grafana.com
Open in
urlscan Pro
2600:1901:0:b3ea::
Public Scan
URL:
https://grafana.com/security/security-advisories/cve-2024-9264/
Submission: On October 23 via api from RU — Scanned from DE
Submission: On October 23 via api from RU — Scanned from DE
Form analysis 3 forms found in the DOM
<form class="chat-feedback">
<div><label for="">
<p class="body-default text-gray-8 mb-half"><strong>Comments</strong> <span class="f-14 text-gray-6 fw-400">(required)</span></p>
</label><textarea class="bg-white input-no-focus h-150" placeholder="Let us know about your experience with Grot" x-model="summary.feedback.comments" id="modalChatFeedback" :disabled="summary.feedback.success === true"></textarea></div>
<div class="text-center mx-auto maxw-200"><button class="btn btn--primary w-100" @click.prevent="submitSummaryFeedback" x-show="!summary.feedback.success" :disabled="!summary.feedback.comments || !summary.feedback.rating">
<span x-show="!summary.feedback.loading && !summary.feedback.success">Send </span><span x-show="summary.feedback.loading">Sending...</span></button>
<div class="d-flex justify-content-space-evenly maxw-75 mx-auto" x-show="summary.feedback.success"><span><svg width="27" height="26" viewBox="0 0 27 26" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M8.94922 12.6283 12.4033 16l6.1459-6" stroke="#1a7f4b" stroke-width="2" stroke-linecap="square"></path>
<circle opacity=".2" cx="13.75" cy="13" r="12" stroke="#1a7f4b" stroke-width="2"></circle>
</svg></span><span>Sent</span></div>
</div>
<div class="text-center mb-2 mx-auto maxw-500">
<p x-show="summary.feedback.success">Thank you! Your message has been received!</p>
<p x-show="summary.feedback.error !== ''" x-text="summary.feedback.error"></p>
</div>
</form><form class="chat-feedback">
<div><label for="modalChatFeedback">
<p class="body-default text-gray-8 mb-half"><strong>Comments</strong> <span class="f-14 text-gray-6 fw-400">(required)</span></p>
</label><textarea class="bg-white input-no-focus h-150" placeholder="Let us know about your experience with Grot" x-model="conversation_feedback.comments" id="modalChatFeedback" :disabled="conversation_feedback.success === true"></textarea></div>
<div class="text-center mx-auto maxw-200"><button class="btn btn--primary w-100" @click.prevent="submitChatFeedback(conversation_feedback.conversation_index)" x-show="!conversation_feedback.success"
:disabled="!conversation_feedback.comments || !conversation_feedback.rating">
<span x-show="!conversation_feedback.loading && !conversation_feedback.success">Send</span>
<span x-show="conversation_feedback.loading"></span></button>
<div class="d-flex justify-content-space-evenly maxw-75 mx-auto" x-show="conversation_feedback.success"><span><svg width="27" height="26" viewBox="0 0 27 26" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M8.94922 12.6283 12.4033 16l6.1459-6" stroke="#1a7f4b" stroke-width="2" stroke-linecap="square"></path>
<circle opacity=".2" cx="13.75" cy="13" r="12" stroke="#1a7f4b" stroke-width="2"></circle>
</svg></span><span>Sent</span></div>
</div>
<div class="text-center mb-2 mx-auto maxw-500">
<p x-show="conversation_feedback.success">Thank you! Your message has been received!</p>
<p x-show="conversation_feedback.error !== ''" x-text="conversation_feedback.error"></p>
</div>
</form><form @submit.prevent="submit()"><template x-if="!response">
<div><template x-for="field in form.fields" :key="field">
<div class="alpine-form__wrap"><template x-if="field.element === 'input' && field.type === 'email'">
<div :class="field.wrapperClass || 'form-input'"><label x-text="field.required !== false ? field.label + '*' : field.label" x-show="field.hideLabel === true ? false : true"></label>
<template x-if="email !== ''"><input :name="field.name" :value="email" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label"
:required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern">
</template><template x-if="email === ''"><input :name="field.name" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label"
:required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern"></template>
</div>
</template><template x-if="field.element === 'input' && field.type !== 'email'">
<div :class="field.wrapperClass || 'form-input'"><label x-text="field.required !== false ? field.label + '*' : field.label" x-show="field.hideLabel === true ? false : true"></label>
<input :name="field.name" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label"
:required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern">
</div>
</template>
<div class="form-submit"><template x-if="form.submit_btn"><button class="btn" :class="form.submit_btn" type="submit" x-text="form.submit"></button>
</template><template x-if="!form.submit_btn"><button class="btn btn--outline-white btn--form" type="submit">Subscribe</button></template></div>
</div>
</template></div>
</template>
<div><template x-for="field in form.fields" :key="field">
<div class="alpine-form__wrap"><template x-if="field.element === 'input' && field.type === 'email'">
<div :class="field.wrapperClass || 'form-input'"><label x-text="field.required !== false ? field.label + '*' : field.label" x-show="field.hideLabel === true ? false : true"></label>
<template x-if="email !== ''"><input :name="field.name" :value="email" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label"
:required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern">
</template><template x-if="email === ''"><input :name="field.name" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label"
:required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern"></template>
</div>
</template><template x-if="field.element === 'input' && field.type !== 'email'">
<div :class="field.wrapperClass || 'form-input'"><label x-text="field.required !== false ? field.label + '*' : field.label" x-show="field.hideLabel === true ? false : true"></label>
<input :name="field.name" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label"
:required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern">
</div>
</template>
<div class="form-submit"><template x-if="form.submit_btn"><button class="btn" :class="form.submit_btn" type="submit" x-text="form.submit"></button>
</template><template x-if="!form.submit_btn"><button class="btn btn--outline-white btn--form" type="submit">Subscribe</button></template></div>
</div>
</template>
<div class="alpine-form__wrap"><template x-if="field.element === 'input' && field.type === 'email'">
<div :class="field.wrapperClass || 'form-input'"><label x-text="field.required !== false ? field.label + '*' : field.label" x-show="field.hideLabel === true ? false : true"></label>
<template x-if="email !== ''"><input :name="field.name" :value="email" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label"
:required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern">
</template><template x-if="email === ''"><input :name="field.name" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label"
:required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern"></template>
</div>
</template>
<div :class="field.wrapperClass || 'form-input'" class="form-input"><label x-text="field.required !== false ? field.label + '*' : field.label" x-show="field.hideLabel === true ? false : true">Email*</label>
<template x-if="email !== ''"><input :name="field.name" :value="email" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label"
:required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern">
</template><template x-if="email === ''"><input :name="field.name" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label"
:required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern"></template><input :name="field.name" :placeholder="field.placeholder || field.label" :type="field.type"
@input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label" :required="field.required === false ? undefined : true" maxlength="255" :title="field.title" :pattern="field.pattern" name="email"
placeholder="Email" type="email" class="" aria-label="Email" required="required">
</div><template x-if="field.element === 'input' && field.type !== 'email'">
<div :class="field.wrapperClass || 'form-input'"><label x-text="field.required !== false ? field.label + '*' : field.label" x-show="field.hideLabel === true ? false : true"></label>
<input :name="field.name" :placeholder="field.placeholder || field.label" :type="field.type" @input="set_value($event, field.name)" :class="field.inputClass" :aria-label="field.label" :required="field.required === false ? undefined : true"
maxlength="255" :title="field.title" :pattern="field.pattern">
</div>
</template>
<div class="form-submit"><template x-if="form.submit_btn"><button class="btn" :class="form.submit_btn" type="submit" x-text="form.submit"></button>
</template><template x-if="!form.submit_btn"><button class="btn btn--outline-white btn--form" type="submit">Subscribe</button></template><button class="btn btn--outline-white btn--form" type="submit">Subscribe</button></div>
</div>
</div><template x-if="response === true && form.success">
<div>
<p class="h5 form-response form-response__success inter m-0" x-text="form.success"></p>
</div>
</template><template x-if="response === true && !form.success">
<div>
<p class="h5 form-response form-response__success inter m-0"></p>
</div>
</template><template class="form-response form-response--error mt-1" x-if="response === false">
<p class="form-response form-response--success text-white mt-1">Sorry, an error occurred. Email <a class="text-white text-underline" href="mailto:update@grafana.com">update@grafana.com</a> for help.</p>
</template>
</form>Text Content
Path: Copied! * Products Open Source Solutions Learn Docs Company * Downloads Contact us Sign in Create free account Contact us Products All Products LGTM+ Stack Logs powered by Grafana Loki Grafana for visualization Traces powered by Grafana Tempo Metrics powered by Grafana Mimir and Prometheus Profiles powered by Grafana Pyroscope Key Capabilities AI/ML insights Identify anomalies and reduce toil Contextual root cause analysis Automated anomaly correlation SLO management Create SLOs and error budget alerts Alerting Trigger alerts from any data source Plugins Connect Grafana to data sources, apps, and more Observability Solutions Frontend Observability Gain real user monitoring insights Application Observability Monitor application performance Infrastructure observability Ensure infrastructure health and performance Testing Performance & load testing powered by Grafana k6 Synthetic Monitoring powered by Grafana k6 IRM OnCall Observability native incident response Incident Observability native incident management Deploy The Stack Grafana Cloud Fully managed Grafana Enterprise Self-managed Pricing Hint: It starts at FREE Open Source All Open Source Grafana Loki Multi-tenant log aggregation system Grafana Query, visualize, and alert on data Grafana Tempo High-scale distributed tracing backend Grafana Mimir Scalable and performant metrics backend Grafana Pyroscope Scalable continuous profiling backend Grafana Beyla eBPF auto-instrumentation Grafana Faro Frontend application observability web SDK Grafana Alloy OpenTelemetry Collector distribution with Prometheus pipelines Grafana OnCall On-call management Grafana k6 Load testing for engineering teams Prometheus Monitor Kubernetes and cloud native OpenTelemetry Instrument and collect telemetry data Graphite Scalable monitoring for time series data All Community resources Dashboard templates Try out and share prebuilt visualizations Prometheus exporters Get your metrics into Prometheus quickly Solutions All end-to-end solutions Opinionated solutions that help you get there easier and faster Kubernetes Monitoring Get K8s health, performance, and cost monitoring from cluster to container Application Observability Monitor application performance Frontend Observability Gain real user monitoring insights Incident Response & Management Detect and respond to incidents with a simplified workflow All monitoring and visualization solutions monitor infrastructure Out-of-the-box KPIs, dashboards, and alerts for observability Linux Windows Docker Postgres MySQL AWS Kafka Jenkins RabbitMQ MongoDB All monitoring solutions visualize any data Instantly connect all your data sources to Grafana MongoDB AppDynamics Oracle GitLab Jira Salesforce Splunk Datadog New Relic Snowflake All visualization solutions Learn All Learn Stay up to date ObservabilityCON Annual flagship observability conference ObservabilityCON on the Road Observability roadshow series Blog News, releases, cool stories, and more Observability Survey 2024 Key findings and results New Story of Grafana 10 years of Grafana Events Upcoming in-person and virtual events Success stories By use case, product, and industry Technical learning Documentation All the docs Webinars and videos Demos, webinars, and feature tours Tutorials Step-by-step guides Workshops Free, in-person or online Writers' Toolkit Contribute to technical documentation provided by Grafana Labs Plugin development Visit the Grafana developer portal for tools and resources for extending Grafana with plugins. new Join the community Community Join the Grafana community new Community forums Ask the community for help Community Slack Real-time engagement Grafana Champions Contribute to the community new Community organizers Host local meetups new Docs All Docs Grafana Grafana Mimir Grafana Tempo Grafana Loki Grafana Pyroscope Grafana Alloy Grafana Beyla Grafana Faro Grafana k6 Prometheus Writers’ Toolkit Grafana Cloud Grafana Cloud k6 Synthetic Monitoring Grafana Kubernetes Monitoring Grafana OnCall Grafana Incident Grafana SLO Grafana Alerting Grafana Machine Learning Application Observability Grafana Enterprise Grafana Enterprise Logs Grafana Enterprise Metrics Grafana Enterprise Traces Grafana plugins Community plugins Visit documentation Get started Get started with Grafana Build your first dashboard Get started with Grafana Cloud What's new / Release notes Grafana: 11.3 Grafana k6: 0.54 Grafana Loki: 3.2 Grafana Mimir: 2.14 Grafana Pyroscope: 1.8 Grafana Tempo: 2.6 Company All Company Our team Careers We're hiring Events Partnerships Newsroom Contact us Merch Help build the future of open source observability software Open positions Check out the open source projects we support Downloads Sign in LGTM+ Stack Logs powered by Grafana Loki Grafana for visualization Traces powered by Grafana Tempo Metrics powered by Grafana Mimir and Prometheus Profiles powered by Grafana Pyroscope Key Capabilities AI/ML insights Identify anomalies and reduce toil Contextual root cause analysis Automated anomaly correlation SLO management Create SLOs and error budget alerts Alerting Trigger alerts from any data source Plugins Connect Grafana to data sources, apps, and more Observability Solutions Frontend Observability Gain real user monitoring insights Application Observability Monitor application performance Infrastructure observability Ensure infrastructure health and performance Testing Performance & load testing powered by Grafana k6 Synthetic Monitoring powered by Grafana k6 IRM OnCall Observability native incident response Incident Observability native incident management Deploy The Stack Grafana Cloud Fully managed Grafana Enterprise Self-managed Pricing Hint: It starts at FREE The actually useful free plan * Grafana, of course * 14 day retention * 10k series Prometheus metrics * 500 VUh k6 testing * 50 GB logs, traces, and profiles * 50k frontend sessions * 2,232 app o11y host hours * 2,232 k8s monitoring host hours * 37,944 k8s monitoring container hours * and more cool stuff Create free account No credit card needed, ever. Grafana Loki Multi-tenant log aggregation system Grafana Query, visualize, and alert on data Grafana Tempo High-scale distributed tracing backend Grafana Mimir Scalable and performant metrics backend Grafana Pyroscope Scalable continuous profiling backend Grafana Beyla eBPF auto-instrumentation Grafana Faro Frontend application observability web SDK Grafana Alloy OpenTelemetry Collector distribution with Prometheus pipelines Grafana OnCall On-call management Grafana k6 Load testing for engineering teams Prometheus Monitor Kubernetes and cloud native OpenTelemetry Instrument and collect telemetry data Graphite Scalable monitoring for time series data All Community resources Dashboard templates Try out and share prebuilt visualizations Prometheus exporters Get your metrics into Prometheus quickly end-to-end solutions Opinionated solutions that help you get there easier and faster Kubernetes Monitoring Get K8s health, performance, and cost monitoring from cluster to container Application Observability Monitor application performance Frontend Observability Gain real user monitoring insights Incident Response & Management Detect and respond to incidents with a simplified workflow monitor infrastructure Out-of-the-box KPIs, dashboards, and alerts for observability Linux Windows Docker Postgres MySQL AWS Kafka Jenkins RabbitMQ MongoDB visualize any data Instantly connect all your data sources to Grafana MongoDB AppDynamics Oracle GitLab Jira Salesforce Splunk Datadog New Relic Snowflake All monitoring and visualization solutions Stay up to date ObservabilityCON Annual flagship observability conference ObservabilityCON on the Road Observability roadshow series Blog News, releases, cool stories, and more Observability Survey 2024 Key findings and results New Story of Grafana 10 years of Grafana Events Upcoming in-person and virtual events Success stories By use case, product, and industry Technical learning Documentation All the docs Webinars and videos Demos, webinars, and feature tours Tutorials Step-by-step guides Workshops Free, in-person or online Writers' Toolkit Contribute to technical documentation provided by Grafana Labs Plugin development Visit the Grafana developer portal for tools and resources for extending Grafana with plugins. new Join the community Community Join the Grafana community new Community forums Ask the community for help Community Slack Real-time engagement Grafana Champions Contribute to the community new Community organizers Host local meetups new Featured Getting started with the Grafana LGTM Stack We’ll demo how to get started using the LGTM Stack: Loki for logs, Grafana for visualization, Tempo for traces, and Mimir for metrics. Watch now → Open source Grafana Grafana Mimir Grafana Tempo Grafana Loki Grafana Pyroscope Grafana Alloy Grafana Beyla Grafana Faro Grafana k6 Prometheus Writers’ Toolkit Cloud Grafana Cloud Grafana Cloud k6 Synthetic Monitoring Grafana Kubernetes Monitoring Grafana OnCall Grafana Incident Grafana SLO Grafana Alerting Grafana Machine Learning Application Observability Enterprise Grafana Enterprise Grafana Enterprise Logs Grafana Enterprise Metrics Grafana Enterprise Traces Grafana plugins Community plugins Visit documentation Get started Get started with Grafana Build your first dashboard Get started with Grafana Cloud What's new / Release notes Grafana: 11.3 Grafana k6: 0.54 Grafana Loki: 3.2 Grafana Mimir: 2.14 Grafana Pyroscope: 1.8 Grafana Tempo: 2.6 Our team Careers We're hiring Events Partnerships Newsroom Contact us Merch Grot good Grot bad Feedback I'm a beta, not like one of those pretty fighting fish, but like an early test version. Our lawyers want you to know that I may get answers wrong, so we will monitor feedback and output constantly Grot good Grot bad Feedback I'm a beta, not like one of those pretty fighting fish, but like an early test version. Our lawyers want you to know that I may get answers wrong, so we will monitor feedback and output constantly ← Go back FEEDBACK Write a short description about your experience with Grot, our AI Beta. Rate your experience (required) Comments (required) Send Sending... Sent Thank you! Your message has been received! Möchtest du eine KI-generierte Zusammenfassung dieser Seite in deiner Sprache? Sprache auswählen DeutschSpanischFranzösischItalienischJapanischKoreanischBrasilianisches PortugiesischRussischChinesisch Ja Nein, danke We cannot remember your choice unless you click the consent notice at the bottom. I am Grot, your AI helper. Ask me anything. Grot good Grot bad Feedback RELEVANT SOURCES: I’m a beta, not like one of those pretty fighting fish, but like an early test version. Our lawyers want you to know that my answers may be wrong or not fully up to date, so please provide feedback to help me improve. I am Grot, your AI helper. Ask me anything. Grot good Grot bad Feedback RELEVANT SOURCES: I’m a beta, not like one of those pretty fighting fish, but like an early test version. Our lawyers want you to know that my answers may be wrong or not fully up to date, so please provide feedback to help me improve. ← Go back FEEDBACK Write a short description about your experience with Grot, our AI Beta. Rate your experience (required) Comments (required) Send Sent Thank you! Your message has been received! GRAFANA SQL EXPRESSIONS ALLOW FOR REMOTE CODE EXECUTION CVE ID: CVE-2024-9264 DATE PUBLISHED: OCTOBER 17, 2024 DESCRIPTION: The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The duckdb binary must be present in Grafana’s $PATH for this attack to function; by default, this binary is not installed in Grafana distributions. This vulnerability first appeared in Grafana 11.0.0, and is fixed in the following versions, both for OSS and Enterprise: 11.0.5+security-01 11.1.6+security-01 11.2.1+security-01 11.0.6+security-01 11.1.7+security-01 11.2.2+security-01 (Note: We have provided fixes for both the most recent and previous patch versions of all impacted releases so that users who are still in the process of updating have an option to immediately mitigate this vulnerability without making other changes). Sign up for Grafana stack updates Subscribe Subscribe Email* SubscribeSubscribe Sorry, an error occurred. Email update@grafana.com for help. Note: By signing up, you agree to be emailed related product-level information. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- * Grafana * Overview * Deployment options * Plugins * Dashboards * Products * Grafana Cloud * Grafana Cloud Status * Grafana Enterprise Stack * AI/ML tools for observability * Contextual root cause analysis | Grafana Cloud Asserts * Grafana Cloud Application Observability * Grafana Cloud Frontend Observability * Grafana Cloud k6 * Grafana Cloud Logs * Grafana Cloud Metrics * Grafana Cloud Profiles * Grafana Cloud Synthetic Monitoring * Grafana Cloud Traces * Grafana IRM * Grafana SLO * Open Source * Grafana * Grafana Loki * Grafana Mimir * Grafana OnCall * Grafana Tempo * Grafana Agent * Grafana Alloy * Grafana k6 * Prometheus * Grafana Faro * Grafana Pyroscope * Grafana Beyla * OpenTelemetry * Grafana Tanka * Graphite * GitHub * Learn * Grafana Labs blog * Documentation * Downloads * Community * Community forums * Community Slack * Grafana Champions * Community organizers * ObservabilityCON 2024 * GrafanaCON * The Golden Grot Awards * Successes * Workshops * Videos * OSS vs Cloud * Load testing * Log monitoring * Authors * Company * * The team * Press * Careers * * Partnerships * Contact Us | Grafana Labs * Getting help * Merch -------------------------------------------------------------------------------- Grafana Cloud Status Legal and Security Terms of Service Privacy Policy Trademark Policy Copyright 2024 © Grafana Labs Grafana Labs uses cookies for the normal operation of this website. Learn more. Got it! word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1