Lucene search
FreeBSD827B95FF-290E-11ED-A2E7-6C3BE5272ACDHistoryJul 21, 2022 - 12:00 a.m.
Grafana -- Unauthorized file disclosure
2022-07-2100:00:00
vuxml.freebsd.org
20
0.003 Low
EPSS
Percentile
65.8%
Grafana Labs reports:
On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for βprintingβ of unauthorized files in a PNG file. This makes it possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake data source (this applies if the user has admin permissions in Grafana).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | grafana | =Β 5.2.0 | UNKNOWN |
| FreeBSD | any | noarch | grafana | <Β 8.3.11 | UNKNOWN |
| FreeBSD | any | noarch | grafana7 | =Β 7.0 | UNKNOWN |
| FreeBSD | any | noarch | grafana8 | =Β 8.3.0 | UNKNOWN |
| FreeBSD | any | noarch | grafana8 | <Β 8.3.11 | UNKNOWN |
| FreeBSD | any | noarch | grafana9 | =Β 9.0.0 | UNKNOWN |
| FreeBSD | any | noarch | grafana9 | <Β 9.0.8 | UNKNOWN |
Related
alpinelinux
alpinelinux
CVE-2022-31176
2022-09-02 21:15:00
veracode
veracode
Information Disclosure
2022-09-03 02:13:40
prion
prion
Design/Logic Flaw
2022-09-02 21:15:00
openvas
openvas
Grafana Image Renderer Vulnerability (GHSA-2cfh-233g-m4c5)
2022-09-05 00:00:00
cvelist
cvelist
CVE-2022-31176 Grafana Image Renderer leaking files
2022-09-02 00:00:00
osv
osv
CVE-2022-31176
2022-09-02 21:15:16
BIT-grafana-image-renderer-2022-31176
2024-03-06 10:52:34
cve
cve
CVE-2022-31176
2022-09-02 21:15:00
nessus
nessus
