Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38307

HistoryDec 01, 2022 - 4:41 a.m.

Information Disclosure

2022-12-0104:41:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

27

vulnerability

information disclosure

github.com

grafana

synthetic monitoring agent

debugging endpoint

software

EPSS

0.001

Percentile

23.8%

github.com/grafana/synthetic-monitoring-agent is vulnerable to information disclosure.The vulnerability exists in multiple functions due to default installation of synthetic-monitoring-agent which allows an attacker to communicate with the Synthetic Monitoring API via a debugging endpoint.

References

github.com/grafana/synthetic-monitoring-agent/commit/d8dc7f9c1c641881cbcf0a09e178b90ebf0f0228

github.com/grafana/synthetic-monitoring-agent/pull/373

github.com/grafana/synthetic-monitoring-agent/pull/374

github.com/grafana/synthetic-monitoring-agent/pull/375

github.com/grafana/synthetic-monitoring-agent/releases/tag/v0.12.0

github.com/grafana/synthetic-monitoring-agent/security/advisories/GHSA-9j4f-f249-q5w8

grafana.com/blog/2022/11/30/security-release-new-version-of-synthetic-monitoring-agent-with-a-high-severity-fix-for-cve-2022-46156/

EPSS

0.001

Percentile

23.8%

Related for VERACODE:38307

cvelist1 cve1 prion1 github1 osv3 nvd1 wallarmlab1 ibm1