An issue exists in Grafana up to and including 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
grafana grafana |
||
redhat ceph storage 3.0 |
||
redhat storage 3.0 |
||
redhat ceph storage 4.0 |
||
redhat ceph storage 5.0 |