VYPR
High severityNVD Advisory· Published Oct 13, 2022· Updated Apr 23, 2025

Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

CVE-2022-39201

Description

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. The destination plugin could receive a user's Grafana authentication cookie. Versions 9.1.8 and 8.5.14 contain a patch for this issue. There are no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/grafana/grafanaGo
>= 5.0.0-beta1, < 8.5.148.5.14
github.com/grafana/grafanaGo
>= 9.0.0, < 9.1.89.1.8

Affected products

78

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.