Количество 10
Количество 10
CVE-2022-31130
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.
CVE-2022-31130
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.
CVE-2022-31130
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.
CVE-2022-31130
Grafana is an open source observability and data visualization platfor ...
GHSA-jv32-5578-pxjc
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
BDU:2024-02620
Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с раскрытием конфиденциальной информации несанкционированному субъекту, позволяющая нарушителю раскрыть защищаемую информацию
SUSE-SU-2023:0362-1
Security update for grafana
SUSE-SU-2023:0353-1
Security update for SUSE Manager Client Tools
ELSA-2023-6420
ELSA-2023-6420: grafana security and enhancement update (MODERATE)
ROS-20240404-01
Множественные уязвимости grafana
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-31130 Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. | CVSS3: 4.9 | 0% Низкий | больше 2 лет назад |
 | CVE-2022-31130 Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2022-31130 Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. | CVSS3: 4.9 | 0% Низкий | больше 2 лет назад |
| CVE-2022-31130 Grafana is an open source observability and data visualization platfor ... | CVSS3: 4.9 | 0% Низкий | больше 2 лет назад |
| GHSA-jv32-5578-pxjc Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins | CVSS3: 4.9 | 0% Низкий | около 1 года назад |
 | BDU:2024-02620 Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с раскрытием конфиденциальной информации несанкционированному субъекту, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | SUSE-SU-2023:0362-1 Security update for grafana | больше 2 лет назад | ||
| SUSE-SU-2023:0353-1 Security update for SUSE Manager Client Tools | больше 2 лет назад | ||
| ELSA-2023-6420 ELSA-2023-6420: grafana security and enhancement update (MODERATE) | больше 1 года назад | ||
 | ROS-20240404-01 Множественные уязвимости grafana | CVSS3: 9.4 | около 1 года назад |
Уязвимостей на страницу