6 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-23498
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including...
Security Bulletin: IBM Storage Ceph is vulnerable to the Exposure of Sensitive Information to an Unauthorized Actor in Grafana (CVE-2022-23498)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2022-23498 Vulnerability Details CVEID:CVE-2022-23498 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive...
Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-23498 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when datasource query...
CVE-2022-23498
CVE-2022-23498 concerns Grafana: when datasource query caching is enabled, Grafana caches all headers, including grafana_session, which can allow a user querying a datasource with caching enabled to access another user’s session. The Nessus entry for CVE-2022-23498 describes this issue in Grafana...
CVE-2022-23498 When query caching is enabled in Grafana users can query another users session
Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the...
Grafana 8.3.0 < 9.2.10, 9.3.0 < 9.3.4 Information Disclosure Vulnerability (GHSA-2j8f-6whh-frc8)
Grafana is prone to an information disclosure vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...