grafana

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Gorgeous metric viz, dashboards & editors for Graphite, InfluxDB & OpenTSDB
Version 8.3.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2559 8.2.3-1 8.2.4-1 Medium Fixed
AVG-2517 8.2.2-1 8.2.3-1 Medium Fixed
AVG-2445 8.1.5-1 8.1.6-1 Critical Fixed
AVG-1034 6.3.3-1 6.3.4-1 Medium Fixed
AVG-811 5.3.2-1 5.3.4-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-41244 AVG-2559 Medium Yes Access restriction bypass
A security issue has been found in Grafana 8.0 before version 8.2.4. When the fine-grained access control beta feature is enabled and there is more than one...
CVE-2021-41174 AVG-2517 Medium Yes Cross-site scripting
A security issue has been found in Grafana before version 8.2.3. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page,...
CVE-2021-39226 AVG-2445 Critical Yes Authentication bypass
A security issue has been found in Grafana before version 8.1.6. Unauthenticated and authenticated users are able to view the snapshot with the lowest...
CVE-2019-15043 AVG-1034 Medium Yes Denial of service
This vulnerability allows any unauthenticated user/client to access the Grafana snapshot HTTP API and create a denial of service attack by posting large...
CVE-2018-19039 AVG-811 High Yes Arbitrary filesystem access
Al security issue has been found in grafana before 5.3.3, that could allow any users with Editor or Admin permissions in Grafana to read any file that the...

Advisories

Date Advisory Group Severity Type
18 Nov 2021 ASA-202111-6 AVG-2559 Medium access restriction bypass
05 Nov 2021 ASA-202111-5 AVG-2517 Medium cross-site scripting
30 Aug 2019 ASA-201908-21 AVG-1034 Medium denial of service
15 Nov 2018 ASA-201811-15 AVG-811 High arbitrary filesystem access