Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-31176

Published: 02/09/2022 Updated: 24/07/2023
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Grafana

Vulnerability Summary

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

grafana grafana-image-renderer

Github Repositories

https://github.com/grafana/grafana-image-renderer

A Grafana backend plugin that handles rendering of panels & dashboards to PNGs using headless browser (Chromium/Chrome)

A Grafana backend plugin that handles rendering panels and dashboards to PNGs using a headless browser (Chromium) Requirements Supported operating systems Linux (x64) Windows (x64) Mac OS X (x64) Dependencies This plugin is packaged in a single executable with Nodejs runtime and Chromium browser This means that you don't need to have Nodejs and Chromium installed in

References

CWE-306https://github.com/grafana/grafana-image-renderer/security/advisories/GHSA-2cfh-233g-m4c5https://github.com/grafana/grafana-image-renderer/pull/364https://security.netapp.com/advisory/ntap-20221209-0004/https://nvd.nist.govhttps://github.com/grafana/grafana-image-renderer
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook