cbcvebase.
CVE-2022-39201
published 2022-10-13

CVE-2022-39201: Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.23%
65.1th percentile
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.

Affected

8 ranges
VendorProductVersion rangeFixed in
github.comgrafana_grafana>= 5.0.0-beta1 < 8.5.148.5.14
github.comgrafana_grafana>= 5.0.0-beta1+incompatible
github.comgrafana_grafana>= 9.0.0 < 9.1.89.1.8
grafanagrafana
grafanagrafana
grafanagrafana
grafanagrafana>= 5.0.1 < 8.5.148.5.14
grafanagrafana>= 9.0.0 < 9.1.89.1.8

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.