What is CVE-2023-4457?

CVE-2023-4457 is an information disclosure vulnerability in the Google Sheets data source plugin for Grafana.

What is the severity of CVE-2023-4457?

The severity of CVE-2023-4457 is high with a CVSS score of 7.5.

How does CVE-2023-4457 affect Grafana?

CVE-2023-4457 affects Grafana through the Google Sheets data source plugin.

How can CVE-2023-4457 be fixed?

To fix CVE-2023-4457, users should upgrade their Google Sheets data source plugin for Grafana to version 1.2.3 or above.

Vulnerability/
CVE-2023-4457

high

7.5

CWE

209

16/10/2023

21/11/2024

CVE-2023-4457

First published: Mon Oct 16 2023(Updated: )

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2.

Credit: security@grafana.com security@grafana.com security@grafana.com

Affected Software	Affected Version	How to fix
Grafana Google Sheets	>=0.9.0<=1.2.2
go/github.com/grafana/google-sheets-datasource	>=0.9.0<1.2.2	1.2.2
	>=0.9.0<=1.2.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-4457?
CVE-2023-4457 is an information disclosure vulnerability in the Google Sheets data source plugin for Grafana.
What is Grafana?
Grafana is an open-source platform for monitoring and observability.
What is the severity of CVE-2023-4457?
The severity of CVE-2023-4457 is high with a CVSS score of 7.5.
How does CVE-2023-4457 affect Grafana?
CVE-2023-4457 affects Grafana through the Google Sheets data source plugin.
How can CVE-2023-4457 be fixed?
To fix CVE-2023-4457, users should upgrade their Google Sheets data source plugin for Grafana to version 1.2.3 or above.

collector/nvd-index
collector/github-advisory
alias/GHSA-37x5-qpm8-53rq
alias/CVE-2023-4457
agent/type
collector/github-advisory-latest
source/GitHub
agent/software-canonical-lookup
agent/severity
agent/references
agent/weakness
agent/author
agent/description
collector/nvd-cve
source/NVD
collector/mitre-cve
source/MITRE
agent/first-publish-date
collector/nvd-api
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
agent/trending
vendor/grafana
canonical/grafana google sheets
version/grafana google sheets/0.9.0
version/grafana google sheets/1.2.2
package-manager/go

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.