Affected by GO-2022-0342 and 27 other vulnerabilities

GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana

GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana

GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana

GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana

GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana

GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana

GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana

GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana

GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

GO-2024-2661: Arbitrary file read in github.com/grafana/grafana

GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana

GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana

GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana

GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana

GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana

GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana

GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana

api

package

v0.0.0-testrgm3 Latest Latest Go to latest Published: Jul 21, 2023 License: AGPL-3.0 Imports: 25 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grafana/grafana

Documentation ¶

Index ¶

type GetLDAPUserParams
type LDAPAttribute
type LDAPRoleDTO
type LDAPServerDTO
type LDAPUserDTO
type OrganizationNotFoundError
- func (e *OrganizationNotFoundError) Error() string
type Service
- func ProvideService(cfg *setting.Cfg, router routing.RouteRegister, accessControl ac.AccessControl, ...) *Service
type SyncLDAPUserParams

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type GetLDAPUserParams ¶

type GetLDAPUserParams struct {
	// in:path
	// required:true
	UserName string `json:"user_name"`
}

swagger:parameters getUserFromLDAP

type LDAPAttribute ¶

type LDAPAttribute struct {
	ConfigAttributeValue string `json:"cfgAttrValue"`
	LDAPAttributeValue   string `json:"ldapValue"`
}

LDAPAttribute is a serializer for user attributes mapped from LDAP. Is meant to display both the serialized value and the LDAP key we received it from.

type LDAPRoleDTO ¶

type LDAPRoleDTO struct {
	OrgId   int64        `json:"orgId"`
	OrgName string       `json:"orgName"`
	OrgRole org.RoleType `json:"orgRole"`
	GroupDN string       `json:"groupDN"`
}

RoleDTO is a serializer for mapped roles from LDAP

type LDAPServerDTO ¶

type LDAPServerDTO struct {
	Host      string `json:"host"`
	Port      int    `json:"port"`
	Available bool   `json:"available"`
	Error     string `json:"error"`
}

LDAPServerDTO is a serializer for LDAP server statuses

type LDAPUserDTO ¶

type LDAPUserDTO struct {
	Name           *LDAPAttribute         `json:"name"`
	Surname        *LDAPAttribute         `json:"surname"`
	Email          *LDAPAttribute         `json:"email"`
	Username       *LDAPAttribute         `json:"login"`
	IsGrafanaAdmin *bool                  `json:"isGrafanaAdmin"`
	IsDisabled     bool                   `json:"isDisabled"`
	OrgRoles       []LDAPRoleDTO          `json:"roles"`
	Teams          []ldap.TeamOrgGroupDTO `json:"teams"`
}

LDAPUserDTO is a serializer for users mapped from LDAP

type OrganizationNotFoundError ¶

type OrganizationNotFoundError struct {
	OrgID int64
}

func (*OrganizationNotFoundError) Error ¶

func (e *OrganizationNotFoundError) Error() string

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

func ProvideService ¶

func ProvideService(cfg *setting.Cfg, router routing.RouteRegister, accessControl ac.AccessControl,
	userService user.Service, authInfoService login.AuthInfoService, ldapGroupsService ldap.Groups,
	loginService login.Service, orgService org.Service, ldapService service.LDAP,
	sessionService auth.UserTokenService, bundleRegistry supportbundles.Service) *Service

func (*Service) GetLDAPStatus ¶

func (s *Service) GetLDAPStatus(c *contextmodel.ReqContext) response.Response

swagger:route GET /admin/ldap/status admin_ldap getLDAPStatus

Attempts to connect to all the configured LDAP servers and returns information on whenever they're available or not.

If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `ldap.status:read`.

Security: - basic:

Responses: 200: okResponse 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*Service) GetUserFromLDAP ¶

func (s *Service) GetUserFromLDAP(c *contextmodel.ReqContext) response.Response

swagger:route GET /admin/ldap/{user_name} admin_ldap getUserFromLDAP

Finds an user based on a username in LDAP. This helps illustrate how would the particular user be mapped in Grafana when synced.

If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `ldap.user:read`.

Security: - basic:

Responses: 200: okResponse 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*Service) PostSyncUserWithLDAP ¶

func (s *Service) PostSyncUserWithLDAP(c *contextmodel.ReqContext) response.Response

swagger:route POST /admin/ldap/sync/{user_id} admin_ldap postSyncUserWithLDAP

Enables a single Grafana user to be synchronized against LDAP.

If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `ldap.user:sync`.

Security: - basic:

Responses: 200: okResponse 401: unauthorisedError 403: forbiddenError 500: internalServerError

func (*Service) ReloadLDAPCfg ¶

func (s *Service) ReloadLDAPCfg(c *contextmodel.ReqContext) response.Response

swagger:route POST /admin/ldap/reload admin_ldap reloadLDAPCfg

Reloads the LDAP configuration.

If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `ldap.config:reload`.

Security: - basic:

Responses: 200: okResponse 401: unauthorisedError 403: forbiddenError 500: internalServerError

type SyncLDAPUserParams ¶

type SyncLDAPUserParams struct {
	// in:path
	// required:true
	UserID int64 `json:"user_id"`
}

swagger:parameters postSyncUserWithLDAP

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL