation
CVE-2022-39328
GrafanaGrafana9.8CRITICAL

22 September 2022

Grafana folders admin only permission privilege escalation
CVE-2022-36062
GrafanaGrafana7.6HIGH

2 September 2022

Grafana Image Renderer leaking files
CVE-2022-31176
GrafanaGrafana-image-renderer8.3HIGH

15 July 2022

17 June 2022

Unauthenticated Access in Grafana by Grafana Labs
CVE-2022-32276
GrafanaGrafanaEPSS 11%7.5HIGH

6 June 2022

File Reading Vulnerability in Grafana by Grafana Labs
CVE-2022-32275
GrafanaGrafanaEPSS 60%7.5HIGH

20 May 2022

Authentication Bypass in Grafana Enterprise Logs by Grafana Labs
CVE-2022-28660
GrafanaGrafana9.8CRITICAL

12 April 2022

FGAC API Key privilege escalation in Grafana
CVE-2022-24812
GrafanaGrafana8HIGH