grafana vulnerabilities

Known vulnerabilities in the grafana package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Resource Exhaustion	<9.5.5-150200.3.47.1
C Authentication Bypass	<9.5.5-150200.3.44.1
M Missing Authorization	<9.5.5-150200.3.44.1
H Improper Synchronization	<9.5.5-150200.3.44.1
M Cross-site Scripting (XSS)	<9.5.1-150200.3.41.3
M CVE-2023-1387	<9.5.1-150200.3.41.3
M Improper Preservation of Permissions	<9.5.1-150200.3.41.3
H Incorrect Authorization	<9.5.1-150200.3.41.3
M Authentication Bypass	<9.5.1-150200.3.41.3
H Missing Release of Resource after Effective Lifetime	<9.5.1-150200.3.41.3
H CVE-2022-27664	<9.5.1-150200.3.41.3
H Cross-site Scripting (XSS)	<9.5.1-150200.3.41.3
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<9.5.1-150200.3.41.3
M Exposure of Private Information ('Privacy Violation')	<9.5.1-150200.3.41.3
H Inefficient Regular Expression Complexity	<9.5.1-150200.3.41.3
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<9.5.1-150200.3.41.3
H Resource Exhaustion	<9.5.1-150200.3.41.3
H Cross-site Scripting (XSS)	<8.5.22-150200.3.38.1
H Cross-site Scripting (XSS)	<8.5.22-150200.3.38.1
M Cross-site Scripting (XSS)	<8.5.22-150200.3.38.1
H Improper Authentication	<8.5.20-150200.3.35.1
M Cross-site Scripting (XSS)	<8.5.20-150200.3.35.1
H Cross-site Scripting (XSS)	<8.5.20-150200.3.35.1
H CVE-2022-41723	<8.5.20-150200.3.35.1
L Improper Authentication	<8.5.15-150200.3.32.1
M CVE-2022-39201	<8.5.15-150200.3.32.1
M Information Exposure	<8.5.15-150200.3.32.1
M Improper Input Validation	<8.5.15-150200.3.32.1
M Insufficiently Protected Credentials	<8.5.15-150200.3.32.1
L Improper Verification of Cryptographic Signature	<8.5.15-150200.3.32.1
M Improper Preservation of Permissions	<8.5.13-150200.3.29.5
M Directory Traversal	<8.5.13-150200.3.29.5
H Cross-site Scripting (XSS)	<8.5.13-150200.3.29.5
M Open Redirect	<8.5.13-150200.3.29.5
H Directory Traversal	<8.5.13-150200.3.29.5
M Authentication Bypass	<8.5.13-150200.3.29.5
C Incorrect Authorization	<8.5.13-150200.3.29.5
H Incorrect Authorization	<8.5.13-150200.3.29.5
H NULL Pointer Dereference	<8.5.13-150200.3.29.5
M Cross-site Scripting (XSS)	<8.5.13-150200.3.29.5
C Buffer Overflow	<8.5.13-150200.3.29.5
M Directory Traversal	<8.5.13-150200.3.29.5
M Authorization Bypass Through User-Controlled Key	<8.3.10-150200.3.26.1
H Cross-site Scripting (XSS)	<8.3.10-150200.3.26.1
H Incorrect Authorization	<8.3.10-150200.3.26.1
M Cross-site Scripting (XSS)	<8.3.10-150200.3.26.1
M Cross-site Request Forgery (CSRF)	<8.3.10-150200.3.26.1

Vulnerability

Vulnerable Version

Resource Exhaustion

<9.5.5-150200.3.47.1

Authentication Bypass

<9.5.5-150200.3.44.1

Missing Authorization

<9.5.5-150200.3.44.1

Improper Synchronization

<9.5.5-150200.3.44.1

Cross-site Scripting (XSS)

<9.5.1-150200.3.41.3