Description

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.

Remediation

References

CVE-2022-31123

Related Vulnerabilities

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.8.6)

Sqlite Use After Free Vulnerability (CVE-2021-20227)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-12149)

WordPress Plugin WP Coder-add custom html, css and js code Cross-Site Request Forgery (2.5.2)

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)

Severity

High

Classification

CVE-2022-31123 CWE-347 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities