CVE-2022-31130 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-31130 PUBLISHED

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.

EPSS 0.24% · 47.4th percentile

Risk Scores

EPSS Score

0.24%

47.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	0, 9.0.0
Bitnami	grafana	0, 9.0.0

Timeline

Oct 12, 2022 CVE Published
Oct 14, 2022 EPSS Score
Nov 26, 2022 EPSS Score
Jan 9, 2023 EPSS Score
Feb 21, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 5, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 1, 2023 EPSS Score
Aug 13, 2023 EPSS Score
Sep 26, 2023 EPSS Score
Nov 8, 2023 EPSS Score

References

Open in Interactive Console →