VDB
CVE-2022-26148
CVE-2022-26148
PUBLISHED
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
EPSS 87.23% · 99.5th percentile
Risk Scores
EPSS Score
87.23%
99.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | grafana | 0 |
| Bitnami | grafana | 0 |
Exploit Intelligence
- https://2k8.org/post-319.html (nist-nvd)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- web_poc_map_v2.yaml (github-poc)
- Nuclei Template: CVE-2022-26148 (nuclei-template)
- Nuclei Template: CVE-2022-26148 (nuclei-template)
- Nuclei Template: CVE-2022-26148 (nuclei-template)
- Nuclei Template: CVE-2022-26148 (nuclei-template)
…and 2 more exploits
Timeline
- Mar 21, 2022 CVE Published
- Mar 22, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- May 5, 2023 EPSS Score
- May 8, 2023 EPSS Score
- Jun 13, 2023 EPSS Score
- Jun 26, 2023 EPSS Score
- Jul 25, 2023 EPSS Score
- Aug 19, 2023 EPSS Score
- Sep 29, 2023 EPSS Score
- Oct 12, 2023 EPSS Score