漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Grafana plugin signature bypass vulnerability
Vulnerability Description
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Grafana 数据伪造问题漏洞
Vulnerability Description
Grafana是Grafana Labs开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana存在数据伪造问题漏洞。攻击者利用该漏洞在Grafana上使用恶意数据,以欺骗受害者。
CVSS Information
N/A
Vulnerability Type
N/A