酷帥王子

**Name of the Vulnerable Software and Affected Versions** Grafana versions through 7.3.4 **Description** An issue was discovered in Grafana when integrated with Zabbix, allowing the Zabbix password to be found in the "api jsonrpc.php" HTML source code. When a user logs in and is allowed to register, one can right-click to view the source code and use Ctrl-F to search for the password in "api jsonrpc.php" to discover the Zabbix account password and URL address. **Recommendations** For versions through 7.3.4, consider restricting access to the "api jsonrpc.php" file to minimize the risk of exploitation. As a temporary workaround, restrict the ability for users to view the source code of "api jsonrpc.php" until a patch is available.