Marefrauthored

**Name of the Vulnerable Software and Affected Versions** Grafana versions prior to 9.1.8 Grafana versions prior to 8.5.14 **Description** The issue is related to the transmission of authentication tokens to certain destination plugins in the Grafana platform, which could allow a remote attacker to disclose protected information. This affects data source and plugin proxy endpoints with authentication tokens, potentially allowing the destination plugin to receive a user's Grafana authentication token. **Recommendations** For versions prior to 9.1.8, update to version 9.1.8 or later to resolve the issue. For versions prior to 8.5.14, update to version 8.5.14 or later to resolve the issue. As a temporary workaround, consider avoiding the use of API keys, JWT authentication, or any HTTP Header based authentication until the issue is resolved.