Affected by GO-2022-0342 and 34 other vulnerabilities

GO-2022-0342: Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana

GO-2022-0707: Grafana Authentication Bypass in github.com/grafana/grafana

GO-2024-2483: Grafana XSS via adding a link in General feature in github.com/grafana/grafana

GO-2024-2510: Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

GO-2024-2513: Grafana information disclosure in github.com/grafana/grafana

GO-2024-2515: Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana

GO-2024-2516: Grafana XSS via a column style in github.com/grafana/grafana

GO-2024-2517: Grafana XSS in header column rename in github.com/grafana/grafana

GO-2024-2519: Grafana world readable configuration files in github.com/grafana/grafana

GO-2024-2520: Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

GO-2024-2523: Grafana stored XSS in github.com/grafana/grafana

GO-2024-2629: Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

GO-2024-2661: Arbitrary file read in github.com/grafana/grafana

GO-2024-2697: Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

GO-2024-2843: Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

GO-2024-2844: Grafana User enumeration via forget password in github.com/grafana/grafana

GO-2024-2847: Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

GO-2024-2848: Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

GO-2024-2851: Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana

GO-2024-2852: Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

GO-2024-2854: Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

GO-2024-2855: Grafana Plugin signature bypass in github.com/grafana/grafana

GO-2024-2856: Grafana Race condition allowing privilege escalation in github.com/grafana/grafana

GO-2024-2857: Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

GO-2024-2867: Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

GO-2024-3079: Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana

GO-2024-3215: Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana

GO-2024-3240: Grafana org admin can delete pending invites in different org in github.com/grafana/grafana

GO-2025-3438: Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana

GO-2025-3704: Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin in github.com/grafana/grafana

GO-2025-3740: Grafana vulnerable to authenticated users bypassing dashboard, folder permissions in github.com/grafana/grafana

GO-2025-3742: Grafana's datasource proxy API allows authorization checks to be bypassed in github.com/grafana/grafana

GO-2025-3766: Grafana long dashboard title or panel name causes unresponsives in github.com/grafana/grafana

GO-2025-3814: Grafana's insecure DingDing Alert integration exposes sensitive information in github.com/grafana/grafana

GO-2025-3817: Grafana is vulnerable to XSS attacks through open redirects and path traversal in github.com/grafana/grafana

httpclientprovider

package

v0.0.1-test Latest Latest Go to latest Published: Oct 6, 2022 License: AGPL-3.0 Imports: 25 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grafana/grafana

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func DataSourceMetricsMiddleware() sdkhttpclient.Middleware
func ForwardedCookiesMiddleware(forwardedCookies []*http.Cookie, allowedCookies []string) httpclient.Middleware
func ForwardedOAuthIdentityMiddleware(token *oauth2.Token) httpclient.Middleware
func HTTPLoggerMiddleware(cfg setting.PluginSettings) sdkhttpclient.Middleware
func New(cfg *setting.Cfg, validator models.PluginRequestValidator, ...) *sdkhttpclient.Provider
func RedirectLimitMiddleware(reqValidator models.PluginRequestValidator) sdkhttpclient.Middleware
func ResponseLimitMiddleware(limit int64) sdkhttpclient.Middleware
func SetUserAgentMiddleware(userAgent string) httpclient.Middleware
func SigV4Middleware(verboseLogging bool) httpclient.Middleware
func TracingMiddleware(logger log.Logger, tracer tracing.Tracer) httpclient.Middleware

Constants ¶

View Source

const DataSourceMetricsMiddlewareName = "metrics"

View Source

const ForwardedCookiesMiddlewareName = "forwarded-cookies"

View Source

const ForwardedOAuthIdentityMiddlewareName = "forwarded-oauth-identity"

View Source

const HTTPLoggerMiddlewareName = "http-logger"

View Source

const HostRedirectValidationMiddlewareName = "host-redirect-validation"

View Source

const ResponseLimitMiddlewareName = "response-limit"

ResponseLimitMiddlewareName is the middleware name used by ResponseLimitMiddleware.

View Source

const SetUserAgentMiddlewareName = "user-agent"

SetUserAgentMiddlewareName is the middleware name used by SetUserAgentMiddleware.

View Source

const SigV4MiddlewareName = "sigv4"

SigV4MiddlewareName the middleware name used by SigV4Middleware.

View Source

const (
	TracingMiddlewareName = "tracing"
)

Variables ¶

This section is empty.

Functions ¶

func DataSourceMetricsMiddleware ¶

func DataSourceMetricsMiddleware() sdkhttpclient.Middleware

func ForwardedCookiesMiddleware ¶

func ForwardedCookiesMiddleware(forwardedCookies []*http.Cookie, allowedCookies []string) httpclient.Middleware

ForwardedCookiesMiddleware middleware that sets Cookie header on the outgoing request, if forwarded cookies configured/provided.

func ForwardedOAuthIdentityMiddleware ¶

func ForwardedOAuthIdentityMiddleware(token *oauth2.Token) httpclient.Middleware

ForwardedOAuthIdentityMiddleware middleware that sets Authorization/X-ID-Token headers on the outgoing request if an OAuth Token is provided

func HTTPLoggerMiddleware ¶

func HTTPLoggerMiddleware(cfg setting.PluginSettings) sdkhttpclient.Middleware

func New ¶

func New(cfg *setting.Cfg, validator models.PluginRequestValidator, tracer tracing.Tracer) *sdkhttpclient.Provider

New creates a new HTTP client provider with pre-configured middlewares.

func RedirectLimitMiddleware ¶

func RedirectLimitMiddleware(reqValidator models.PluginRequestValidator) sdkhttpclient.Middleware

func ResponseLimitMiddleware ¶

func ResponseLimitMiddleware(limit int64) sdkhttpclient.Middleware

func SetUserAgentMiddleware ¶

func SetUserAgentMiddleware(userAgent string) httpclient.Middleware

SetUserAgentMiddleware is middleware that sets the HTTP header User-Agent on the outgoing request. If User-Agent already set, it will not be overridden by this middleware.

func SigV4Middleware ¶

func SigV4Middleware(verboseLogging bool) httpclient.Middleware

SigV4Middleware applies AWS Signature Version 4 request signing for the outgoing request.

func TracingMiddleware ¶

func TracingMiddleware(logger log.Logger, tracer tracing.Tracer) httpclient.Middleware

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL