
Grafana Attack Surface
Grafana 7.5.1, a popular open-source analytics and monitoring platform, contains two critical vulnerabilities that can be exploited by attackers. The first vulnerability is a server-side request forgery (SSRF) found in the function `sendWebRequestSync` within the `pkg/services/notification/webhook.go` file. The second vulnerability is a directory traversal issue identified in the function `DownloadFile` within `pkg/cmd/grafana-cli/services/api_client.go`. These vulnerabilities have…