Lucene search
K

14 matches found

OSV
OSV
added 2025/06/28 8:26 p.m.6 views

CLSA-2025-1751142388 grafana: Fix of CVE-2022-31130

CVE-2022-31130: fix potential leak of authentication tokens to plugins...

7.5CVSS7.3AI score0.00964EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2022-31130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication...

7.5CVSS7.8AI score0.00964EPSS
Exploits0References3
OSV
OSV
added 2024/05/14 10:25 p.m.44 views

GHSA-JV32-5578-PXJC Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

6.9CVSS7.6AI score0.00964EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/05/14 10:25 p.m.46 views

Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...

7.5CVSS6.7AI score0.00964EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.31 views

openSUSE: Security Advisory for grafana (SUSE-SU-2023:0362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.8AI score0.01228EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/19 10:18 p.m.23 views

Security Bulletin: IBM Storage Ceph is vulnerable to exposure of sensitive information to an unauthorized actor in Grafana (CVE-2022-31130)

Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-31130 Vulnerability Details CVEID:CVE-2022-31130 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the proxy...

7.5CVSS5.9AI score0.00964EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2023/11/07 8:59 a.m.46 views

Moderate: Red Hat Security Advisory: grafana security and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.7AI score0.05623EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.4 views

SUSE CVE-2022-31130

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

4.4CVSS8.6AI score0.00964EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2023/02/13 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2023:0362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.2AI score0.01228EPSS
Exploits0References2
ALT Linux
ALT Linux
added 2023/01/31 12:0 a.m.52 views

Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1

8.5.20-alt1 built Jan. 31, 2023 Alexey Shabalin in task 314152 Jan. 25, 2023 Alexey Shabalin - 8.5.20 - Fixes: + CVE-2022-39307 + CVE-2022-39306 + CVE-2022-39229 + CVE-2022-39201 + CVE-2022-36062 + CVE-2022-35957 + CVE-2022-31130 + CVE-2022-31123 + CVE-2022-31107 + CVE-2022-31097 + CVE-2022-29170...

4.9CVSS6.5AI score0.68603EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/10/18 12:0 a.m.22 views

Grafana Privilege Escalation Vulnerability (GHSA-jv32-5578-pxjc)

Grafana is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

7.5CVSS7.9AI score0.00964EPSS
Exploits0References1
Chainguard
Chainguard
added 2022/10/13 11:15 p.m.51 views

CVE-2022-31130 vulnerabilities

Vulnerabilities for packages: grafana-fips...

7.5CVSS7.2AI score0.00964EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.7 views

CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

4.9CVSS7.5AI score0.00964EPSS
Exploits0References4
CVE
CVE
added 2022/10/13 12:0 a.m.489 views

CVE-2022-31130

CVE-2022-31130 affects Grafana: older Grafana releases expose authentication tokens via destination plugins, impacting data source and plugin proxy endpoints. Specifically, versions prior to 9.1.8 and 8.5.14 can leak a user’s Grafana token to a destination plugin under certain conditions; a patch...

7.5CVSS6.1AI score0.00964EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder