[FREEBSD:6877E164-6296-11ED-9CA2-6C3BE5272ACD] Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Severity
High
Affected Packages
4
CVEs
1
Grafana Labs reports:
On September 7th as a result of an internal security audit we have discovered
that Grafana could leak the authentication cookie of users to plugins. After
further analysis the vulnerability impacts data source and plugin proxy
endpoints under certain conditions.
We believe that this vulnerability is rated at CVSS 6.8
(CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
Package | Affected Version |
---|---|
pkg:freebsd/grafana9 | < 9.1.8 |
pkg:freebsd/grafana8 | < 8.5.14 |
pkg:freebsd/grafana7 | |
pkg:freebsd/grafana | < 8.5.14 |
- ID
- FREEBSD:6877E164-6296-11ED-9CA2-6C3BE5272ACD
- Severity
- high
- Severity from
- CVE-2022-39201
- URL
- http://vuxml.freebsd.org/freebsd/6877e164-6296-11ed-9ca2-6c3be5272acd.html
- Published
-
2022-09-07T00:00:00
(2 years ago) - Modified
-
2022-11-12T00:00:00
(22 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |