Home > Vulnerability Database > CVE-2024-8986

Mend.io Vulnerability Database

CVE-2024-8986

Good to know:

Date: September 19, 2024

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running "git remote get-url origin". If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.

Language: Go

Severity Score

5.9

Related Resources (8)

Url: https://grafana.com/security/security-advisories/cve-2024-8986

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8986

Url: https://github.com/grafana/grafana-plugin-sdk-go/commit/aaa26d1bebaaf6160c37d3f1226a750eab70ca41

Url: https://grafana.com/security/security-advisories/cve-2024-8986/

Url: https://github.com/advisories/GHSA-xxxw-3j6h-q7h6

Url: https://github.com/grafana/grafana-plugin-sdk-go

Url: https://pkg.go.dev/vuln/GO-2024-3140

Url: https://www.mend.io/vulnerability-database/CVE-2024-8986

Severity Score

5.9

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Top Fix

Upgrade Version

Upgrade to version github.com/grafana/grafana-plugin-sdk-go - v0.250.0

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8986

Good to know:

Date: September 19, 2024

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?