Authentication flaw

2022-10-1323:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user’s Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.

CPENameOperatorVersion
grafanaeq5.0.0 beta1
grafanaeq5.0.0 beta2
grafanaeq5.0.0 beta3
grafanaeq5.0.0 beta4
grafanaeq5.0.0 beta5
grafanage9.0.0
grafanalt9.1.8
grafanaeq5.0.0
grafanage5.0.1
grafanalt8.5.14

Name	Operator	Version
grafana	eq	5.0.0 beta1
grafana	eq	5.0.0 beta2
grafana	eq	5.0.0 beta3
grafana	eq	5.0.0 beta4
grafana	eq	5.0.0 beta5
grafana	ge	9.0.0
grafana	lt	9.1.8
grafana	eq	5.0.0
grafana	ge	5.0.1
grafana	lt	8.5.14