Grafana: >> Grafana >> 5.4.4_priate Security Vulnerabilities
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-05-24
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
CVSS Score
5.5
EPSS Score
0.001
Published
2020-04-29
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
CVSS Score
6.1
EPSS Score
0.011
Published
2020-04-27
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
CVSS Score
6.1
EPSS Score
0.024
Published
2020-04-24
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
CVSS Score
7.5
EPSS Score
0.908
Published
2019-09-03
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
CVSS Score
5.4
EPSS Score
0.082
Published
2019-06-30
Page 3