CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
48.4%
Grafana Labs reports:
On September 7th as a result of an internal security audit we have discovered
that Grafana could leak the authentication cookie of users to plugins. After
further analysis the vulnerability impacts data source and plugin proxy
endpoints under certain conditions.
We believe that this vulnerability is rated at CVSS 6.8
(CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | grafana | =Β 5.0.0 | UNKNOWN |
FreeBSD | any | noarch | grafana | <Β 8.5.14 | UNKNOWN |
FreeBSD | any | noarch | grafana7 | =Β 7.0.0 | UNKNOWN |
FreeBSD | any | noarch | grafana8 | =Β 8.0.0 | UNKNOWN |
FreeBSD | any | noarch | grafana8 | <Β 8.5.14 | UNKNOWN |
FreeBSD | any | noarch | grafana9 | =Β 9.0.0 | UNKNOWN |
FreeBSD | any | noarch | grafana9 | <Β 9.1.8 | UNKNOWN |