exploitDog

CVE-2026-27877

Опубликовано: 27 мар. 2026

Источник: nvd

CVSS3: 6.5

CVSS3: 7.5

EPSS Низкий

Описание

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards.

No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

Ссылки

https://grafana.com/security/security-advisories/cve-2026-27877
Vendor Advisory
https://grafana.com/security/security-advisories/cve-2026-27877
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*

Версия до 9.3.0 (исключая)

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*

Версия от 11.6.14 (включая) до 12.0.0 (исключая)

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*

Версия от 12.1.10 (включая) до 12.2.0 (исключая)

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*

Версия от 12.2.8 (включая) до 12.3.0 (исключая)

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*

Версия от 12.3.6 (включая) до 12.4.0 (исключая)

EPSS

Процентиль: 10%

0.00198

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-312

Связанные уязвимости

CVE-2026-27877

CVSS3: 6.5

ubuntu

3 месяца назад

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

CVE-2026-27877

CVSS3: 7.5

redhat

3 месяца назад

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

CVE-2026-27877

CVSS3: 6.5

debian

3 месяца назад

When using public dashboards and direct data-sources, all direct data- ...

ROS-20260605-73-0046

CVSS3: 7.5

redos

23 дня назад

Уязвимость grafana

RLSA-2026:10226

rocky

2 месяца назад

Important: grafana security update

EPSS

Процентиль: 10%

0.00198

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-312