vulnerability
FreeBSD: VID-6f6c9420-6297-11ed-9ca2-6c3be5272acd (CVE-2022-31130): Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:M/C:C/I:N/A:N) | Nov 12, 2022 | Nov 13, 2022 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:C/I:N/A:N)
Published
Nov 12, 2022
Added
Nov 13, 2022
Modified
Dec 10, 2025
Description
Grafana Labs reports: On June 26 a security researcher contacted Grafana Labs to disclose a vulnerability with the GitLab data source plugin that could leak the API key to GitLab. After further analysis the vulnerability impacts data source and plugin proxy endpoints with authentication tokens but under some conditions. We believe that this vulnerability is rated at CVSS 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
Solutions
freebsd-upgrade-package-grafanafreebsd-upgrade-package-grafana7freebsd-upgrade-package-grafana8freebsd-upgrade-package-grafana9
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.