Hi Team,
We are implemented Grafana Loki in our orgnization into EKS cluster and running fine with open source, helm chart version: 2.4.1, grafana-image: 7.5.0, logsstash-image: 1.0.1. We restricted under our VPN to avoid public access but even though the Grafana Loki is having these below vulnerbilitis…
- SQL injection (High)
- Web cache poisoning (Medium)
- Open redirection (reflected) (Medium)
- TLS cookie without secure flag set (Medium)
- Email addresses disclosed (Medium)
- Private IP addresses disclosed (Medium)
- Password submitted using GET method (Low)
- Password field with autocomplete enabled (Low)
- Link manipulation (DOM-based) (Low)
- Source code disclosure (Low)
- Robots.txt file (Low)
- Cacheable HTTPS response (Low)
- Content type incorrectly stated (Low)
- Strict transport security not enforced (Low)
- Cross-domain Referer leakage (Informational)
- Link manipulation (reflected) (Informational)
- DOM data manipulation (DOM-based) (Informational)
Kindly suggest to avoid these many vulnerbilities, what is the best solution on this issue.
Thanks
Dandappa Sanshi
Sr. Technical Architect