Home > Vulnerability Database > CVE-2022-23498

Mend.io Vulnerability Database

CVE-2022-23498

Date: February 3, 2023

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including "grafana_session". As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.

Language: Go

Severity Score

7.1

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23498

Url: https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8

Url: https://access.redhat.com/security/cve/CVE-2022-23498

Url: https://security.netapp.com/advisory/ntap-20230309-0007/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-23498

Url: https://www.mend.io/vulnerability-database/CVE-2022-23498

Severity Score

7.1

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23498

Date: February 3, 2023

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?