Product:

Grafana

(Grafana)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 71
Date Id Summary Products Score Patch Annotated
2020-08-28 CVE-2019-19499 Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. Grafana 6.5
2019-09-23 CVE-2019-15635 An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box. Grafana 4.9
2020-06-02 CVE-2018-18623 Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. Grafana 6.1
2020-04-24 CVE-2020-12245 Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. Grafana N/A
2020-06-02 CVE-2018-18625 Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. Grafana N/A
2020-06-02 CVE-2018-18624 Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. Grafana N/A
2020-04-27 CVE-2020-12052 Grafana version < 6.7.3 is vulnerable for annotation popup XSS. Grafana N/A
2018-12-13 CVE-2018-19039 Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Grafana, Active_iq_performance_analytics_services, Storagegrid_webscale_nas_bridge, Ceph_storage, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 6.5
2018-12-13 CVE-2018-19039 Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Grafana, Active_iq_performance_analytics_services, Storagegrid_webscale_nas_bridge, Ceph_storage, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 6.5
2018-06-11 CVE-2018-12099 Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. Grafana, Active_iq_performance_analytics_services, Storagegrid_webscale_nas_bridge 6.1