According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 9.5.7, or 10.0.x earlier than 10.0.12, or 10.1.x earlier than 10.1.8, or 10.2.x earlier than 10.2.5, or 10.3.x earlier than 10.3.4. It is, therefore, affected by a improper privilege management vulnerability.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Grafana Labs installed on the remote host is prior to 10.0.12, 10.1.8, 10.2.5, 10.3.4, or 9.5.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1442 advisory.

  - A user with the permissions to create a data source can use Grafana API to create a data source with UID     set to *. Doing this will grant the user access to read, query, edit and delete all data sources within     the organization. (CVE-2024-1442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A user with the permissions to create a data source can use Grafana API to create a data source with UID     set to *. Doing this will grant the user access to read, query, edit and delete all data sources within     the organization. (CVE-2024-1442)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Published	Updated	Severity
114840	Grafana 8.5.x < 9.5.7 Improper Privilege Management	Web App Scanning	Component Vulnerability	6/4/2025	6/4/2025	high
114844	Grafana 10.3.x < 10.3.4 Improper Privilege Management	Web App Scanning	Component Vulnerability	6/4/2025	6/4/2025	high
114841	Grafana 10.0.x < 10.0.12 Improper Privilege Management	Web App Scanning	Component Vulnerability	6/4/2025	6/4/2025	high
114842	Grafana 10.1.x < 10.1.8 Improper Privilege Management	Web App Scanning	Component Vulnerability	6/4/2025	6/4/2025	high
114843	Grafana 10.2.x < 10.2.5 Improper Privilege Management	Web App Scanning	Component Vulnerability	6/4/2025	6/4/2025	high
192023	Grafana Labs 10.0.x < 10.0.12 / 10.1.x < 10.1.8 / 10.2.x < 10.2.5 / 10.3.x < 10.3.4 / 8.5.x < 9.5.7 (CVE-2024-1442)	Nessus	Web Servers	3/13/2024	3/14/2025	high
260928	Linux Distros Unpatched Vulnerability : CVE-2024-1442	Nessus	Misc.	9/3/2025	9/3/2025	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high