CVE Database

2022-01-18CVE-2022-21673Forward OAuth Identity Token can allow users to access some data sources
2022-02-08CVE-2022-21703Grafana Cross Site Request Forgery
2022-02-08CVE-2022-21702Grafana proxy XSS
2022-02-08CVE-2022-21713Grafana Teams API IDOR
2022-04-12CVE-2022-24812Grafana Enterprise fine-grained access control API Key privilege escalation
2022-05-19CVE-2022-29170Grafana Enterprise datasource network restrictions bypass via HTTP redirects
2022-07-14CVE-2022-31107Grafana account takeover via OAuth vulnerability
2022-07-14CVE-2022-31097Stored XSS in Unified Alerting
2022-08-30CVE-2022-31176Grafana Image Renderer leaking files
2022-09-20CVE-2022-35957Escalation from admin to server admin when auth proxy is used
2022-09-20CVE-2022-36062Grafana folders admin only permission privilege escalation
2022-10-12CVE-2022-39201Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
2022-10-12CVE-2022-31130Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
2022-10-12CVE-2022-31123Plugin signature bypass
2022-10-12CVE-2022-39229Using email as a username can block other users from signing in
2022-11-08CVE-2022-39306Email addresses and usernames can not be trusted
2022-11-08CVE-2022-39328Race condition allowing privilege escalation
2022-11-08CVE-2022-39307User enumeration via forget password
2023-01-26CVE-2022-39324Spoofing originalUrl of snapshots
2023-01-26CVE-2022-23552Stored XSS in ResourcePicker component
2023-02-01CVE-2022-23498Use of Cache Containing Sensitive Information
2023-02-28CVE-2023-0594Stored XSS in TraceView Panel
2023-02-28CVE-2023-22462Text panel plugin XSS
2023-02-28CVE-2023-0507XSS In Geomap Via Attribution
2023-03-22CVE-2023-1410Stored XSS in Graphite FunctionDescription tooltip
2023-04-26CVE-2023-1387JWT URL-login flow leaks token to data sources through request parameter in proxy requests