Site icon API Security Blog

Information Disclosure

github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists in the `initContextWithJWT` function of `auth_jwt.go` because the JWT URL-login flow leaks tokens to data sources through request parameters in proxy requests.Read More

Exit mobile version