PT-2023-8916 · Grafana+1 · Grafana Google Sheets Data Source Plugin+1
Published
2023-10-16
·
Updated
2024-04-03
·
CVE-2023-4457
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Grafana Google Sheets data source plugin versions 0.9.0 through 1.2.1
Description
The Google Sheets data source plugin for Grafana is vulnerable to an information disclosure issue due to improper sanitization of error messages. This could potentially expose the Google Sheet API-key configured for the data source.
Recommendations
For versions 0.9.0 through 1.2.1, update to version 1.2.2 to resolve the issue. As a temporary workaround, consider restricting access to the Google Sheets data source plugin until the update is applied.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Grafana Google Sheets Data Source Plugin
Red Os