Bleeping Computer

Over 46,000 Grafana instances exposed to account takeover bug

More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. The flaw is ...
CSOonline

Flaws in a pair of Grafana plugins could hand over DevOps control

Users must configure updated settings in SQLite and Infinity plugins to defend against attackers gaining admin privileges on Grafana instances. Two now-patched critical flaws in Grafana’s plugin ...