Grafana -- Exposure of sensitive information to an unauthorized actor
Grafana Labs reports:
When setting up Grafana, there is an option to enable
JWT authentication. Enabling this will allow users to authenticate towards
the Grafana instance with a special header (default
In Grafana, there is an additional way to authenticate using JWT called
URL login where the token is passed as a query parameter.
When using this option, a JWT token is passed to the data source as a header,
which leads to exposure of sensitive information to an unauthorized party.
The CVSS score for this vulnerability is 4.2 Medium
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright