-
Grafana OSS - we offer Docker images that are synced with the
mainbranch. This makes it easy to get started right away and be sure that you're looking for issues in an untouched instance. To spin up Grafana OSS in Docker, run the following command:docker run -p 3000:3000 grafana/grafana-oss:mainand then visit http://localhost:3000 and login withadmin:admin
You can also follow this guide on how to run the Grafana Docker image.
- Mimir - you can get started by following Get started with Grafana Mimir.
Please refer to the following documentation page in order to understand the roles and permissions in Grafana.
Non-core plugins are considered out of scope as Grafana administrators install them at their own risk.
- Grafana: A user with Viewer role that can tamper with dashboard queries [documentation]
- Grafana: Exposed JWT tokens in URL's when url_login is enabled [issue]
- Grafana: Data sources that have been deliberately manipulated to exploit a weakness in Grafana [issue]
- Mimir: CSRF issues [issue]
- Authentication issues.
- Cross-Site-Scripting, DOM clobbering, prototype pollution and other client side issues.
- For previously found vulnerabilities, see: https://grafana.com/security/security-advisories/