Grafana is an open-source platform for monitoring and observability.
The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.
The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.
This vulnerability was fixed in version 1.2.2.
References
Link | Resource |
---|---|
https://grafana.com/security/security-advisories/cve-2023-4457/ | Vendor Advisory |
Configurations
History
20 Oct 2023, 15:17
Type | Values Removed | Values Added |
---|---|---|
First Time |
Grafana google Sheets
Grafana |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:grafana:google_sheets:*:*:*:*:*:grafana:*:* | |
CWE | CWE-209 | |
References | (MISC) https://grafana.com/security/security-advisories/cve-2023-4457/ - Vendor Advisory |
16 Oct 2023, 11:58
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-16 10:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4457
Mitre link : CVE-2023-4457
CVE.ORG link : CVE-2023-4457
JSON object : View
Products Affected
grafana
- google_sheets
CWE
CWE-209
Generation of Error Message Containing Sensitive Information