Description
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.
Remediation
References
Related Vulnerabilities
Jboss EAP Observable Discrepancy Vulnerability (CVE-2022-3143)
Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003049)
WordPress Plugin Advanced Access Manager Unspecified Vulnerability (5.9.8.1)
WordPress Plugin WP Banners Lite Cross-Site Scripting (1.40)
WordPress Plugin Side Menu Lite-add sticky fixed buttons SQL Injection (2.2.5)