grafana

Organization admins can delete pending invites created in an organization they are not part of.

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficie…

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to…

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issu…

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Al…

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is grante…

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces th…

It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE …

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user ac…

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that a…