Search criteria
2 vulnerabilities found for google-sheets-datasource by Grafana
CVE-2023-4457 (GCVE-0-2023-4457)
Vulnerability from cvelistv5 – Published: 2023-10-16 09:45 – Updated: 2024-09-16 16:38
VLAI?
Summary
Grafana is an open-source platform for monitoring and observability.
The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.
The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.
This vulnerability was fixed in version 1.2.2.
Severity ?
5.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Grafana | google-sheets-datasource |
Affected:
0.9.0 , < 1.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-4457/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:38:40.112208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:38:55.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "google-sheets-datasource",
"vendor": "Grafana",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "0.9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability.\u003c/p\u003e\u003cp\u003eThe Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.\u003c/p\u003e\u003cp\u003eThe plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.\u003c/p\u003e\u003cp\u003eThis vulnerability was fixed in version 1.2.2.\u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability.\n\nThe Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.\n\nThe plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.\n\nThis vulnerability was fixed in version 1.2.2.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T09:45:46.131Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-4457/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-4457",
"datePublished": "2023-10-16T09:45:46.131Z",
"dateReserved": "2023-08-21T12:55:38.286Z",
"dateUpdated": "2024-09-16T16:38:55.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4457 (GCVE-0-2023-4457)
Vulnerability from nvd – Published: 2023-10-16 09:45 – Updated: 2024-09-16 16:38
VLAI?
Summary
Grafana is an open-source platform for monitoring and observability.
The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.
The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.
This vulnerability was fixed in version 1.2.2.
Severity ?
5.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Grafana | google-sheets-datasource |
Affected:
0.9.0 , < 1.2.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-4457/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T16:38:40.112208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:38:55.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "google-sheets-datasource",
"vendor": "Grafana",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "0.9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability.\u003c/p\u003e\u003cp\u003eThe Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.\u003c/p\u003e\u003cp\u003eThe plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.\u003c/p\u003e\u003cp\u003eThis vulnerability was fixed in version 1.2.2.\u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability.\n\nThe Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.\n\nThe plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.\n\nThis vulnerability was fixed in version 1.2.2.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T09:45:46.131Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-4457/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-4457",
"datePublished": "2023-10-16T09:45:46.131Z",
"dateReserved": "2023-08-21T12:55:38.286Z",
"dateUpdated": "2024-09-16T16:38:55.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}