CVE-2023-1387

Summary

Grafana is an open-source platform for monitoring and observability.

Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token.

By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.

Affected Software

VendorProductVersion RangeStatus
GrafanaGrafana9.1.0 < 9.2.17affected
GrafanaGrafana9.3.0 < 9.3.13affected
GrafanaGrafana9.4.0 < 9.5.0affected
GrafanaGrafana Enterprise9.1.0 < 9.2.17affected
GrafanaGrafana Enterprise9.3.0 < 9.3.13affected
GrafanaGrafana Enterprise9.4.0 < 9.5.0affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References