BIT-grafana-2022-39201

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2022-39201.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-grafana-2022-39201
Aliases
Published
2024-03-06T10:55:22.080Z
Modified
2024-06-10T17:13:41.426930Z
Summary
[none]
Details

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.

References

Affected packages

Bitnami / grafana

Package

Name
grafana
Purl
pkg:bitnami/grafana

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
5.0.1
Fixed
8.5.14
Introduced
9.0.0
Fixed
9.1.8
Type
SEMVER
Events
Introduced
5.0.0
Last affected
5.0.0
Introduced
5.0.0-beta1
Last affected
5.0.0-beta1
Introduced
5.0.0-beta2
Last affected
5.0.0-beta2
Introduced
5.0.0-beta3
Last affected
5.0.0-beta3
Introduced
5.0.0-beta4
Last affected
5.0.0-beta4
Introduced
5.0.0-beta5
Last affected
5.0.0-beta5