VDB

CVE-2023-1387

CVE-2023-1387 PUBLISHED

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.

EPSS 0.29% · 52.8th percentile

Risk Scores

EPSS Score
0.29%
52.8th percentile

Affected Products

VendorProductVersions
Bitnamigrafana9.3.0, 9.4.0, 9.1.0
Bitnamigrafana9.1.0, 9.4.0, 9.3.0

Exploit Intelligence

Timeline

  • Apr 26, 2023 CVE Published
  • Apr 27, 2023 EPSS Score
  • Jun 3, 2023 EPSS Score
  • Jul 10, 2023 EPSS Score
  • Aug 17, 2023 EPSS Score
  • Sep 23, 2023 EPSS Score
  • Oct 30, 2023 EPSS Score
  • Dec 6, 2023 EPSS Score
  • Jan 12, 2024 EPSS Score
  • Feb 19, 2024 EPSS Score
  • Mar 27, 2024 EPSS Score
  • May 3, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›