FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- Public dashboards discloses all direct mode datasources

Affected packages
9.3.0 <= grafana < 11.6.14
12.0.0 <= grafana < 12.1.10
12.2.0 <= grafana < 12.2.8
12.3.0 <= grafana < 12.3.6
12.4.0 <= grafana < 12.4.2

Details

VuXML ID 6b2bf8e9-5900-11f1-b525-3c7c3fba4204
Discovery 2026-03-27
Entry 2026-05-26

https://grafana.com/security/security-advisories/cve-2026-27877 reports:

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

[source]

References

CVE Name CVE-2026-27877
URL https://cveawg.mitre.org/api/cve/CVE-2026-27877

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.