grafana vulnerabilities

Known vulnerabilities in the grafana package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Use of Uninitialized Variable	<0:9.2.10-20.el8_10
H Cross-site Scripting (XSS)	<0:9.2.10-20.el8_10
M CVE-2024-24791	<0:9.2.10-18.el8_10
M CVE-2024-24790	<0:9.2.10-17.el8_10
M CVE-2024-24789	<0:9.2.10-17.el8_10
M CVE-2024-24788	<0:9.2.10-17.el8_10
H CVE-2024-1313	<0:9.2.10-16.el8_10
H Memory Leak	<0:9.2.10-8.el8_9.alma.1
M Authentication Bypass	<0:9.2.10-7.el8_9.alma.1
M CVE-2023-44487	<0:7.5.15-5.el8_8.alma.1
M Allocation of Resources Without Limits or Throttling	<0:7.5.15-5.el8_8.alma.1
M Authorization Bypass Through User-Controlled Key	<0:7.5.15-3.el8
M Cross-site Request Forgery (CSRF)	<0:7.5.15-3.el8
M Cross-site Scripting (XSS)	<0:7.5.15-3.el8
M CVE-2022-21673	<0:7.5.15-3.el8
M Cross-site Scripting (XSS)	<0:7.5.15-3.el8
M Cross-site Scripting (XSS)	<0:6.7.4-3.el8
M Incorrect Permission Assignment for Critical Resource	<0:6.7.4-3.el8
M Incorrect Permission Assignment for Critical Resource	<0:6.7.4-3.el8
M Cross-site Scripting (XSS)	<0:6.7.4-3.el8
M Cross-site Scripting (XSS)	<0:6.7.4-3.el8
M Cross-site Scripting (XSS)	<0:6.7.4-3.el8
M SQL Injection	<0:6.7.4-3.el8
M Cross-site Scripting (XSS)	<0:6.7.4-3.el8
H Incorrect Authorization	<0:7.5.11-3.el8_6
M Improper Certificate Validation	<0:7.5.9-4.el8
M Incorrect Calculation	<0:7.5.9-4.el8
M CVE-2021-27358	<0:7.5.9-4.el8
M Missing Authorization	<0:7.5.9-4.el8
M Arbitrary Code Injection	<0:7.5.9-4.el8
H Resource Exhaustion	<0:7.5.9-5.el8_5
L Directory Traversal	<0:7.5.11-2.el8
M Improper Authentication	<0:7.5.15-4.el8
M CVE-2022-27664	<0:7.5.15-4.el8
M CVE-2022-32148	<0:7.5.15-3.el8
M Uncontrolled Recursion	<0:7.5.15-3.el8
M Uncontrolled Recursion	<0:7.5.15-3.el8
M Uncontrolled Recursion	<0:7.5.15-3.el8
M Uncontrolled Recursion	<0:7.5.15-3.el8
M Uncontrolled Recursion	<0:7.5.15-3.el8
M Uncontrolled Recursion	<0:7.5.15-3.el8
M Uncontrolled Recursion	<0:7.5.15-3.el8
M HTTP Request Smuggling	<0:7.5.15-3.el8
M CVE-2022-41715	<0:7.5.15-4.el8
M HTTP Request Smuggling	<0:7.5.15-4.el8
M Allocation of Resources Without Limits or Throttling	<0:7.5.15-3.el8

Vulnerability

Vulnerable Version

Use of Uninitialized Variable

<0:9.2.10-20.el8_10

Cross-site Scripting (XSS)

<0:9.2.10-20.el8_10

CVE-2024-24791

<0:9.2.10-18.el8_10

CVE-2024-24790

<0:9.2.10-17.el8_10

CVE-2024-24789

<0:9.2.10-17.el8_10