all InfoSec news
CVE-2023-1387 (grafana)
April 26, 2023, 2:15 p.m. |
National Vulnerability Database web.nvd.nist.gov
Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token.
By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.
access authentication authentication token configuration cve data data sources default disabled grafana jwt monitoring observability parameter platform query search token url
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
7 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
7 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC