{"vulnerability": "CVE-2022-26148", "sightings": [{"uuid": "a3f9f506-49bd-46ee-b7b9-77ba57b1e7f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26148", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/doyensec/detectors/grafana_zabbix_credential_disclosure", "content": "", "creation_timestamp": "2024-12-21T17:46:08.000000Z"}, {"uuid": "0f36c173-cdb2-4c9e-94f9-68efcd91a6cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26148", "type": "seen", "source": "https://t.me/cibsecurity/39343", "content": "\u203c CVE-2022-26148 \u203c\n\nAn issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-22T15:21:45.000000Z"}]}