Grafana Labs reports:
On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for βprintingβ of unauthorized files in a PNG file. This makes it possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake data source (this applies if the user has admin permissions in Grafana).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | grafana | =Β 5.2.0 | UNKNOWN |
FreeBSD | any | noarch | grafana | <Β 8.3.11 | UNKNOWN |
FreeBSD | any | noarch | grafana7 | =Β 7.0 | UNKNOWN |
FreeBSD | any | noarch | grafana8 | =Β 8.3.0 | UNKNOWN |
FreeBSD | any | noarch | grafana8 | <Β 8.3.11 | UNKNOWN |
FreeBSD | any | noarch | grafana9 | =Β 9.0.0 | UNKNOWN |
FreeBSD | any | noarch | grafana9 | <Β 9.0.8 | UNKNOWN |