cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9264,https://securityvulnerability.io/vulnerability/CVE-2024-9264,Grafana SQL Expressions Vulnerability: Command Injection and Local File Inclusion Risks,"The experimental SQL Expressions feature in Grafana enables users to evaluate `duckdb` queries which can contain user input. However, the queries are inadequately sanitized prior to being processed by `duckdb`, creating a vulnerability that could lead to command injection and local file inclusion. Users with VIEWER or higher permissions are capable of executing this type of attack. Additionally, the successful execution of this attack requires the `duckdb` binary to be present in Grafana's execution $PATH, which is not installed by default in Grafana distributions. This vulnerability emphasizes the need for robust input validation in applications that allow user-derived queries.",Grafana,Grafana,8.8,HIGH,0.18512000143527985,false,,true,false,true,2024-10-17T01:00:00.000Z,true,true,true,2024-10-23T08:52:02.695Z,2024-10-18T03:20:52.489Z,9915
CVE-2024-8996,https://securityvulnerability.io/vulnerability/CVE-2024-8996,Privilege Escalation Vulnerability in Grafana Agent Flow Mode for Windows,"A vulnerability exists in Grafana Agent (Flow mode) on Windows due to an unquoted search path or element. This flaw allows local users to escalate their privileges to that of the SYSTEM user, potentially granting them unauthorized access and control over critical system functions. The affected versions include Grafana Agent prior to 0.43.2, emphasizing the importance of updating to mitigate the risks associated with this security issue.",Grafana,Agent Flow,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-09-25T17:15:00.000Z,0
CVE-2024-8975,https://securityvulnerability.io/vulnerability/CVE-2024-8975,Privilege Escalation Vulnerability in Grafana Alloy,"An unquoted search path vulnerability present in Grafana Alloy on Windows systems can enable a local user to escalate their privileges to that of the SYSTEM account. This issue affects Alloy versions prior to 1.3.3 and those from 1.4.0-rc.0 to 1.4.0-rc.1, exposing these versions to potential exploitation when proper path handling is not observed.",Grafana,Alloy,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-09-25T17:15:00.000Z,0
CVE-2024-5526,https://securityvulnerability.io/vulnerability/CVE-2024-5526,Server Side Request Forgery in Grafana OnCall by Grafana Labs,"Grafana OnCall, an on-call management tool designed to enhance workflows for engineers, is affected by a Server Side Request Forgery (SSRF) vulnerability in its webhook functionality. This vulnerability exists in versions prior to 1.5.2, allowing unauthorized access to internal resources through crafted requests. The issue has been addressed with a fix provided in version 1.5.2, emphasizing the importance of updating to maintain security.",Grafana,Oncall,9.1,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-05T12:15:00.000Z,0
CVE-2023-5123,https://securityvulnerability.io/vulnerability/CVE-2023-5123,Grafana JSON datasource plugin vulnerability,"The JSON datasource plugin maintained by Grafana Labs allows administrators to retrieve and process JSON data from remote endpoints. However, a vulnerability exists due to insufficient sanitization of the path parameter supplied in dashboards. This flaw enables attackers to include path traversal characters, allowing requests to arbitrary subpaths on the configured endpoint. In scenarios where the datasource is set to point back to the Grafana instance, the situation escalates, potentially allowing for unauthorized access to sensitive administrative API endpoints. This vulnerability underscores the importance of robust input validation and the need for security measures in dashboard configurations.",Grafana,Grafana-json-datasource,8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-02-14T15:06:11.126Z,0
CVE-2023-4399,https://securityvulnerability.io/vulnerability/CVE-2023-4399,Request Filtering Bypass in Grafana Enterprise by Grafana Labs,"Grafana Enterprise, a popular open-source monitoring and observability platform, contains a vulnerability in its Request security feature. This feature is designed to prevent access to specific hosts by utilizing a deny list approach configured by administrators. However, an exploit has been identified that allows an attacker to bypass these restrictions through the use of punycode encoding in the request address. By manipulating this encoding, unauthorized requests may be sent to hosts that were intended to be restricted, potentially leading to unauthorized data access and other security risks.",Grafana,Grafana Enterprise,7.2,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-10-17T08:15:00.000Z,0
CVE-2023-4822,https://securityvulnerability.io/vulnerability/CVE-2023-4822,Privilege Escalation in Grafana by Organization Admins,"A significant vulnerability in Grafana allows Organization Admins to manipulate user permissions across all organizations they are part of. This flaw enables an admin to elevate their own privileges and modify permissions of other users, effectively granting unauthorized control. While the vulnerability does not allow access to organizations outside the user's membership, it poses a serious risk within the existing organizational structure by allowing potential misuse of admin capabilities.",Grafana,Grafana Enterprise,7.2,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-10-16T09:15:00.000Z,0
CVE-2023-3128,https://securityvulnerability.io/vulnerability/CVE-2023-3128,Account Takeover Vulnerability in Grafana for Azure AD Accounts,"Grafana’s integration with Azure Active Directory (AD) has a vulnerability that stems from the email field in Azure AD not being unique and potentially modifiable. This flaw can lead to account takeover and authentication bypass for users who have implemented Azure AD OAuth in a multi-tenant application setup. Attackers could exploit this weakness, gaining unauthorized access to user accounts and sensitive data. It is crucial to update to the latest Grafana version to mitigate these risks.",Grafana,"Grafana,Grafana Enterprise",9.8,CRITICAL,0.0025400000158697367,false,,false,false,false,,,false,false,,2023-06-22T21:15:00.000Z,0
CVE-2023-1387,https://securityvulnerability.io/vulnerability/CVE-2023-1387,Authentication Bypass in Grafana Monitoring Platform,"Grafana, an open-source monitoring and observability platform, introduced a new functionality that allows searching for a JWT in the 'auth_token' URL query parameter. This feature, when enabled via the 'url_login' configuration option (which is disabled by default), can inadvertently expose JWT tokens to data sources. If an attacker gains access to the data source, they may capture the leaked token and utilize it for authentication purposes in Grafana, potentially compromising the integrity of the system. It is critical for users to assess their configurations and ensure that unnecessary options are not enabled.",Grafana,"Grafana,Grafana Enterprise",7.5,HIGH,0.0014600000577047467,false,,false,false,false,,,false,false,,2023-04-26T14:15:00.000Z,0
CVE-2023-0594,https://securityvulnerability.io/vulnerability/CVE-2023-0594,Stored XSS Vulnerability in Grafana Monitoring Platform,"Grafana, an open-source platform for monitoring and observability, has a vulnerability that allows attackers with Editor privileges to inject malicious JavaScript into trace view visualizations. Due to improper sanitization of span attributes, this XSS vulnerability enables an attacker to execute harmful scripts within the context of another user's session, potentially allowing vertical privilege escalation. Affected users are advised to upgrade to the fixed versions of Grafana to secure their installations.",Grafana,"Grafana,Grafana Enterprise",7.3,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-03-01T16:15:00.000Z,0
CVE-2022-23498,https://securityvulnerability.io/vulnerability/CVE-2022-23498,When query caching is enabled in Grafana users can query another users session,"Grafana, an open-source platform widely used for monitoring and observability, has a reported vulnerability related to its datasource query caching feature. When enabled, this caching inadvertently stores all request headers, including sensitive session identifiers such as `grafana_session`. This flaw allows malicious users who query a cached datasource to potentially hijack another user's session, compromising account integrity and privacy. To mitigate this issue, users are advised to disable datasource query caching. The vulnerability has been addressed in Grafana versions 9.2.10 and 9.3.4.",Grafana,Grafana,7.1,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2023-02-03T21:34:58.677Z,0
CVE-2022-23552,https://securityvulnerability.io/vulnerability/CVE-2022-23552,"Grafana stored XSS in FileUploader component ","A stored XSS vulnerability exists in Grafana's GeoMap plugin, allowing attackers with the Editor role to upload SVG files that aren't properly sanitized. This flaw can enable the execution of arbitrary JavaScript in the context of the authorized user. Attackers could exploit this to escalate privileges vertically, potentially compromising Admin credentials if exploited during a dashboard session. Users are advised to upgrade to versions 8.5.16, 9.2.10, or 9.3.4 to mitigate this risk.",Grafana,Grafana,7.3,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2023-01-27T22:59:16.675Z,0
CVE-2022-39328,https://securityvulnerability.io/vulnerability/CVE-2022-39328,Grafana vulnerable to race condition allowing privilege escalation,Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patched in 9.2.4. There are no known workarounds.,Grafana,Grafana,9.8,CRITICAL,0.0016799999866634607,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0
CVE-2022-36062,https://securityvulnerability.io/vulnerability/CVE-2022-36062,Grafana folders admin only permission privilege escalation,"Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.",Grafana,Grafana,7.6,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-09-22T00:00:00.000Z,0
CVE-2022-31176,https://securityvulnerability.io/vulnerability/CVE-2022-31176,Grafana Image Renderer leaking files,Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer).,Grafana,Grafana-image-renderer,8.3,HIGH,0.002580000087618828,false,,false,false,false,,,false,false,,2022-09-02T00:00:00.000Z,0
CVE-2022-31107,https://securityvulnerability.io/vulnerability/CVE-2022-31107,Grafana account takeover via OAuth vulnerability,"Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.",Grafana,Grafana,7.1,HIGH,0.0033400000538676977,false,,false,false,false,,,false,false,,2022-07-15T12:30:14.000Z,0
CVE-2022-31097,https://securityvulnerability.io/vulnerability/CVE-2022-31097,Stored XSS in Grafana's Unified Alerting,"Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.",Grafana,Grafana,7.3,HIGH,0.005880000069737434,false,,false,false,false,,,false,false,,2022-07-15T12:10:10.000Z,0
CVE-2022-32276,https://securityvulnerability.io/vulnerability/CVE-2022-32276,Unauthenticated Access in Grafana by Grafana Labs,"Grafana versions prior to 8.4.3 exhibit a vulnerability that allows unauthenticated users to access sensitive information through specific URIs such as /dashboard/snapshot/*?orgId=0. This issue is classified as a UI bug by the vendor, which may pose risks if exploited by malicious actors aiming to gain unauthorized insights into Dashboard snapshots.",Grafana,Grafana,7.5,HIGH,0.0034600000362843275,false,,false,false,false,,,false,false,,2022-06-17T11:38:27.000Z,0
CVE-2022-32275,https://securityvulnerability.io/vulnerability/CVE-2022-32275,File Reading Vulnerability in Grafana by Grafana Labs,"Grafana 8.4.3 exhibits a file reading vulnerability that could be exploited via URI manipulation. An attacker could attempt to access sensitive files such as /etc/passwd through crafted dashboard snapshot requests. Although the vendor asserts that these actions result in benign error messages rather than actual file disclosures, the potential misuse of such a vector warrants attention to secure configurations and best practices.",Grafana,Grafana,7.5,HIGH,0.0036100000143051147,false,,false,false,false,,,false,false,,2022-06-06T18:29:07.000Z,0
CVE-2022-28660,https://securityvulnerability.io/vulnerability/CVE-2022-28660,Authentication Bypass in Grafana Enterprise Logs by Grafana Labs,"The querier component in Grafana Enterprise Logs versions 1.1.x through 1.3.x, prior to version 1.4.0, presents a vulnerability where it does not enforce authentication when the X-Scope-OrgID header is utilized. This oversight allows unauthorized access to logs, potentially exposing sensitive data. Users of affected versions are urged to update to 1.4.0 or later to mitigate this risk effectively.",Grafana,Grafana,9.8,CRITICAL,0.0023499999660998583,false,,false,false,false,,,false,false,,2022-05-20T14:32:17.000Z,0
CVE-2022-24812,https://securityvulnerability.io/vulnerability/CVE-2022-24812,FGAC API Key privilege escalation in Grafana,"Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed, the consequent requests with any API Key evaluate to the same permissions as the previous requests. This can lead to an escalation of privileges, when for example a first request is made with Admin permissions, and the second request with different API Key is made with Viewer permissions, the second request will get the cached permissions from the previous Admin, essentially accessing higher privilege than it should. The vulnerability is only impacting Grafana Enterprise when the fine-grained access control beta feature is enabled and there are more than one API Keys in one organization with different roles assigned. All installations after Grafana Enterprise v8.1.0-beta1 should be upgraded as soon as possible. As an alternative, disable fine-grained access control will mitigate the vulnerability.",Grafana,Grafana,8,HIGH,0.002050000010058284,false,,false,false,false,,,false,false,,2022-04-12T17:00:19.000Z,0
CVE-2022-26148,https://securityvulnerability.io/vulnerability/CVE-2022-26148,Data Exposure Vulnerability in Grafana with Zabbix Integration,"A vulnerability in Grafana, when integrated with Zabbix, allows sensitive information to be exposed. The Zabbix password can be found embedded in the source code of api_jsonrpc.php. This can occur when a user logs in and enables user registration. By right-clicking to view the page source, malicious actors may search for the password, leading to unauthorized access to the Zabbix account and its associated URL. This highlights the importance of secure coding practices to prevent leaking sensitive data.",Grafana,Grafana,9.8,CRITICAL,0.4104200005531311,false,,false,false,false,,,false,false,,2022-03-21T19:51:27.000Z,0
CVE-2021-43798,https://securityvulnerability.io/vulnerability/CVE-2021-43798,Grafana path traversal,"Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.",Grafana,Grafana,7.5,HIGH,0.9744499921798706,false,,false,false,true,2024-08-04T23:30:02.000Z,true,false,false,,2021-12-07T18:25:10.000Z,0
CVE-2021-41244,https://securityvulnerability.io/vulnerability/CVE-2021-41244,Cross organization admin control in Grafana,"Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.",Grafana,Grafana,9.1,CRITICAL,0.0015200000489130616,false,,false,false,false,,,false,false,,2021-11-15T20:05:11.000Z,0
CVE-2021-39226,https://securityvulnerability.io/vulnerability/CVE-2021-39226," Snapshot authentication bypass in grafana","Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot ""public_mode"" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot ""public_mode"" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",Grafana,Grafana,7.3,HIGH,0.9650800228118896,true,2022-08-25T00:00:00.000Z,false,false,true,2022-08-25T00:00:00.000Z,,false,false,,2021-10-05T17:30:11.000Z,0