Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39201

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.

Published

2022-10-13T23:15:10.850

Last Modified

2024-11-21T07:17:46.560

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	grafana	grafana	< 8.5.14	Yes
Application	grafana	grafana	< 9.1.8	Yes
Application	grafana	grafana	5.0.0	Yes
Application	grafana	grafana	5.0.0	Yes
Application	grafana	grafana	5.0.0	Yes
Application	grafana	grafana	5.0.0	Yes
Application	grafana	grafana	5.0.0	Yes
Application	grafana	grafana	5.0.0	Yes

References

https://github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57 Patch, Third Party Advisory ([email protected])
https://github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9 Patch, Third Party Advisory ([email protected])
https://github.com/grafana/grafana/releases/tag/v9.1.8 Third Party Advisory ([email protected])
https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr Third Party Advisory ([email protected])
https://github.com/grafana/grafana/commit/b571acc1dc130a33f24742c1f93b93216da6cf57 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/grafana/grafana/commit/c658816f5229d17f877579250c07799d3bbaebc9 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/grafana/grafana/releases/tag/v9.1.8 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)