github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists in the initContextWithJWT
function of auth_jwt.go
because the JWT URL-login flow leaks tokens to data sources through request parameters in proxy requests.
github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j
github.com/grafana/grafana/commit/262d642d77dfb9556eaac53ba7355506cfcb58e5
github.com/grafana/grafana/commit/561ec5aab756b6fa6cc5163a80c47fe6ff83964e
github.com/grafana/grafana/commit/7a1a8b7a868753c214390da58d7fc833ae17fe72
github.com/grafana/grafana/commit/b22be8f498a617be2ee94ea9e5394852e223e5ac
github.com/grafana/grafana/commit/e89a2b136a5a2ca5951acdf3a1fc88ad9d5f583d
grafana.com/security/security-advisories/cve-2023-1387/
security.netapp.com/advisory/ntap-20230609-0003/