grafana is vulnerable to information disclosure. The vulnerability is due to the proxy endpoints leaking sensitive authentication tokens to some destination plugins which allows an attacker to gain access to HTTP header information.
github.com/grafana/grafana/commit/4539c33fce5ef23badb08ebcbc09cb0cecb1f539
github.com/grafana/grafana/commit/4dd56e4dabce10007bf4ba1059bf54178c35b177
github.com/grafana/grafana/commit/9da278c044ba605eb5a1886c48df9a2cb0d3885f
github.com/grafana/grafana/issues/562
github.com/grafana/grafana/releases/tag/v9.1.8
github.com/grafana/grafana/security/advisories/GHSA-jv32-5578-pxjc
grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/