An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGrafana
APPGrafana≤ 7.3.4Red Hat Ceph Storage
APPRedhat3.04.05.0Red Hat Storage
APPRedhat3.0
Powiązane podatności
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated ...
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi)...
RCE w Grafana przez SQL Expressions i plugin Enterprise (CVE-2026-27876)
Grafana Enterprise: privilege escalation przez SCIM provisioning (LPE)
Grafana: command injection i local file inclusion przez SQL Expressions (duckdb)