Lucene search
K

7 matches found

Veracode
Veracode
added 2024/09/25 5:46 a.m.8 views

Credentials Exposure

github.com/grafana/grafana-plugin-sdk-go is vulnerable to Credentials Exposure. The vulnerability is due to the inclusion of the full repository URI, including credentials, in the metadata bundled within the compiled binaries during the build process, which allows an attacker to gain unauthorized...

9.1CVSS6.7AI score0.00519EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/09/19 1:17 p.m.14 views

CVE-2024-8986

A flaw was found in grafana-plugin-sdk-go package. The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository UR...

5.5CVSS6.9AI score0.00519EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/19 10:57 a.m.27 views

CVE-2024-8986 Information Leakage in grafana-plugin-sdk-go

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...

9.1CVSS7.1AI score0.00519EPSS
Exploits0References1
CVE
CVE
added 2024/09/19 10:57 a.m.71 views

CVE-2024-8986

CVE-2024-8986 is tied to Grafana’s grafana-plugin-sdk-go which embeds build metadata in binaries, including the repository URL obtained via git remote get-url origin. If credentials are present in that URL, the final binary may contain the full URI with credentials, creating a risk of credential ...

9.1CVSS6.8AI score0.00519EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/19 10:57 a.m.39 views

CVE-2024-8986 Information Leakage in grafana-plugin-sdk-go

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...

9.1CVSS0.00519EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.4 views

PT-2024-6336 · Grafana · Grafana Plugin Sdk

Name of the Vulnerable Software and Affected Versions: Grafana Plugin SDK versions prior to 0.250.0 Description: The issue is related to the Grafana Plugin SDK bundling build metadata into the binaries it compiles, which includes the repository URI for the plugin being built. If credentials are...

9.1CVSS6.8AI score0.00698EPSS
Exploits1References26
Grafana
Grafana
added 2024/09/19 12:0 a.m.11 views

Information Leakage in grafana-plugin-sdk-go

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin . If credentials are included in the repository URI for instance, to allow for fetching of private...

9.1CVSS5.8AI score0.00519EPSS
Exploits0
Rows per page
Query Builder