Affected by GO-2022-0342
and 27 other vulnerabilities
GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana
GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana
GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana
GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana
GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana
GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana
GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana
GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana
GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana
GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana
GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana
GO-2024-2661: Arbitrary file read in github.com/grafana/grafana
GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana
GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana
GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana
GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana
GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana
GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana
GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana
GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana
GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana
GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana
GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana
GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
package
Version:
v2.5.0+incompatible
Opens a new window with list of versions in this module.
Published: Oct 28, 2015
License: Apache-2.0
Opens a new window with license information.
Imports: 5
Opens a new window with list of imports.
Imported by: 479
Opens a new window with list of known importers.
Documentation
¶
type AddInviteForm struct {
LoginOrEmail string `json:"loginOrEmail" binding:"Required"`
Name string `json:"name"`
Role m.RoleType `json:"role" binding:"Required"`
SkipEmails bool `json:"skipEmails"`
}
type AdminCreateUserForm struct {
Email string `json:"email"`
Login string `json:"login"`
Name string `json:"name"`
Password string `json:"password" binding:"Required"`
}
type AdminUpdateUserForm struct {
Email string `json:"email"`
Login string `json:"login"`
Name string `json:"name"`
}
type AdminUpdateUserPasswordForm struct {
Password string `json:"password" binding:"Required"`
}
type AdminUpdateUserPermissionsForm struct {
IsGrafanaAdmin bool `json:"IsGrafanaAdmin"`
}
type AdminUserListItem struct {
Email string `json:"email"`
Name string `json:"name"`
Login string `json:"login"`
IsGrafanaAdmin bool `json:"isGrafanaAdmin"`
}
type CompleteInviteForm struct {
InviteCode string `json:"inviteCode"`
Email string `json:"email" binding:"Required"`
Name string `json:"name"`
Username string `json:"username"`
Password string `json:"password"`
ConfirmPassword string `json:"confirmPassword"`
}
type CurrentUser struct {
IsSignedIn bool `json:"isSignedIn"`
Id int64 `json:"id"`
Login string `json:"login"`
Email string `json:"email"`
Name string `json:"name"`
LightTheme bool `json:"lightTheme"`
OrgId int64 `json:"orgId"`
OrgName string `json:"orgName"`
OrgRole m.RoleType `json:"orgRole"`
IsGrafanaAdmin bool `json:"isGrafanaAdmin"`
GravatarUrl string `json:"gravatarUrl"`
}
type DashboardFullWithMeta struct {
Meta DashboardMeta `json:"meta"`
Dashboard map[string]interface{} `json:"dashboard"`
}
type DashboardMeta struct {
IsStarred bool `json:"isStarred,omitempty"`
IsHome bool `json:"isHome,omitempty"`
IsSnapshot bool `json:"isSnapshot,omitempty"`
Type string `json:"type,omitempty"`
CanSave bool `json:"canSave"`
CanEdit bool `json:"canEdit"`
CanStar bool `json:"canStar"`
Slug string `json:"slug"`
Expires time.Time `json:"expires"`
Created time.Time `json:"created"`
}
type DataSource struct {
Id int64 `json:"id"`
OrgId int64 `json:"orgId"`
Name string `json:"name"`
Type string `json:"type"`
Access m.DsAccess `json:"access"`
Url string `json:"url"`
Password string `json:"password"`
User string `json:"user"`
Database string `json:"database"`
BasicAuth bool `json:"basicAuth"`
BasicAuthUser string `json:"basicAuthUser"`
BasicAuthPassword string `json:"basicAuthPassword"`
IsDefault bool `json:"isDefault"`
JsonData map[string]interface{} `json:"jsonData"`
}
type InviteInfo struct {
Email string `json:"email"`
Name string `json:"name"`
Username string `json:"username"`
InvitedBy string `json:"invitedBy"`
}
type LoginCommand struct {
User string `json:"user" binding:"Required"`
Password string `json:"password" binding:"Required"`
Remember bool `json:"remember"`
}
type MetricQueryResultDataDto struct {
Target string `json:"target"`
DataPoints [][2]float64 `json:"datapoints"`
}
type NewApiKeyResult struct {
Name string `json:"name"`
Key string `json:"key"`
}
type ResetUserPasswordForm struct {
Code string `json:"code"`
NewPassword string `json:"newPassword"`
ConfirmPassword string `json:"confirmPassword"`
}
type SendResetPasswordEmailForm struct {
UserOrEmail string `json:"userOrEmail" binding:"Required"`
}
type SignUpForm struct {
Email string `json:"email" binding:"Required"`
}
type SignUpStep2Form struct {
Email string `json:"email"`
Name string `json:"name"`
Username string `json:"username"`
Password string `json:"password"`
Code string `json:"code"`
OrgName string `json:"orgName"`
}
type UpdateOrgAddressForm struct {
Address1 string `json:"address1"`
Address2 string `json:"address2"`
City string `json:"city"`
ZipCode string `json:"zipcode"`
State string `json:"state"`
Country string `json:"country"`
}
type UpdateOrgForm struct {
Name string `json:"name" binding:"Required"`
}
type UserStars struct {
DashboardIds map[string]bool `json:"dashboardIds"`
}
Source Files
¶
Click to show internal directories.
Click to hide internal directories.