Authentication Bypass

github.com/grafana/agent is vulnerable to authentication bypass. The library does not properly restrict access to config endpoints, allowing an attacker to authenticate against a system for discovering Prometheus targets and collecting metrics leads to information disclosure...

CVE-2021-41090 Instance config inline secret exposure

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...