grafana vulnerabilities

Known vulnerabilities in the grafana package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Authentication Bypass	*
M Authorization Bypass Through User-Controlled Key	*
M Improper Privilege Management	*
M Cross-site Scripting (XSS)	*
M Missing Synchronization	*
M Improper Access Control	*
M Information Exposure	*
M Inefficient Regular Expression Complexity	*
M Inefficient Regular Expression Complexity	*
M Inefficient Regular Expression Complexity	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	<0:5.2.4-2.el7cp
M Information Exposure	<0:5.2.4-2.el7cp
M Information Exposure	*
M Information Exposure	<0:4.3.2-4.el7cp
M Information Exposure	*
M Improper Authentication	<0:4.6.4-1.el7rhgs
M Improper Authentication	*
M Improper Authentication	*
M Improper Authentication	<0:5.2.4-1.el7cp
M Improper Authentication	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Open Redirect	*
L Open Redirect	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
L Resource Exhaustion	*
L Resource Exhaustion	*
H Improper Input Validation	<0:5.2.4-3.el7cp
H Directory Traversal	<0:5.2.4-6.el7rhgs
H HTTP Request Smuggling	<0:5.2.4-6.el7rhgs
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M External Control of Assumed-Immutable Web Parameter	*
M Inefficient Regular Expression Complexity	*
M Incorrect Implementation of Authentication Algorithm	*
M Information Exposure	*
M Improper Authentication	*
M CVE-2022-39201	*
M Insufficiently Protected Credentials	*
M Improper Verification of Cryptographic Signature	*
M Authentication Bypass	*
H Cross-site Scripting (XSS)	*
H Improper Authentication	*
H Resource Exhaustion	<0:5.2.4-6.el7rhgs
M Resource Exhaustion	*
L Directory Traversal	*
H Incorrect Behavior Order: Early Validation	<0:5.2.4-6.el7rhgs
H Resource Exhaustion	<0:5.2.4-6.el7rhgs
M Buffer Overflow	*
M Buffer Overflow	*
M Directory Traversal	*
M Cleartext Storage of Sensitive Information	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Incorrect Authorization	*
M Incorrect Authorization	*
M Integer Overflow or Wraparound	*
M Integer Overflow or Wraparound	*
M Incorrect Authorization	*
M Cross-site Scripting (XSS)	*
M Cross-site Request Forgery (CSRF)	*
M Information Exposure	*
M Information Exposure	*
M Open Redirect	*
L Directory Traversal	*
L Directory Traversal	*
L Directory Traversal	*
L Directory Traversal	*
M Information Exposure	*
M Information Exposure	*
H Resource Exhaustion	<0:5.2.4-5.el7rhgs
H Resource Exhaustion	*
M Improper Input Validation	*
M Improper Input Validation	*
M Incorrect Authorization	*
M Incorrect Authorization	*
M Out-of-Bounds	*
M Out-of-Bounds	*
M Improper Input Validation	*
M Improper Input Validation	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
H Improper Authentication	*
M Improper Input Validation	*
H Insufficiently Protected Credentials	<0:5.2.4-3.el7cp
H Improper Input Validation	<0:5.2.4-3.el7cp
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	<0:5.2.4-1.el7cp
M Resource Exhaustion	*
M Improper Input Validation	*
M Improper Input Validation	*
H Authorization Bypass Through User-Controlled Key	*
H Authorization Bypass Through User-Controlled Key	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Race Condition	*
M Race Condition	*
M Improper Input Validation	*
M Improper Input Validation	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Improper Input Validation	*
M Improper Input Validation	*
M Improper Input Validation	*
M Improper Input Validation	*
L Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
L Arbitrary Argument Injection	*
M Arbitrary Argument Injection	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Incorrect Permission Assignment for Critical Resource	*
M Incorrect Permission Assignment for Critical Resource	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Incorrect Permission Assignment for Critical Resource	*
L Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
H Server-Side Request Forgery (SSRF)	<0:5.2.4-3.el7cp
H Server-Side Request Forgery (SSRF)	*
H Server-Side Request Forgery (SSRF)	<0:5.2.4-3.el7rhgs
M Improper Access Control	*
M Improper Access Control	*
M Arbitrary Code Injection	*
M Arbitrary Code Injection	*
M Incorrect Calculation	*
M Incorrect Calculation	*
M Cross-site Scripting (XSS)	*
M Improper Input Validation	*
M Improper Input Validation	*
M Improper Certificate Validation	*
L Race Condition	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Improper Input Validation	*
M Improper Input Validation	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Improper Input Validation	*
M Improper Input Validation	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Missing Authorization	*
L Missing Authorization	*
M Resource Exhaustion	*
M Resource Exhaustion	*
L Arbitrary Code Injection	*

Vulnerability

Vulnerable Version

Authentication Bypass