BIT-grafana-2022-26148
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2022-26148.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-grafana-2022-26148
- Aliases
- Published
- 2024-03-06T10:57:18.267Z
- Modified
- 2025-04-03T14:40:37.652Z
- Summary
- [none]
- Details
-
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in apijsonrpc.php to discover the Zabbix account password and URL address.
- Database specific
{ "cpes": [ "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*" ], "severity": "Critical" }- References
Affected packages
Bitnami / grafana
Package
- Name
- grafana
- Purl
- pkg:bitnami/grafana
Severity
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator