Products
Grafana
Source
security@grafana.com
Tags
CVE-2024-8986 details
Published : Sept. 19, 2024, 11:15 a.m.
Last Modified : Sept. 19, 2024, 11:15 a.m.
Last Modified : Sept. 19, 2024, 11:15 a.m.
Description
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-522 | Insufficiently Protected Credentials | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
References
| URL | Source |
|---|---|
| https://grafana.com/security/security-advisories/cve-2024-8986/ | security@grafana.com |
This website uses the NVD API, but is not approved or certified by it.