2452293 – (CVE-2026-27877) CVE-2026-27877 grafana: Grafana: Information disclosure of data-source passwords via public dashboards

Bug 2452293 (CVE-2026-27877) - CVE-2026-27877 grafana: Grafana: Information disclosure of data-source passwords via public dashboards

Summary: CVE-2026-27877 grafana: Grafana: Information disclosure of data-source passwo...

Keywords:
Status:	NEW
Alias:	CVE-2026-27877
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2452446
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-27 15:03 UTC by OSIDB Bzimport
Modified:	2026-03-27 20:52 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-27 15:03:57 UTC

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards.

No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.

Note You need to log in before you can comment on or make changes to this bug.