PT-2023-1578 · Grafana+2 · Grafana+2

Vtorosyan

Publicado

2023-01-26

Atualizado

2025-09-29

CVE-2022-23498

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Grafana versions prior to 9.2.10 Grafana versions prior to 9.3.4

Description The issue is related to the caching of datasource queries in Grafana, which includes caching of the grafana session header. This allows any user querying a datasource with caching enabled to potentially acquire another user's session.

Recommendations For versions prior to 9.2.10, disable datasource query caching for all datasources as a mitigation measure. For versions prior to 9.3.4, disable datasource query caching for all datasources as a mitigation measure. As a temporary workaround, consider disabling the datasource query caching for all datasources until a patch is available.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALSA-2025_16880

ALT-PU-2023-1132

ALT-PU-2023-4133

ALT-PU-2023-4346

BDU:2023-01071

BIT-GRAFANA-2022-23498

CVE-2022-23498

GHSA-2J8F-6WHH-FRC8

Produtos afetados

Alt Linux

Grafana

Red Os

PT-2023-1578 · Grafana+2 · Grafana+2

CVE-2022-23498

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13