This repository has been archived by the owner on Dec 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
Security: grafana/bugbounty
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Users outside an organization can delete a snapshot with its keyGHSA-67rv-qpw2-6qrr published
Apr 5, 2024 by KristianGrafanaModerate -
Email Validation Bypass And Preventing Sign Up From Email's OwnerGHSA-3hv4-r2fm-h27f published
Feb 13, 2024 by dannyc-grafanaModerate -
Authentication bypass / account takeover due to bad implementation of Azure AD OAuthGHSA-gxh2-6vvc-rrgp published
Jul 6, 2023 by chagrafanaCritical -
Broken Access Control in Alert manager: Viewer can send test alertsGHSA-cvm3-pp2j-chr3 published
Jun 8, 2023 by KristianGrafanaModerate -
CSRF on dangerous "Trigger ingester shutdown" action in MimirGHSA-2wxq-mcch-gvxv published
May 26, 2023 by KristianGrafanaModerate -
Stored XSS in Graphite FunctionDescription tooltipGHSA-qrrg-gw7w-vp76 published
Mar 23, 2023 by KristianGrafanaModerate -
JWT URL-login flow leaks token to data sources through request parameter in proxy requestsGHSA-5585-m9r5-p86j published
Apr 27, 2023 by KristianGrafanaModerate