Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Grafana Labs reports:
On September 7th as a result of an internal security audit we have discovered
that Grafana could leak the authentication cookie of users to plugins. After
further analysis the vulnerability impacts data source and plugin proxy
endpoints under certain conditions.
We believe that this vulnerability is rated at CVSS 6.8
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright