vulnerability

FreeBSD: VID-827B95FF-290E-11ED-A2E7-6C3BE5272ACD (CVE-2022-31176): Grafana -- Unauthorized file disclosure

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:N/A:C)	2022-07-21	2022-11-04	2025-01-28

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:N/A:C)

Published

2022-07-21

Added

2022-11-04

Modified

2025-01-28

Description

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer).

Solution(s)

freebsd-upgrade-package-grafanafreebsd-upgrade-package-grafana7freebsd-upgrade-package-grafana8freebsd-upgrade-package-grafana9

References

NVD-CVE-2022-31176

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today