Back to bug 2186322
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2023-04-12 21:06:46 UTC | CC | security-response-team | |
| Pedro Sampaio | 2023-04-12 21:07:10 UTC | Blocks | 2186323 | |
| Avinash Hanwate | 2023-04-17 08:52:31 UTC | Depends On | 2187246, 2187245, 2187247 | |
| Group | team ocp_embargoes | |||
| Sandipan Roy | 2023-04-18 05:23:37 UTC | Depends On | 2187593, 2187592 | |
| Avinash Hanwate | 2023-05-11 06:12:54 UTC | Deadline | 2023-04-12 | |
| Group | security, qe_staff, team ocp_embargoes | |||
| Doc Text | Grafana could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when enabling the "url_login" configuration option. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain JWT information, and use this information to launch further attacks against the affected system. | |||
| Summary | EMBARGOED CVE-2023-1387 grafana: JWT token leak to data source | CVE-2023-1387 grafana: JWT token leak to data source | ||
| CC | grafana-maint | |||
| Avinash Hanwate | 2023-05-11 06:15:03 UTC | Doc Text | Grafana could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when enabling the "url_login" configuration option. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain JWT information, and use this information to launch further attacks against the affected system. | Grafana could allow a remote, authenticated attacker to obtain sensitive information, caused by a flaw when enabling the "url_login" configuration option. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain JWT information, and use this information to launch further attacks against the affected system. |
| Avinash Hanwate | 2023-05-11 06:15:40 UTC | Depends On | 2203041 | |
| RaTasha Tillery-Smith | 2023-05-11 11:46:08 UTC | Doc Text | Grafana could allow a remote, authenticated attacker to obtain sensitive information, caused by a flaw when enabling the "url_login" configuration option. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain JWT information, and use this information to launch further attacks against the affected system. | A flaw was found in Grafana. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by an issue when enabling the "url_login" configuration option. By sending a specially crafted request, an attacker can obtain JWT information and use this to launch further attacks against the affected system. |
| Red Hat Bugzilla | 2023-07-07 08:34:42 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody |
Back to bug 2186322