7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
43.8%
Grafana is an open source observability and data visualization platform.
Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak
authentication tokens to some destination plugins under some conditions.
The vulnerability impacts data source and plugin proxy endpoints with
authentication tokens. The destination plugin could receive a userβs
Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for
this issue. As a workaround, do not use API keys, JWT authentication, or
any HTTP Header based authentication.
Author | Note |
---|---|
rodrigo-zaiden | grafana was removed from Debian in 2018. Last Ubuntu release including it is Xenial, there is no expected support. more info: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909592 |
github.com/grafana/grafana/commit/4dd56e4dabce10007bf4ba1059bf54178c35b177
github.com/grafana/grafana/commit/9da278c044ba605eb5a1886c48df9a2cb0d3885f
github.com/grafana/grafana/releases/tag/v9.1.8
github.com/grafana/grafana/security/advisories/GHSA-jv32-5578-pxjc
launchpad.net/bugs/cve/CVE-2022-31130
nvd.nist.gov/vuln/detail/CVE-2022-31130
security-tracker.debian.org/tracker/CVE-2022-31130
www.cve.org/CVERecord?id=CVE-2022-31130
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
43.8%