Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-8986

Sept. 20, 2024, 12:30 p.m.

Tags

CWE-522
security@grafana.com
2024-09-19
CVE-2024-8986

Product(s) Impacted

Grafana

Description

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.

Weaknesses

CWE-522
Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CWE ID: 522

Date

Published: Sept. 19, 2024, 11:15 a.m.

Last Modified: Sept. 20, 2024, 12:30 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@grafana.com

References

https://grafana.com/ security@grafana.com