vulnerability

Red Hat: CVE-2022-31130: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (Multiple Advisories)

Name: Red Hat: CVE-2022-31130: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (Multiple Advisories)
Creator: Red Hat
Published: 2022-10-13T00:00:00.000Z
Keywords: CVE, CWE-200, CWE-522, Red Hat, 2022, 31130, data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (Multiple Advisories), redhat-upgrade-grafana, redhat-upgrade-grafana-debuginfo, redhat-upgrade-grafana-debugsource, Severity 8

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Oct 13, 2022

Added

Nov 8, 2023

Modified

Mar 27, 2026

Description

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.

Solutions

redhat-upgrade-grafanaredhat-upgrade-grafana-debuginforedhat-upgrade-grafana-debugsource

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report