Affected by GO-2022-0342
and 25 other vulnerabilities
GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana
GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana
GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana
GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana
GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana
GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana
GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana
GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana
GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana
GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana
GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana
GO-2024-2661: Arbitrary file read in github.com/grafana/grafana
GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana
GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana
GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana
GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana
GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana
GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana
GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana
GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana
GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana
GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana
GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana
GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
package
Version:
v0.0.0-kmdagger2
Opens a new window with list of versions in this module.
Published: Jun 12, 2023
License: AGPL-3.0
Opens a new window with license information.
Imports: 26
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation
¶
-
func CreateGrafDir(t *testing.T, opts ...GrafanaOpts) (string, string)
-
func CreateUser(t *testing.T, store *sqlstore.SQLStore, cmd user.CreateUserCommand) *user.User
-
func SQLiteIntegrationTest(t *testing.T)
-
func SetUpDatabase(t *testing.T, grafDir string) *sqlstore.SQLStore
-
func StartGrafana(t *testing.T, grafDir, cfgPath string) (string, *sqlstore.SQLStore)
-
func StartGrafanaEnv(t *testing.T, grafDir, cfgPath string) (string, *server.TestEnv)
-
type GrafanaOpts
CreateGrafDir creates the Grafana directory.
The log by default is muted in the regression test, to activate it, pass option EnableLog = true
func SQLiteIntegrationTest(t *testing.T)
SetUpDatabase sets up the Grafana database.
StartGrafana starts a Grafana server.
The server address is returned.
type GrafanaOpts struct {
EnableCSP bool
EnableFeatureToggles []string
NGAlertAdminConfigPollInterval time.Duration
NGAlertAlertmanagerConfigPollInterval time.Duration
AnonymousUserRole org.RoleType
EnableQuota bool
DashboardOrgQuota *int64
DisableAnonymous bool
CatalogAppEnabled bool
ViewersCanEdit bool
PluginAdminEnabled bool
PluginAdminExternalManageEnabled bool
AppModeProduction bool
DisableLegacyAlerting bool
EnableUnifiedAlerting bool
UnifiedAlertingDisabledOrgs []int64
EnableLog bool
GRPCServerAddress string
QueryRetries int64
AuthBrokerEnabled bool
}
Source Files
¶
Click to show internal directories.
Click to hide internal directories.