vulnerability
FreeBSD: VID-827b95ff-290e-11ed-a2e7-6c3be5272acd (CVE-2022-31176): Grafana -- Unauthorized file disclosure
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:P/A:C) | Sep 1, 2022 | Nov 4, 2022 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:P/A:C)
Published
Sep 1, 2022
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
Grafana Labs reports: On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for “printing” of unauthorized files in a PNG file. This makes it possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake data source (this applies if the user has admin permissions in Grafana).
Solutions
freebsd-upgrade-package-grafanafreebsd-upgrade-package-grafana7freebsd-upgrade-package-grafana8freebsd-upgrade-package-grafana9
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.