CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
EPSS
Percentile
66.0%
Grafana Labs reports:
On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for βprintingβ of unauthorized files in a PNG file. This makes it possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake data source (this applies if the user has admin permissions in Grafana).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | grafana | =Β 5.2.0 | UNKNOWN |
FreeBSD | any | noarch | grafana | <Β 8.3.11 | UNKNOWN |
FreeBSD | any | noarch | grafana7 | =Β 7.0 | UNKNOWN |
FreeBSD | any | noarch | grafana8 | =Β 8.3.0 | UNKNOWN |
FreeBSD | any | noarch | grafana8 | <Β 8.3.11 | UNKNOWN |
FreeBSD | any | noarch | grafana9 | =Β 9.0.0 | UNKNOWN |
FreeBSD | any | noarch | grafana9 | <Β 9.0.8 | UNKNOWN |