Grafana -- Exposure of sensitive information to an unauthorized actor

2023-04-2600:00:00

vuxml.freebsd.org

grafana

authentication

sensitive information

exposure

vulnerability

cvss score

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

47.5%

JSON

Grafana Labs reports:

When setting up Grafana, there is an option to enable

  JWT authentication. Enabling this will allow users to authenticate towards
  the Grafana instance with a special header (default X-JWT-Assertion
  ).

In Grafana, there is an additional way to authenticate using JWT called

  URL login where the token is passed as a query parameter.

When using this option, a JWT token is passed to the data source as a header,
which leads to exposure of sensitive information to an unauthorized party.
The CVSS score for this vulnerability is 4.2 Medium

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgrafana= 9.1.0UNKNOWN
FreeBSDanynoarchgrafana< 9.2.17UNKNOWN
FreeBSDanynoarchgrafana9= 9.1.0UNKNOWN
FreeBSDanynoarchgrafana9< 9.2.17UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	grafana	= 9.1.0	UNKNOWN
FreeBSD	any	noarch	grafana	< 9.2.17	UNKNOWN
FreeBSD	any	noarch	grafana9	= 9.1.0	UNKNOWN
FreeBSD	any	noarch	grafana9	< 9.2.17	UNKNOWN