CVE-2022-31123 — Vulnetix

CVE-2022-31123 PUBLISHED

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.

EPSS 0.01% · 1.4th percentile

Risk Scores

EPSS Score

0.01%

1.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	7.0.0, 9.0.0
Bitnami	grafana	7.0.0, 9.0.0

Timeline

Oct 12, 2022 CVE Published
Oct 12, 2022 CVE Updated
Oct 14, 2022 EPSS Score
Nov 27, 2022 EPSS Score
Jan 10, 2023 EPSS Score
Feb 23, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 7, 2023 EPSS Score
May 21, 2023 EPSS Score
Jul 4, 2023 EPSS Score
Aug 17, 2023 EPSS Score
Sep 30, 2023 EPSS Score

References

https://github.com/grafana/grafana/releases/tag/v9.1.8 url
https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8 url
https://security.netapp.com/advisory/ntap-20221124-0002/ url
https://nvd.nist.gov/vuln/detail/CVE-2022-31123 url

Open in Interactive Console →