virus logo FortiClient Vulnerability

GrafanaOSS CVE-2022-31130 Information Disclosure Vulnerability

description-logoDescription

Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.

affected-products-logoAffected Applications

GrafanaOSS

CVE References

CVE-2022-31130

Other References

https://github.com/grafana/grafana/security/advisories/GHSA-jv32-5578-pxjc
ID 4555
Created Oct 26, 2022
Description
Updated		 Jul 27, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Grafana Labs
Patch manual
Application GrafanaOSS