Grafana Labs
Company Details
Linkedin ID:
grafana-labs
Website:
Employees number:
1,742
Number of followers:
254,049
NAICS:
5112
Industry Type:
Homepage:
grafana.com
IP Addresses:
0
Company ID:
GRA_1527465
Scan Status:
In-progress
Grafana Labs Company CyberSecurity Posture
grafana.com
Grafana Labs provides an open and composable observability stack built around Grafana, the leading open source technology for dashboards and visualization. There are 5,000+ Grafana Labs customers, including Bloomberg, Citigroup, Dell Technologies, Salesforce, and TomTom, and 25M+ Grafana users around the world. Grafana Labs helps companies achieve their observability goals with the LGTM Stack, which features scalable metrics (Grafana Mimir), logs (Grafana Loki), and traces (Grafana Tempo) as well as extensive enterprise data source plugins, dashboard management, alerting, reporting, and security. The fully managed Grafana Cloud offering helps organizations get observability up and running easier and faster, with turnkey solutions for Kubernetes and infrastructure monitoring, incident response management, load testing, application observability, and more. Grafana Labs is backed by leading investors Lightspeed Venture Partners, Lead Edge Capital, GIC, Sequoia Capital, Coatue, J.P. Morgan, and CapitalG. Follow Grafana Labs on LinkedIn and Twitter or visit grafana.com.
Grafana Labs A.I CyberSecurity Scoring
Grafana Labs Risk Score (AI oriented)Between 750 and 799
Grafana Labs
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Grafana Labs Global Score (TPRM)XXXX
Grafana Labs
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Grafana Labs Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Grafana Labs
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Grafana Labs disclosed a critical vulnerability (CVE-2025-41115) in its **Grafana Enterprise** product, enabling privilege escalation or impersonation of administrators when **SCIM provisioning** is misconfigured. The flaw arises from improper mapping of the `externalId` SCIM attribute to Grafana’s internal `user.uid`, allowing attackers to assign numeric IDs (e.g., `"1"`) to provisioned users, effectively granting them admin-level access. While exploitation requires both `enableSCIM` and `user_sync_enabled` to be active—a feature in *Public Preview*—the risk is severe due to Grafana’s widespread use across enterprises for data visualization and monitoring.The vulnerability affects versions **12.0.0 to 12.2.1** (excluding OSS and patched Cloud services). Grafana Labs confirmed no active exploitation in its Cloud environment but urged self-managed users to upgrade to versions **12.3.0, 12.2.1, 12.1.3, or 12.0.6** or disable SCIM. The flaw was internally discovered on **November 4**, patched within 24 hours, and publicly disclosed on **November 19**. Prior scanning activity for older Grafana flaws (e.g., path traversal) suggests potential reconnaissance for targeting this new vulnerability.Failure to patch could allow attackers to **compromise administrative accounts**, leading to unauthorized dashboard access, data manipulation, or lateral movement within enterprise networks. Given Grafana’s role in operational analytics, exploitation could disrupt monitoring, alerting, or compliance reporting, with cascading effects on security posture and incident response.
Grafana Labs
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. The flaw, tracked as CVE-2025-4123, impacts multiple versions of the open-source platform used for monitoring and visualizing infrastructure and application metrics. Despite security updates released on May 21, a significant number of instances remain vulnerable, posing a risk to user sessions and account credentials.
Grafana Labs Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Grafana Labs
Incidents vs Software Development Industry Average (This Year)
Grafana Labs has 365.12% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Grafana Labs has 207.69% more incidents than the average of all companies with at least one recorded incident.
Incident Types Grafana Labs vs Software Development Industry Avg (This Year)
Grafana Labs reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 2 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Grafana Labs (X = Date, Y = Severity)
Grafana Labs cyber incidents detection timeline including parent company and subsidiaries
Grafana Labs Company Subsidiaries
Grafana Labs provides an open and composable observability stack built around Grafana, the leading open source technology for dashboards and visualization. There are 5,000+ Grafana Labs customers, including Bloomberg, Citigroup, Dell Technologies, Salesforce, and TomTom, and 25M+ Grafana users around the world. Grafana Labs helps companies achieve their observability goals with the LGTM Stack, which features scalable metrics (Grafana Mimir), logs (Grafana Loki), and traces (Grafana Tempo) as well as extensive enterprise data source plugins, dashboard management, alerting, reporting, and security. The fully managed Grafana Cloud offering helps organizations get observability up and running easier and faster, with turnkey solutions for Kubernetes and infrastructure monitoring, incident response management, load testing, application observability, and more. Grafana Labs is backed by leading investors Lightspeed Venture Partners, Lead Edge Capital, GIC, Sequoia Capital, Coatue, J.P. Morgan, and CapitalG. Follow Grafana Labs on LinkedIn and Twitter or visit grafana.com.
Loading...
Grafana Labs Similar Companies
Meituan
Adhering to the ‘Retail + Technology’ strategy, Meituan commits to its mission that 'We help people eat better, live better'. Since its establishment in March 2010, Meituan has advanced the digital upgrading of services and goods retail on both supply and demand sides. Together with our partners we
Zoho
Zoho offers beautifully smart software to help you grow your business. With over 100 million users worldwide, Zoho's 55+ products aid your sales and marketing, support and collaboration, finance, and recruitment needs—letting you focus only on your business. Zoho respects user privacy and does not h
Booking.com
A career at Booking.com is all about the journey, helping you explore new challenges in a place where you can be your best self. With plenty of exciting twists, turns and opportunities along the way. We’ve always been pioneers, on a mission to shape the future of travel through cutting edge techno
Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. We are driven by the excitement of building technologies, inventing products, and providing services that change lives. We embrac
Upwork is the world’s work marketplace that connects businesses with independent talent from across the globe. We serve everyone from one-person startups to large, Fortune 100 enterprises with a powerful, trust-driven platform that enables companies and talent to work together in new ways that unloc
Databricks is the Data and AI company. More than 10,000 organizations worldwide — including Block, Comcast, Condé Nast, Rivian, Shell and over 60% of the Fortune 500 — rely on the Databricks Data Intelligence Platform to take control of their data and put it to work with AI. Databricks is headquarte
A problem isn't truly solved until it's solved for all. Googlers build products that help create opportunities for everyone, whether down the street or across the globe. Bring your insight, imagination and a healthy disregard for the impossible. Bring everything that makes you unique. Together, we c
Snowflake
**Snowflake is proud to be the Official Data Collaboration Provider for LA28 and Team USA.** Snowflake delivers the AI Data Cloud — a global network where thousands of organizations mobilize data with near-unlimited scale, concurrency, and performance. Inside the AI Data Cloud, organizations unite
Alibaba.com
The first business of Alibaba Group, Alibaba.com (www.alibaba.com) is the leading platform for global wholesale trade serving millions of buyers and suppliers around the world. Through Alibaba.com, small businesses can sell their products to companies in other countries. Sellers on Alibaba.com are t
.png)
Grafana Labs CyberSecurity News
November 24, 2025 11:12 AM
Grafana Flags Critical SCIM Vulnerability CVE-2025-41115
Grafana Labs has issued a warning regarding a maximum-severity security flaw, identified as CVE-2025-41115, affecting its Enterprise product...
November 21, 2025 11:01 AM
Critical Grafana Vulnerability Let Attackers Escalate Privilege
Grafana Labs disclosed a security flaw affecting Grafana Enterprise that could allow attackers to escalate privileges and impersonate users.
November 21, 2025 10:05 AM
Attackers Escalate Privilege Through Critical Grafana Vulnerability
Grafana Labs has released critical security patches addressing a severe vulnerability in Grafana Enterprise that could allow attackers to...
November 03, 2025 08:00 AM
Tech unicorn companies list & tracker
Meet the latest billion-dollar startups. Explore trends in unicorn formation over time, by industry and location.
September 30, 2025 07:00 AM
Grafana Labs Is Cleaning Up On The Vibe Coding Boom
With a client list that includes Nvidia, Anthropic and Uber, the $6 billion-valued Grafana Labs is flexing with $400 million in annualized...
September 03, 2025 07:00 AM
Forbes Cloud 100 2025 List - Largest Cloud Computing Companies Ranked
The tenth annual Forbes Cloud 100 list ranks the top private cloud computing companies — this year dominated by AI.
July 20, 2025 07:00 AM
Grafana Vulnerabilities Allow User Redirection to Malicious Sites and Code Execution in Dashboards
Two significant Grafana vulnerabilities that could allow attackers to redirect users to malicious websites and execute arbitrary JavaScript...
July 18, 2025 02:31 PM
Grafana Vulnerabilities Allow Code Execution and Malicious Website Redirection
Grafana Labs has issued urgent security patches addressing two significant vulnerabilities affecting multiple versions of the popular monitoring platform.
July 18, 2025 07:00 AM
Grafana Flaws Allow User Redirection and Code Execution in Dashboards
Grafana Labs has released critical security patches addressing two significant vulnerabilities that could enable attackers to redirect users to malicious...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Grafana Labs CyberSecurity History Information
Official Website of Grafana Labs
The official website of Grafana Labs is https://grafana.com.
Grafana Labs’s AI-Generated Cybersecurity Score
According to Rankiteo, Grafana Labs’s AI-generated cybersecurity score is 761, reflecting their Fair security posture.
How many security badges does Grafana Labs’ have ?
According to Rankiteo, Grafana Labs currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Grafana Labs have SOC 2 Type 1 certification ?
According to Rankiteo, Grafana Labs is not certified under SOC 2 Type 1.
Does Grafana Labs have SOC 2 Type 2 certification ?
According to Rankiteo, Grafana Labs does not hold a SOC 2 Type 2 certification.
Does Grafana Labs comply with GDPR ?
According to Rankiteo, Grafana Labs is not listed as GDPR compliant.
Does Grafana Labs have PCI DSS certification ?
According to Rankiteo, Grafana Labs does not currently maintain PCI DSS compliance.
Does Grafana Labs comply with HIPAA ?
According to Rankiteo, Grafana Labs is not compliant with HIPAA regulations.
Does Grafana Labs have ISO 27001 certification ?
According to Rankiteo,Grafana Labs is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Grafana Labs
Grafana Labs operates primarily in the Software Development industry.
Number of Employees at Grafana Labs
Grafana Labs employs approximately 1,742 people worldwide.
Subsidiaries Owned by Grafana Labs
Grafana Labs presently has no subsidiaries across any sectors.
Grafana Labs’s LinkedIn Followers
Grafana Labs’s official LinkedIn profile has approximately 254,049 followers.
NAICS Classification of Grafana Labs
Grafana Labs is classified under the NAICS code 5112, which corresponds to Software Publishers.
Grafana Labs’s Presence on Crunchbase
Yes, Grafana Labs has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/raintank.
Grafana Labs’s Presence on LinkedIn
Yes, Grafana Labs maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/grafana-labs.
Cybersecurity Incidents Involving Grafana Labs
As of December 07, 2025, Rankiteo reports that Grafana Labs has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Grafana Labs has an estimated 27,336 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Grafana Labs ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Grafana Labs detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with upgrade to patched versions: 10.4.18+security-01, 11.2.9+security-01, 11.3.6+security-01, 11.4.4+security-01, 11.5.4+security-01, 11.6.1+security-01, and 12.0.0+security-01, and and containment measures with patch deployment (grafana enterprise 12.3.0, 12.2.1, 12.1.3, 12.0.6), containment measures with disabling scim provisioning, and remediation measures with software updates, remediation measures with configuration changes (disabling scim), and communication strategy with public security bulletin, communication strategy with customer advisories..
Incident Details
Can you provide details on each incident ?
Title: Grafana Ghost Vulnerability (CVE-2025-4123)
Description: More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover.
Date Publicly Disclosed: 2023-05-21
Type: Vulnerability Exploitation
Attack Vector: Client-side open redirect
Vulnerability Exploited: CVE-2025-4123
Motivation: Account takeover, execution of malicious plugins
Title: Grafana Enterprise Privilege Escalation Vulnerability (CVE-2025-41115)
Description: Grafana Labs has disclosed a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that allows new users to be treated as administrators or enables privilege escalation when SCIM (System for Cross-domain Identity Management) provisioning is enabled. The flaw arises when both the 'enableSCIM' feature flag and 'user_sync_enabled' options are set to true, permitting a malicious or compromised SCIM client to provision a user with a numeric 'externalId' that maps to an internal account, including administrators. This could lead to impersonation or unauthorized privilege escalation. The issue was discovered during internal auditing on November 4, 2024, and patched within 24 hours. Public disclosure followed on November 19, 2024. Grafana Cloud services (including Amazon Managed Grafana and Azure Managed Grafana) were patched prior to disclosure, while self-managed installations require updates to versions 12.3.0, 12.2.1, 12.1.3, or 12.0.6. Grafana OSS users are unaffected.
Date Detected: 2024-11-04
Date Publicly Disclosed: 2024-11-19
Type: Vulnerability
Attack Vector: NetworkSCIM Provisioning Misconfiguration
Vulnerability Exploited: CVE-2025-41115 (Improper Mapping of SCIM 'externalId' to Internal 'user.uid')
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Exploitation GRA600061525
Systems Affected: 46,506 Grafana instances
Incident : Vulnerability GRA2792027112125
Systems Affected: Grafana Enterprise (Self-Managed)
Operational Impact: Potential Unauthorized Administrative AccessImpersonation Risk
Brand Reputation Impact: Potential Erosion of Trust Due to Privilege Escalation Risk
Which entities were affected by each incident ?
Incident : Vulnerability Exploitation GRA600061525
Entity Name: Grafana Labs
Entity Type: Software Company
Industry: Technology
Incident : Vulnerability GRA2792027112125
Entity Name: Grafana Labs
Entity Type: Organization
Industry: Software, Data Visualization, Monitoring
Location: Global
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploitation GRA600061525
Remediation Measures: Upgrade to patched versions: 10.4.18+security-01, 11.2.9+security-01, 11.3.6+security-01, 11.4.4+security-01, 11.5.4+security-01, 11.6.1+security-01, and 12.0.0+security-01
Incident : Vulnerability GRA2792027112125
Incident Response Plan Activated: True
Containment Measures: Patch Deployment (Grafana Enterprise 12.3.0, 12.2.1, 12.1.3, 12.0.6)Disabling SCIM Provisioning
Remediation Measures: Software UpdatesConfiguration Changes (Disabling SCIM)
Communication Strategy: Public Security BulletinCustomer Advisories
Data Breach Information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Upgrade to patched versions: 10.4.18+security-01, 11.2.9+security-01, 11.3.6+security-01, 11.4.4+security-01, 11.5.4+security-01, 11.6.1+security-01, and 12.0.0+security-01, Software Updates, Configuration Changes (Disabling SCIM), .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by patch deployment (grafana enterprise 12.3.0, 12.2.1, 12.1.3, 12.0.6), disabling scim provisioning and .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability Exploitation GRA600061525
Lessons Learned: Regularly update and patch software to mitigate vulnerabilities.
Incident : Vulnerability GRA2792027112125
Lessons Learned: Importance of Secure Default Configurations for Preview Features, Rapid Patch Deployment for Critical Vulnerabilities, Proactive Monitoring for Exploitation Attempts (e.g., GreyNoise Scanning Activity)
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Exploitation GRA600061525
Recommendations: Upgrade to the latest patched versions of Grafana.
Incident : Vulnerability GRA2792027112125
Recommendations: Upgrade Grafana Enterprise to patched versions (12.3.0, 12.2.1, 12.1.3, or 12.0.6) immediately., Disable SCIM provisioning if not required., Monitor for unusual SCIM-related activity or privilege escalation attempts., Review and audit user provisioning workflows, especially for identity management integrations.Upgrade Grafana Enterprise to patched versions (12.3.0, 12.2.1, 12.1.3, or 12.0.6) immediately., Disable SCIM provisioning if not required., Monitor for unusual SCIM-related activity or privilege escalation attempts., Review and audit user provisioning workflows, especially for identity management integrations.Upgrade Grafana Enterprise to patched versions (12.3.0, 12.2.1, 12.1.3, or 12.0.6) immediately., Disable SCIM provisioning if not required., Monitor for unusual SCIM-related activity or privilege escalation attempts., Review and audit user provisioning workflows, especially for identity management integrations.Upgrade Grafana Enterprise to patched versions (12.3.0, 12.2.1, 12.1.3, or 12.0.6) immediately., Disable SCIM provisioning if not required., Monitor for unusual SCIM-related activity or privilege escalation attempts., Review and audit user provisioning workflows, especially for identity management integrations.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Regularly update and patch software to mitigate vulnerabilities.Importance of Secure Default Configurations for Preview Features,Rapid Patch Deployment for Critical Vulnerabilities,Proactive Monitoring for Exploitation Attempts (e.g., GreyNoise Scanning Activity).
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Upgrade to the latest patched versions of Grafana..
References
Where can I find more information about each incident ?
Incident : Vulnerability Exploitation GRA600061525
Source: BleepingComputer
Incident : Vulnerability GRA2792027112125
Source: Grafana Labs Security Bulletin
Date Accessed: 2024-11-19
Incident : Vulnerability GRA2792027112125
Source: GreyNoise Report on Grafana Scanning Activity
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer, and Source: Grafana Labs Security BulletinDate Accessed: 2024-11-19, and Source: GreyNoise Report on Grafana Scanning Activity.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Vulnerability GRA2792027112125
Investigation Status: Resolved (No Evidence of Exploitation in Grafana Cloud)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Security Bulletin and Customer Advisories.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability GRA2792027112125
Stakeholder Advisories: Customers Advised To Apply Patches Or Disable Scim.
Customer Advisories: Public security bulletin issued with mitigation steps
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers Advised To Apply Patches Or Disable Scim, Public Security Bulletin Issued With Mitigation Steps and .
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploitation GRA600061525
Root Causes: Unpatched software, lack of awareness about the vulnerability
Corrective Actions: Apply security patches, increase user awareness about updates
Incident : Vulnerability GRA2792027112125
Root Causes: Improper Mapping Of Scim 'Externalid' To Internal 'User.Uid' In Grafana Enterprise, Insufficient Validation Of Numeric 'Externalid' Values During User Provisioning, Preview Feature (Scim) Enabled Without Robust Safeguards,
Corrective Actions: Released Patched Versions (12.3.0, 12.2.1, 12.1.3, 12.0.6) With Fixed Scim Provisioning Logic, Enhanced Input Validation For Scim Attributes, Proactive Communication To Customers About Risk And Mitigations,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Apply security patches, increase user awareness about updates, Released Patched Versions (12.3.0, 12.2.1, 12.1.3, 12.0.6) With Fixed Scim Provisioning Logic, Enhanced Input Validation For Scim Attributes, Proactive Communication To Customers About Risk And Mitigations, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-11-04.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-11-19.
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Grafana Enterprise (Self-Managed).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Patch Deployment (Grafana Enterprise 12.3.0, 12.2.1, 12.1.3 and 12.0.6)Disabling SCIM Provisioning.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Proactive Monitoring for Exploitation Attempts (e.g., GreyNoise Scanning Activity).
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Monitor for unusual SCIM-related activity or privilege escalation attempts., Disable SCIM provisioning if not required., Upgrade Grafana Enterprise to patched versions (12.3.0, 12.2.1, 12.1.3, or 12.0.6) immediately., Upgrade to the latest patched versions of Grafana., Review and audit user provisioning workflows and especially for identity management integrations..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Grafana Labs Security Bulletin, GreyNoise Report on Grafana Scanning Activity and BleepingComputer.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (No Evidence of Exploitation in Grafana Cloud).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers advised to apply patches or disable SCIM, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Public security bulletin issued with mitigation steps.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Unpatched software, lack of awareness about the vulnerability, Improper mapping of SCIM 'externalId' to internal 'user.uid' in Grafana EnterpriseInsufficient validation of numeric 'externalId' values during user provisioningPreview feature (SCIM) enabled without robust safeguards.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Apply security patches, increase user awareness about updates, Released patched versions (12.3.0, 12.2.1, 12.1.3, 12.0.6) with fixed SCIM provisioning logicEnhanced input validation for SCIM attributesProactive communication to customers about risk and mitigations.
.png)
Latest Global CVEs (Not Company-Specific)
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash.
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root cause is not that the `struct ttm_resource_manager *man` pointer itself is NULL, but that `man->bdev` (the backing device pointer within the manager) remains uninitialized (NULL) on APUs—since APUs lack dedicated VRAM and do not fully set up VRAM manager structures. When `ttm_resource_manager_usage()` attempts to acquire `man->bdev->lru_lock`, it dereferences the NULL `man->bdev`, leading to a kernel OOPS. 1. **amdgpu_cs.c**: Extend the existing bandwidth control check in `amdgpu_cs_get_threshold_for_moves()` to include a check for `ttm_resource_manager_used()`. If the manager is not used (uninitialized `bdev`), return 0 for migration thresholds immediately—skipping VRAM-specific logic that would trigger the NULL dereference. 2. **amdgpu_kms.c**: Update the `AMDGPU_INFO_VRAM_USAGE` ioctl and memory info reporting to use a conditional: if the manager is used, return the real VRAM usage; otherwise, return 0. This avoids accessing `man->bdev` when it is NULL. 3. **amdgpu_virt.c**: Modify the vf2pf (virtual function to physical function) data write path. Use `ttm_resource_manager_used()` to check validity: if the manager is usable, calculate `fb_usage` from VRAM usage; otherwise, set `fb_usage` to 0 (APUs have no discrete framebuffer to report). This approach is more robust than APU-specific checks because it: - Works for all scenarios where the VRAM manager is uninitialized (not just APUs), - Aligns with TTM's design by using its native helper function, - Preserves correct behavior for discrete GPUs (which have fully initialized `man->bdev` and pass the `ttm_resource_manager_used()` check). v4: use ttm_resource_manager_used(&adev->mman.vram_mgr.manager) instead of checking the adev->gmc.is_app_apu flag (Christian)
References
- https://git.kernel.org/stable/c/070bdce18fb12a49eb9c421e57df17d2ad29bf5f
- https://git.kernel.org/stable/c/1243e396148a65bb6c42a2b70fe43e50c16c494f
- https://git.kernel.org/stable/c/43aa61c18a3a45042b098b7a1186ffb29364002c
- https://git.kernel.org/stable/c/883f309add55060233bf11c1ea6947140372920f
- https://git.kernel.org/stable/c/e70113b741ba253886cd71dbadfe3ea444bb2f5c
Description
In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue. This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.
Description
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible memory leak in smb2_read() Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree().
References
- https://git.kernel.org/stable/c/0797c6cf3b857cc229ab2bc69552938dcd738d78
- https://git.kernel.org/stable/c/63d8706a2c09a0c29b8b0e8a44bc7a1339685de9
- https://git.kernel.org/stable/c/6fced056d2cc8d01b326e6fcfabaacb9850b71a4
- https://git.kernel.org/stable/c/bfda5422a16651d0bf864ec468b1c216e1b10d91
- https://git.kernel.org/stable/c/f1305587731886da37a214cda812ade246c653b0
Description
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2_sess_setup() Reference count of ksmbd_session will leak when session need reconnect. Fix this by adding the missing ksmbd_user_session_put().
References
- https://git.kernel.org/stable/c/379510a815cb2e64eb0a379cb62295d6ade65df0
- https://git.kernel.org/stable/c/6fc935f798d44a8eb8a5e6659198399fbf57b981
- https://git.kernel.org/stable/c/d37b2c81c83d6c0d5ca582f4fe73c672983f9e0d
- https://git.kernel.org/stable/c/dcc51dfe6ff26b52cac106865a172ac982d78401
- https://git.kernel.org/stable/c/e671f9bb97805771380c98de944e2ceab6949188
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=grafana-labs' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
