exploitDog

GHSA-3q27-7qjq-p9c5

Опубликовано: 27 мар. 2026

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Grafana public dashboards disclose all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards.

No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

Ссылки

Пакеты

Наименование

github.com/grafana/grafana

go

Затронутые версииВерсия исправления

>= 9.3.0

Отсутствует

Наименование

github.com/grafana/grafana

go

Затронутые версииВерсия исправления

>= 12.0.0

Отсутствует

Наименование

github.com/grafana/grafana

go

Затронутые версииВерсия исправления

>= 12.2.0

Отсутствует

Наименование

github.com/grafana/grafana

go

Затронутые версииВерсия исправления

>= 12.3.0

Отсутствует

Наименование

github.com/grafana/grafana

go

Затронутые версииВерсия исправления

>= 12.4.0

Отсутствует

Наименование

github.com/grafana/grafana

go

Затронутые версииВерсия исправления

>= 1.9.2-0.20221116104934-4ee83a5f2bf4, < 1.9.2-0.20260325055210-3522153e07b4

1.9.2-0.20260325055210-3522153e07b4

EPSS

Процентиль: 10%

0.00198

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-200

CWE-312

Связанные уязвимости

CVE-2026-27877

CVSS3: 6.5

ubuntu

3 месяца назад

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

CVE-2026-27877

CVSS3: 7.5

redhat

3 месяца назад

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

CVE-2026-27877

CVSS3: 6.5

nvd

3 месяца назад

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

CVE-2026-27877

CVSS3: 6.5

debian

3 месяца назад

When using public dashboards and direct data-sources, all direct data- ...

ROS-20260605-73-0046

CVSS3: 7.5

redos

23 дня назад

Уязвимость grafana

EPSS

Процентиль: 10%

0.00198

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-200

CWE-312