Lucene search
Veracode Vulnerability DatabaseVERACODE:33220HistoryDec 09, 2021 - 9:12 a.m.
Authentication Bypass
2021-12-0909:12:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
authentication bypass
information disclosure
prometheus targets
metrics collection
EPSS
0.003
Percentile
69.2%
github.com/grafana/agent is vulnerable to authentication bypass. The library does not properly restrict access to config endpoints, allowing an attacker to authenticate against a system for discovering Prometheus targets and collecting metrics leads to information disclosure.
References
github.com/grafana/agent/commit/a9bc23c74f3727399e4f720abbbe9a3b5fc8b973
github.com/grafana/agent/commit/af7fb01e31fe2d389e5f1c36b399ddc46b412b21
github.com/grafana/agent/pull/1152
github.com/grafana/agent/releases/tag/v0.20.1
github.com/grafana/agent/releases/tag/v0.21.2
github.com/grafana/agent/security/advisories/GHSA-9c4x-5hgq-q3wh
security.netapp.com/advisory/ntap-20211229-0004/
Related
cnvd
cnvd
Grafana Information Disclosure Vulnerability (CNVD-2021-101998)
2021-12-12 00:00:00
prion
prion
Authentication flaw
2021-12-08 17:15:00
cvelist
cvelist
CVE-2021-41090 Instance config inline secret exposure
2021-12-08 16:15:19
osv
osv
Instance config inline secret exposure in Grafana
2021-12-08 19:52:40
CVE-2021-41090
2021-12-08 17:15:11
cve
cve
CVE-2021-41090
2021-12-08 17:15:11
github
github
Instance config inline secret exposure in Grafana
2021-12-08 19:52:40
nvd
nvd
CVE-2021-41090
2021-12-08 17:15:11
archlinux
archlinux
[ASA-202112-12] grafana-agent: information disclosure
2021-12-11 00:00:00
