2 matches found
grafana: data source proxy race condition
A flaw was found in grafana. This issue occurs when sending an API call to the /ds/query or public dashboard query endpoint that has mixed queries, such as having two or more distinct data sources in one API call. As a result, the Grafana instance will crash. Currently, the only feature that uses...
CVE-2022-23498
A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a data source where the caching is enabled can acquire another user’s session. Mitigation To mitigate the vulnerability,...