virus logo FortiClient Vulnerability

GrafanaOSS CVE-2022-31123 Signature Verification Bypass Vulnerability

description-logoDescription

Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.

affected-products-logoAffected Applications

GrafanaOSS

CVE References

CVE-2022-31123

Other References

https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8
ID 4557
Created Oct 26, 2022
Description
Updated		 Jul 27, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Grafana Labs
Patch manual
Application GrafanaOSS