CVE-2023-1387 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-1387 PUBLISHED

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.

EPSS 0.32% · 54.4th percentile

Risk Scores

EPSS Score

0.32%

54.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	9.1.0, 9.3.0, 9.4.0
Bitnami	grafana	9.1.0, 9.3.0, 9.4.0

Timeline

Apr 26, 2023 CVE Published
Apr 27, 2023 EPSS Score
Jun 3, 2023 EPSS Score
Jul 9, 2023 EPSS Score
Aug 15, 2023 EPSS Score
Sep 20, 2023 EPSS Score
Oct 27, 2023 EPSS Score
Dec 3, 2023 EPSS Score
Jan 8, 2024 EPSS Score
Feb 14, 2024 EPSS Score
Mar 22, 2024 EPSS Score
Apr 27, 2024 EPSS Score

References

Open in Interactive Console →