CVE-2022-39201

🗓️ 13 Oct 2022 23:15:10Reported by [email protected]Type

Grafana version 5.0.0-beta1 to 8.5.14 and 9.1.8 allows authentication cookie leakage to plugin

Reporter	Title	Published	Views	Family All 91
FreeBSD	Grafana -- Plugin signature bypass	4 Jul 202200:00	–	freebsd
FreeBSD	Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins	7 Sep 202200:00	–	freebsd
FreeBSD	Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins	26 Jun 202200:00	–	freebsd
FreeBSD	Grafana -- Improper authentication	7 Sep 202200:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to exposure of sensitive information to an unauthorized actor in Grafana [CVE-2022-39201]	1 Nov 202319:49	–	ibm
AlpineLinux	CVE-2022-39201	13 Oct 202223:15	–	alpinelinux
AlmaLinux	Moderate: grafana security and enhancement update	7 Nov 202300:00	–	almalinux
ALT Linux	Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1	31 Jan 202300:00	–	altlinux
BDU FSTEC	The vulnerability of the Grafana monitoring and observation platform, related to the disclosure of confidential information to unauthorized entities, allows attackers to expose the protected information.	5 Apr 202400:00	–	bdu_fstec
Chainguard	CVE-2022-39201 vulnerabilities	13 Oct 202223:15	–	cgr

NVD

Node

grafana grafanaRange5.0.1–8.5.14

grafana grafanaRange9.0.0–9.1.8

grafana grafanaMatch5.0.0beta1

grafana grafanaMatch5.0.0beta2

grafana grafanaMatch5.0.0beta3

grafana grafanaMatch5.0.0beta4

grafana grafanaMatch5.0.0beta5

Source	Link
github	www.github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr
github	www.github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9
github	www.github.com/grafana/grafana/releases/tag/v9.1.8
github	www.github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57

21 Nov 2024 07:17Current

CVSS 3.16.8 - 7.5

EPSS0.00897