GHSA-37x5-qpm8-53rq

Suggest an improvement
Source
https://github.com/advisories/GHSA-37x5-qpm8-53rq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-37x5-qpm8-53rq/GHSA-37x5-qpm8-53rq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-37x5-qpm8-53rq
Aliases
Published
2023-10-16T12:33:36Z
Modified
2024-05-20T21:57:06Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Google Sheets data source plugin for Grafana information disclosure vulnerability
Details

Grafana is an open-source platform for monitoring and observability.

The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.

The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.

This vulnerability was fixed in version 1.2.2.

Database specific
{
    "nvd_published_at": "2023-10-16T10:15:12Z",
    "cwe_ids": [
        "CWE-209"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-20T23:27:36Z"
}
References

Affected packages

Go / github.com/grafana/google-sheets-datasource

Package

Name
github.com/grafana/google-sheets-datasource
View open source insights on deps.dev
Purl
pkg:golang/github.com/grafana/google-sheets-datasource

Affected ranges

Type
SEMVER
Events
Introduced
0.9.0
Fixed
1.2.2