漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Vulnerability Description
Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
信息暴露
Vulnerability Title
Grafana 信息泄露漏洞
Vulnerability Description
Grafana是Grafana Labs开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana v5.0.0-beta1及之后版本存在信息泄露漏洞,该漏洞源于能会将用户的身份验证 cookie 泄露给插件,攻击者利用该漏洞可以接收用户的 Grafana 身份验证 cookie。
CVSS Information
N/A
Vulnerability Type
N/A