By participating in this program, you agree to:

• Respect the Community Code of Conduct
• Respect the Intigriti Terms and Conditions
• Respect the scope of the program
• Not discuss or disclose vulnerability information without prior written consent (including PoC's on YouTube and Vimeo)

• Only latest released versions of products are in scope. If no releases are created, the vulnerable code must be in the main branch.
• Check specific out-of-scope criteria per product in the "Out of Scope"

Security Hall of Fame

For all valid vulnerabilities, we will ask if you want to be added to Grafana Labs Security Hall of Fame with any associated CVE and vulnerability details.

Submission requirements (read this first)

Every report must include all of the following. Reports missing these elements will be closed pending the information; reports that cannot supply them are out of scope.

1. Exact affected asset — Exact version affected, or full URL / hostname for web assets.
2. Preconditions — the privilege level and context required to exploit. State any non-default configuration or feature toggle required.
3. Reproduction steps — a numbered, deterministic walkthrough that a triager can follow end to end. Prefer to use "victim-attacker" language.
4. Working proof of concept — the actual request/response, script, payload, or commit-level pointer that demonstrates the issue.
5. Concrete security impact — what an attacker actually achieves (read which data, perform which action, cross which boundary). State the realistic impact, not a speculative "this could lead to." If you cannot articulate a concrete impact, the finding is likely out of scope.

Use of AI and automated tooling

If you use AI tools, the following are conditions of participation:

• A human is accountable for every claim. You must understand the finding well enough to explain and reproduce it on request.
• You verified it before submitting. Every PoC must have been run by a human against an in-scope asset.

Out of Scope

Below are product specific out of scope critera. Do not submit a report with any of the following

Grafana

• The Viewer role can run arbitrary queries against configured data sources. This is expected behavior.
• SSRF against the data source proxy endpoint.
• Issues arising from data sources deliberately manipulated to exploit a weakness. Grafana does not sanitize or manipulate data stored in a data source.
• Denial of service nuances: for Viewers, a valid DoS must have non-temporary impact; for Editors, it must provide leverage beyond what an Editor can already do by design; DoS by Admins is fully out of scope; DoS via large end-user inputs is out of scope.
• Community created plugins and apps are out-of-scope.
• Vulnerabilities that require Grafana Enterprise
• Any functionality locked behind app_mode = development

Databases (Mimir, Loki, Tempo, Pyroscope) — by design

• Authentication issues. These components ship without an authentication layer; operators are expected to run an authenticating reverse proxy in front of them.
• DoS / DDoS / brute force.
• Local privilege escalation (e.g. DLL hijacking).

Grafana MCP

• Prompt injection without any impact, such as rogue action or information leak.

Generic Out of Scope

This category includes but is not limited to:

• Automated scanning or reporting of any kind
• CVE in an outdated dependency
• Defense in depth option not implemented (e.g. missing cookie attribute or HTTP header, clickjacking included)
• Secure coding best practice not used
• TLS configuration with older ciphersuites
• Host enumeration (e.g. via Semi-blind SSRF)
• CSRF with only an Availability impact
• Self exploitation (e.g. Self XSS or token reuse)
• Pre-Auth Account takeover/OAuth squatting
• Presence of autocomplete attribute on web forms
• Reverse tabnabbing
• Bypassing rate-limits or the non-existence of rate-limits.
• Best practices violations (password complexity, expiration, re-use, etc.)
• Clickjacking without proven impact/unrealistic user interaction
• CSV Injection
• Sessions not being invalidated (logout, enabling 2FA, etc.)
• HTML-injection without proven impact
• Username/email enumeration
• Email bombing
• Homograph attacks
• Banner grabbing/Version disclosure
• Not stripping metadata of files
• Same-site scripting
• Arbitrary file upload without proof of the existence of the uploaded file

ℹ️ General Program Rules ℹ️

• Don't spam, use social engineering and physical intrusion.

This program follows Intigriti's triage standards based on the proof of concept.

Can I use AI tools?
Yes — as an accelerant. See Use of AI and automated tooling. The requirement is that a human verified the finding and is accountable for it. Unverified model output is closed as spam.

My Intigriti account is on hold since I've submitted too many report. How can I report to you?
Email security@grafana.com (PGP available) and state that your Intigriti account is on hold.

How do I report something on an asset that isn't a bug bounty target, or that I don't want recognition for?
Email security@grafana.com (PGP available). This address covers all Grafana Labs open source and commercial products.

How do I contact the team?
Through the Intigriti platform for program submissions.

Will you disclose my report?
We may publish a summary, remediation, and mitigation details for security fixes on the in our security advisories. Please do not disclose before a fix is released and we've confirmed you may.