Lucene search
GoogleOSV:BIT-GRAFANA-2023-1387HistoryMar 06, 2024 - 10:53 a.m.
BIT-grafana-2023-1387
2024-03-0610:53:58
Google
osv.dev
8
grafana
jwt
authentication
vulnerability
data sources
0.001 Low
EPSS
Percentile
42.9%
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the “url_login” configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.
Related
osv
osv
CVE-2023-1387
2023-04-26 14:15:09
prion
prion
Authentication flaw
2023-04-26 14:15:00
cve
cve
CVE-2023-1387
2023-04-26 14:15:09
ibm
ibm
ubuntucve
ubuntucve
CVE-2023-1387
2023-04-26 00:00:00
veracode
veracode
Information Disclosure
2023-05-02 04:31:51
cvelist
cvelist
CVE-2023-1387
2023-04-26 13:47:16
nessus
nessus
freebsd
freebsd
Grafana -- Exposure of sensitive information to an unauthorized actor
2023-04-26 00:00:00
redhatcve
redhatcve
CVE-2023-1387
2023-05-11 06:21:21
openvas
openvas
Grafana 9.1.0 < 9.2.17, 9.3.x < 9.3.13, 9.4.x < 9.4.9 Information Disclosure Vulnerability
2023-04-27 00:00:00
Grafana 7.3.0-beta1 < 8.5.24, 9.x < 9.2.17, 9.3.x < 9.3.13, 9.4.x < 9.4.9 DoS Vulnerability
2023-04-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2578-1)
2023-06-22 00:00:00
redhat
redhat
wallarmlab
wallarmlab
ChatGPT: Friend or Foe? | API Security Newsletter
2023-05-16 13:58:20
redos
redos
ROS-20240403-01
2024-04-03 00:00:00