Grafana is an open source observability and data visualization platform.
Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin
signature verification. An attacker can convince a server admin to download
and successfully run a malicious plugin even though unsigned plugins are
not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a
workaround, do not install plugins downloaded from untrusted sources.
Author | Note |
---|---|
rodrigo-zaiden | grafana was removed from Debian in 2018. Last Ubuntu release including it is Xenial, there is no expected support. more info: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909592 |