Security Advisories

CVE-2022-23498

Published

Last updated

https://nvd.nist.gov/vuln/detail/CVE-2022-23498

Severity

8.8

High

CVSS V3

Description

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafana_session. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.

References

https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2022-23498

Severity

Description

References

Affected packages

Product

Why Chainguard

Why Chainguard

Customers

Customers

Company

Company

Resources

Resources