github.com/grafana/grafana is vulnerable to signature verification bypass. A local attacker is able to convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed, due to the improper verification of plugin signature.
github.com/grafana/grafana/commit/d2fe4b4813f3af2545040eb5f5a476956a62037e
github.com/grafana/grafana/commit/f68f621342ccd005bd2d8eb6ae234af3b0ef64ae
github.com/grafana/grafana/commit/f80476a7ef22afa8e80237d756dcbeb77f6fb635
github.com/grafana/grafana/pull/57401
github.com/grafana/grafana/releases/tag/v9.1.8
github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8
security.netapp.com/advisory/ntap-20221124-0002/