The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5e257b0d-e466-11ed-834b-6c3be5272acd advisory.
– Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the url_login configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana. (CVE-2023-1387)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More
References
Back to Main