FreeBSD : Grafana — Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (6f6c9420-6297-11ed-9ca2-6c3be5272acd)
Discription

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f6c9420-6297-11ed-9ca2-6c3be5272acd advisory.

– Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens.
The destination plugin could receive a user’s Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. (CVE-2022-31130)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More

Back to Main

Subscribe for the latest news:
Generated by Feedzy
%d bloggers like this: