Grafana: >> Grafana >> 3.0.4 Security Vulnerabilities
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
CVSS Score
7.5
EPSS Score
0.902
Published
2019-09-03
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
CVSS Score
5.4
EPSS Score
0.066
Published
2019-06-30
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
CVSS Score
6.5
EPSS Score
0.01
Published
2018-12-13
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
CVSS Score
9.8
EPSS Score
0.728
Published
2018-08-29
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-06-11
Page 3