Lucene search
China National Vulnerability DatabaseCNVD-2021-101998HistoryDec 12, 2021 - 12:00 a.m.
Grafana Information Disclosure Vulnerability (CNVD-2021-101998)
2021-12-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
0.003 Low
EPSS
Percentile
68.0%
Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, etc. An information disclosure vulnerability exists in Grafana Agent versions 0.20.1 and earlier and 0.21.2 and earlier, which stems from inline secrets defined in the program’s metric instance configuration being exposed in plaintext via two endpoints, which can be accessed by an unauthenticated attacker can use this vulnerability to access these endpoints.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Grafana agent >=0.14.0, | lt | 0.20.1 | |
| Grafana agent >=0.21.0, | lt | 0.21.2 |
Related
cve
cve
CVE-2021-41090
2021-12-08 17:15:11
prion
prion
Authentication flaw
2021-12-08 17:15:00
cvelist
cvelist
CVE-2021-41090 Instance config inline secret exposure
2021-12-08 16:15:19
veracode
veracode
Authentication Bypass
2021-12-09 09:12:14
archlinux
archlinux
[ASA-202112-12] grafana-agent: information disclosure
2021-12-11 00:00:00
osv
osv
Instance config inline secret exposure in Grafana
2021-12-08 19:52:40
CVE-2021-41090
2021-12-08 17:15:11
nvd
nvd
CVE-2021-41090
2021-12-08 17:15:11
github
github
Instance config inline secret exposure in Grafana
2021-12-08 19:52:40
