Grafana Loki vulnerbilities

Hi Team,

We are implemented Grafana Loki in our orgnization into EKS cluster and running fine with open source, helm chart version: 2.4.1, grafana-image: 7.5.0, logsstash-image: 1.0.1. We restricted under our VPN to avoid public access but even though the Grafana Loki is having these below vulnerbilitis…

  1. SQL injection (High)
  2. Web cache poisoning (Medium)
  3. Open redirection (reflected) (Medium)
  4. TLS cookie without secure flag set (Medium)
  5. Email addresses disclosed (Medium)
  6. Private IP addresses disclosed (Medium)
  7. Password submitted using GET method (Low)
  8. Password field with autocomplete enabled (Low)
  9. Link manipulation (DOM-based) (Low)
  10. Source code disclosure (Low)
  11. Robots.txt file (Low)
  12. Cacheable HTTPS response (Low)
  13. Content type incorrectly stated (Low)
  14. Strict transport security not enforced (Low)
  15. Cross-domain Referer leakage (Informational)
  16. Link manipulation (reflected) (Informational)
  17. DOM data manipulation (DOM-based) (Informational)

Kindly suggest to avoid these many vulnerbilities, what is the best solution on this issue.

Dandappa Sanshi
Sr. Technical Architect

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.