CVE-2023-4457

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:grafana:google_sheets:*:*:*:*:*:grafana:*:*

History

20 Oct 2023, 15:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:grafana:google_sheets:*:*:*:*:*:grafana:*:*
CWE CWE-209
References (MISC) https://grafana.com/security/security-advisories/cve-2023-4457/ - (MISC) https://grafana.com/security/security-advisories/cve-2023-4457/ - Vendor Advisory
First Time Grafana google Sheets
Grafana

16 Oct 2023, 11:58

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-16 10:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4457

Mitre link : CVE-2023-4457

CVE.ORG link : CVE-2023-4457


JSON object : View

Products Affected

grafana

  • google_sheets
CWE
CWE-209

Generation of Error Message Containing Sensitive Information