DescriptionA flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user’s session.A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including grafana_session. As a result, any user that queries a data source where the caching is enabled can acquire another user’s session.
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.