Published: 03/02/2023 Updated: 07/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grafana grafana
grafana grafana 8.3.0

Synopsis Important: new container image: rhceph-53 Type/Severity Security Advisory: Important Topic Updated container image for Red Hat Ceph Storage 53 is now available inthe Red Hat Ecosystem CatalogRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...

DescriptionA flaw was found in the Grafana package When data-source query caching is enabled, Grafana caches all headers, including `grafana_session` As a result, any user that queries a data source where the caching is enabled can acquire another user’s sessionA flaw was found in the Grafana package When data-source query caching is e ...

Hitachi Infrastructure Analytics Advisor contains the following vulnerabilities: CVE-2019-10172, CVE-2019-10202, CVE-2021-37533 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2019-10172, CVE-2019-10202, CVE-2021-37533, CVE-2022-1471, CVE-2023-1370, CVE-2023-26048, CVE-2023-26049 Hitachi Ops Center Analyzer viewpoi ...

NVD-CWE-Other https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8 https://access.redhat.com/errata/RHSA-2024:0746 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-23498

CVE-2022-23498

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect