GCVE - cpe:2.3:a:grafana:grafana:5.0.0:beta3:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:grafana:grafana:5.0.0:beta3:*:*:*:*:*:*

part: a version: 5.0.0 update: beta3

Vendor	Grafana (`7564912d-bb81-50cf-9eb9-f573ac2fa519`)
Product	Grafana (`6e4f3e11-70ef-54b3-88d6-f64136c9d5f2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/grafana/grafana`	purl2cpe	2026-06-01 10:14:45.594886
`pkg:github/grafana/grafana`	purl2cpe	2026-06-01 10:14:45.594888
`pkg:rpm/fedora/grafana`	purl2cpe	2026-06-01 10:14:45.594889
`pkg:rpm/opensuse/grafana`	purl2cpe	2026-06-01 10:14:45.594890

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-39201`	vulnerable	2026-06-03 14:47:51.233060	Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins MEDIUM (6.8) Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds. Published: 2022-10-13T00:00:00.000Z Updated: 2025-04-23T16:50:44.284Z Open on db.gcve.eu Reference links https://github.com/grafana/grafana/releases/tag/v9.1.8 https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr https://github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57 https://github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-21713`	vulnerable	2026-06-03 14:46:13.402287	Exposure of Sensitive Information in Grafana MEDIUM (4.3) Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. Published: 2022-02-08T20:50:17.000Z Updated: 2025-04-23T19:06:38.430Z Open on db.gcve.eu Reference links https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/ https://github.com/grafana/grafana/pull/45083 https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv https://security.netapp.com/advisory/ntap-20220303-0005/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.