vulnerability
FreeBSD: VID-827b95ff-290e-11ed-a2e7-6c3be5272acd (CVE-2022-31176): Grafana -- Unauthorized file disclosure
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:P/A:C) | Sep 1, 2022 | Nov 4, 2022 | Mar 25, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:P/A:C)
Published
Sep 1, 2022
Added
Nov 4, 2022
Modified
Mar 25, 2026
Description
Grafana Labs reports: On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for “printing” of unauthorized files in a PNG file. This makes it possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake data source (this applies if the user has admin permissions in Grafana).
Solutions
freebsd-upgrade-package-grafanafreebsd-upgrade-package-grafana7freebsd-upgrade-package-grafana8freebsd-upgrade-package-grafana9
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.