REDHAT-BUG-2131148
First published: Fri Sep 30 2022(Updated: )
CVE-2022-39201: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Affected versions: Grafana <= 9.1.x
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grafana Image Renderer | <=9.1.x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2131148?
The severity of REDHAT-BUG-2131148 is classified as high due to the potential leakage of authentication cookies.
How do I fix REDHAT-BUG-2131148?
To fix REDHAT-BUG-2131148, upgrade Grafana to version 9.2.0 or later to mitigate the vulnerability.
Which versions of Grafana are affected by REDHAT-BUG-2131148?
Grafana versions up to and including 9.1.x are affected by REDHAT-BUG-2131148.
What is the impact of REDHAT-BUG-2131148?
The impact of REDHAT-BUG-2131148 is the potential exposure of user authentication cookies to unauthorized plugins.
Is there a workaround for REDHAT-BUG-2131148?
No official workaround is provided for REDHAT-BUG-2131148; upgrading to a secure version is recommended.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-39201
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/grafana labs
- canonical/grafana image renderer