The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.
History

Thu, 19 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Moderate


Thu, 19 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 11:15:00 +0000

Type Values Removed Values Added
Description The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.
Title Information Leakage in grafana-plugin-sdk-go
Weaknesses CWE-522
References
Metrics cvssV4_0

{'score': 9.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/AU:Y/R:U/RE:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GRAFANA

Published: 2024-09-19T10:57:01.035Z

Updated: 2024-09-19T13:38:02.412Z

Reserved: 2024-09-18T21:30:03.876Z

Link: CVE-2024-8986

cve-icon Vulnrichment

Updated: 2024-09-19T13:37:59.017Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-19T11:15:10.913

Modified: 2024-09-20T12:30:17.483

Link: CVE-2024-8986

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-09-19T11:15:10Z

Links: CVE-2024-8986 - Bugzilla