CVE-2023-50740 Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

BIT-GRAFANA-2022-23498 When query caching is enabled in Grafana users can query another users session

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the...

CVE-2024-23328

Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java. The...

Deserialization of untrusted data

Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java. The...

Server Side Request Forgery (SSRF)

github.com/grafana/grafana-csv-datasource is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to improper validation of user input, allowing attackers to craft requests to endpoints within the local network...

This Week in Spring - February 20th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you this fine 20th of February, 2024? I'm doing alright on this rainy 20th of Feburary here in San Francisco, and I hope you are too! We've got a ton of things to get into this week so let's dive right into it! Have y...

CVE-2023-5123

The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate...

CVE-2023-5122

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

Path traversal

The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a...

CVE-2023-5122 SSRF in CSV Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

CVE-2023-5122

Grafana’s CSV Datasource Plugin is affected by an SSRF flaw when configured to send requests to a bare host (e.g., https://www.example.com/) with no path. A specially crafted user request could trigger requests to endpoints other than the administrator-configured one, enabling an SSRF vector. Pub...

CVE-2023-5123 Improper Path Sanitization in JSON Datasource Plugin

The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate...

CVE-2023-5123 Improper Path Sanitization in JSON Datasource Plugin

The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate...

CVE-2023-5123

CVE-2023-5123 affects the Grafana JSON datasource plugin (Marcus Olsson) used to fetch JSON data from a configured remote endpoint. The root cause is inadequate sanitization of the dashboard-supplied path parameter, allowing path traversal characters (../) to escape the configured sub-path and ta...

PT-2024-14075 · Grafana · Grafana

Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue concerns the CSV datasource plugin, a Grafana Labs maintained plugin for Grafana, which allows retrieving and processing CSV data from a remote endpoint configured by an...

Grafana Code Issue Vulnerability

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana has a security vulnerability that stems from a CSV datasource plugin that...

Improper Path Sanitization in JSON Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The JSON datasource plugin is a Grafana Labs maintained plugin that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate sanitizati...

This Week in Spring - February 6th

Hi, Spring fans! Welcome to another installment of the rip-roarin' adventure that is This Week in Spring! We've got a lot to look at, as usual, so let's dive right into it! in last week's installment of A Bootiful Podcast, I talked to Gunnar Morling, who created the 1BRC 1 Billion Row Challenge...

CVE-2024-23328

CVE-2024-23328 concerns DataEase, an open-source data visualization/analysis tool. The vulnerability resides in the DataEase datasource implementation, specifically in the Java file Mysql.java, where unsafe deserialization can be triggered through bypassable blacklist checks on MySQL JDBC paramet...