PT-2022-7311 · Grafana+5 · Grafana+5

Published

2022-10-13

Updated

2025-09-29

CVE-2022-31123

CVSS v4.0

8.4

High

Vector

AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Grafana versions prior to 9.1.8 Grafana versions prior to 8.5.14

Description The issue is related to a bypass in the plugin signature verification of the Grafana platform. This could allow a remote attacker to install malicious software on a vulnerable device by convincing a server admin to download and run a malicious plugin, even if unsigned plugins are not allowed.

Recommendations For versions prior to 9.1.8, update to version 9.1.8 or later to resolve the issue. For versions prior to 8.5.14, update to version 8.5.14 or later to resolve the issue. As a temporary workaround, do not install plugins downloaded from untrusted sources.

Exploit

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

ALSA-2023:6420

ALSA-2025_16880

ALT-PU-2022-3295

ALT-PU-2023-1161

ALT-PU-2023-4567

BDU:2024-02621

BIT-GRAFANA-2022-31123

CVE-2022-31123

GHSA-RHXJ-GH46-JVW8

GO-2024-2855

OESA-2025-1186

OESA-2025-1187

OESA-2025-1188

OESA-2025-1189

OPENSUSE-SU-2023_0353-1

OPENSUSE-SU-2023_0362-1

OPENSUSE-SU-2024:12508-1

RHSA-2023:6420

RHSA-2023_6420

SUSE-SU-2023:0352-1

SUSE-SU-2023:0353-1

SUSE-SU-2023:0362-1

SUSE-SU-2023_0362-1

SUSE-SU-2024:0191-1

SUSE-SU-2024:0196-1

Affected Products

Alt Linux

Almalinux

Grafana

Red Hat

Red Os

Suse

PT-2022-7311 · Grafana+5 · Grafana+5

CVE-2022-31123

Weakness Enumeration

Related Identifiers

Affected Products

References · 211