Affected by GO-2022-0342
and 27 other vulnerabilities
GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana
GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana
GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana
GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana
GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana
GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana
GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana
GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana
GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana
GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana
GO-2024-2661: Arbitrary file read in github.com/grafana/grafana
GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana
GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana
GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana
GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana
GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana
GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana
GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana
GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana
GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana
GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana
GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
GO-2024-2858: Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in github.com/grafana/grafana
GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana
GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
type Config struct {
// The url to push data to. Required. URL string// The prefix for the pushed Graphite metrics. Defaults to empty string. Prefix string// The interval to use for pushing data to Graphite. Defaults to 15 seconds. Interval time.Duration// The timeout for pushing metrics to Graphite. Defaults to 15 seconds. Timeout time.Duration// The Gatherer to use for metrics. Defaults to prometheus.DefaultGatherer. Gatherer prometheus.Gatherer// The logger that messages are written to. Defaults to no logging. Logger Logger// ErrorHandling defines how errors are handled. Note that errors are// logged regardless of the configured ErrorHandling provided Logger// is not nil.
ErrorHandling HandlerErrorHandling// Graphite does not support ever increasing counter the same way// prometheus does. Rollups and ingestion might cannot handle ever// increasing counters. This option allows enabled the caller to// calculate the delta by saving the last sent counter in memory// and subtraction it from the collected value before sending.
CountersAsDelta bool
}
HandlerErrorHandling defines how a Handler serving metrics will handle
errors.
const (
// Ignore errors and try to push as many metrics to Graphite as possible. ContinueOnError HandlerErrorHandling = iota// Abort the push to Graphite upon the first error encountered. AbortOnError
)
These constants cause handlers serving metrics to behave as described if
errors are encountered.
type Logger interface {
Println(v ...interface{})
}
Logger is the minimal interface Bridge needs for logging. Note that
log.Logger from the standard library implements this interface, and it is
easy to implement by custom loggers, if they don't do so already anyway.