Description

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.

Remediation

References

CVE-2022-31123

Related Vulnerabilities

Envoy Proxy CVE-2024-45807 Vulnerability (CVE-2024-45807)

PHP Other Vulnerability (CVE-2015-4116)

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20417)

WordPress Plugin Booster Elite for WooCommerce Multiple Cross-Site Request Forgery Vulnerabilities (6.0.0)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2005-3357)

Severity

High

Classification

CVE-2022-31123 CWE-347 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities