vulnerability
FreeBSD: VID-5e257b0d-e466-11ed-834b-6c3be5272acd (CVE-2023-1387): Grafana -- Exposure of sensitive information to an unauthorized actor
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:M/C:C/I:N/A:N) | Apr 26, 2023 | Apr 27, 2023 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:M/C:C/I:N/A:N)
Published
Apr 26, 2023
Added
Apr 27, 2023
Modified
Dec 10, 2025
Description
Grafana Labs reports: When setting up Grafana, there is an option to enable JWT authentication. Enabling this will allow users to authenticate towards the Grafana instance with a special header (default X-JWT-Assertion ). In Grafana, there is an additional way to authenticate using JWT called URL login where the token is passed as a query parameter. When using this option, a JWT token is passed to the data source as a header, which leads to exposure of sensitive information to an unauthorized party. The CVSS score for this vulnerability is 4.2 Medium
Solutions
freebsd-upgrade-package-grafanafreebsd-upgrade-package-grafana9
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.