Lucene search
Veracode Vulnerability DatabaseVERACODE:39154HistoryFeb 08, 2023 - 1:57 a.m.
Information Disclosure
2023-02-0801:57:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
grafana
vulnerability
data source
query cache
information disclosure
headers
session
attacker
software
0.001 Low
EPSS
Percentile
36.5%
github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists when the data source query cache is enabled, Grafana will cache all headers, including the grafana_session, resulting in any user querying a data source which allows an attacker to acquire another user’s session.
References
github.com/grafana/grafana/commit/1ca625f41ff3a615b4720ae77199ecc01d38ca89
github.com/grafana/grafana/commit/70183bf44d034e8130c314a8b7f17ef8c87d55ef
github.com/grafana/grafana/pull/60218
github.com/grafana/grafana/pull/61285
github.com/grafana/grafana/pull/61286
github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8
Related
osv
osv
BIT-grafana-2022-23498
2024-03-06 10:57:55
CVE-2022-23498
2023-02-03 22:15:09
ubuntucve
ubuntucve
CVE-2022-23498
2023-02-03 00:00:00
nvd
nvd
CVE-2022-23498
2023-02-03 22:15:09
cvelist
cvelist
prion
prion
Session fixation
2023-02-03 22:15:00
redhatcve
redhatcve
CVE-2022-23498
2023-02-06 05:26:03
openvas
openvas
cve
cve
CVE-2022-23498
2023-02-03 22:15:09
redos
redos
ROS-20240403-14
2024-04-03 00:00:00
ROS-20240404-01
2024-04-04 00:00:00
redhat
redhat
(RHSA-2024:0746) Important: new container image: rhceph-5.3
2024-02-08 16:24:16
ibm
ibm