Affected by GO-2024-2513
and 24 other vulnerabilities
GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana
GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana
GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana
GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana
GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana
GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana
GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana
GO-2024-2661: Arbitrary file read in github.com/grafana/grafana
GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana
GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana
GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana
GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana
GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana
GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana
GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana
GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana
GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana
GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana
GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
GO-2024-2858: Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in github.com/grafana/grafana
GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana
GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
type RouteRegister interface {
// Get adds a list of handlers to a given route with a GET HTTP verb Get(string, ...macaron.Handler)
// Post adds a list of handlers to a given route with a POST HTTP verb Post(string, ...macaron.Handler)
// Delete adds a list of handlers to a given route with a DELETE HTTP verb Delete(string, ...macaron.Handler)
// Put adds a list of handlers to a given route with a PUT HTTP verb Put(string, ...macaron.Handler)
// Patch adds a list of handlers to a given route with a PATCH HTTP verb Patch(string, ...macaron.Handler)
// Any adds a list of handlers to a given route with any HTTP verb Any(string, ...macaron.Handler)
// Group allows you to pass a function that can add multiple routes// with a shared prefix route.
Group(string, func(RouteRegister), ...macaron.Handler)
// Insert adds more routes to an existing Group. Insert(string, func(RouteRegister), ...macaron.Handler)
// Register iterates over all routes added to the RouteRegister// and add them to the `Router` pass as an parameter.
Register(Router)
}
RouteRegister allows you to add routes and macaron.Handlers
that the web server should serve.