Description
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.
Remediation
References
Related Vulnerabilities
WordPress Plugin Woocommerce Payment Gateway per Category Cross-Site Scripting (2.0.10)
WordPress Plugin Cool Flickr Slideshow Cross-Site Scripting (1.0)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5297)
WordPress Plugin BestSmallShopLite Cross-Site Scripting (1.0.1)
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12170)