CVE-2022-31130: Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins A security researcher contacted Grafana Labs to disclose a vulnerability with the GitLab data source plugin that could leak the API key to GitLab. After further analysis the vulnerability impacts data source and plugin proxy endpoints with authentication tokens, as a result the destination plugin could receive a Grafana authentication token of the user. Affected versions: Grafana <= 9.1.x
Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2134707]
This issue has been addressed in the following products: Red Hat Ceph Storage 6.1 Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6420 https://access.redhat.com/errata/RHSA-2023:6420