| CVE-2021-43815 |
AVG-2609 |
Medium |
Yes |
Directory traversal |
A security issue has been found in Grafana 8 before version 8.3.2 through which authenticated users could read out arbitrary .csv files through directory... |
| CVE-2021-43813 |
AVG-2609 |
Medium |
Yes |
Directory traversal |
A security issue has been found in Grafana before version 8.3.2 through which authenticated users could read out fully lowercase or fully uppercase .md... |
| CVE-2021-43798 |
AVG-2609 |
High |
Yes |
Directory traversal |
Grafana 8 before version 8.3.1 is vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is... |
| CVE-2021-41244 |
AVG-2559 |
Medium |
Yes |
Access restriction bypass |
A security issue has been found in Grafana 8.0 before version 8.2.4. When the fine-grained access control beta feature is enabled and there is more than one... |
| CVE-2021-41174 |
AVG-2517 |
Medium |
Yes |
Cross-site scripting |
A security issue has been found in Grafana before version 8.2.3. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page,... |
| CVE-2021-39226 |
AVG-2445 |
Critical |
Yes |
Authentication bypass |
A security issue has been found in Grafana before version 8.1.6. Unauthenticated and authenticated users are able to view the snapshot with the lowest... |
| CVE-2019-15043 |
AVG-1034 |
Medium |
Yes |
Denial of service |
This vulnerability allows any unauthenticated user/client to access the Grafana snapshot HTTP API and create a denial of service attack by posting large... |
| CVE-2018-19039 |
AVG-811 |
High |
Yes |
Arbitrary filesystem access |
Al security issue has been found in grafana before 5.3.3, that could allow any users with Editor or Admin permissions in Grafana to read any file that the... |