CVE-2022-23498

CVSS v3.1

7.1

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Grafana versions prior to 9.2.10 Grafana versions prior to 9.3.4

Description The issue is related to the caching of datasource queries in Grafana, which includes caching of the grafana session header. This allows any user querying a datasource with caching enabled to potentially acquire another user's session.

Recommendations For versions prior to 9.2.10, disable datasource query caching for all datasources as a mitigation measure. For versions prior to 9.3.4, disable datasource query caching for all datasources as a mitigation measure. As a temporary workaround, consider disabling the datasource query caching for all datasources until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-1132

ALT-PU-2023-4133

ALT-PU-2023-4346

BDU:2023-01071

BIT-GRAFANA-2022-23498

CVE-2022-23498

GHSA-2J8F-6WHH-FRC8

Affected Products

Alt Linux

Grafana

Red Os

CVE-2022-23498

Weakness Enumeration

Related Identifiers

Affected Products

References · 13