Published: 26/04/2023 Updated: 09/06/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grafana grafana

Synopsis Important: Red Hat Ceph Storage 61 security, enhancements, and bug fix update Type/Severity Security Advisory: Important Topic Updated container image for Red Hat Ceph Storage 61 is now available in the Red Hat Ecosystem Catalog Description Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines ...

Synopsis Important: new container image: rhceph-53 Type/Severity Security Advisory: Important Topic Updated container image for Red Hat Ceph Storage 53 is now available inthe Red Hat Ecosystem CatalogRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...

NVD-CWE-noinfo https://grafana.com/security/security-advisories/cve-2023-1387/https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j https://security.netapp.com/advisory/ntap-20230609-0003/https://access.redhat.com/errata/RHSA-2023:7741 https://nvd.nist.gov

CVE-2023-1387

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect