The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`.
If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Thu, 19 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 19 Sep 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials. | |
Title | Information Leakage in grafana-plugin-sdk-go | |
Weaknesses | CWE-522 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GRAFANA
Published: 2024-09-19T10:57:01.035Z
Updated: 2024-09-19T13:38:02.412Z
Reserved: 2024-09-18T21:30:03.876Z
Link: CVE-2024-8986
Vulnrichment
Updated: 2024-09-19T13:37:59.017Z
NVD
Status : Awaiting Analysis
Published: 2024-09-19T11:15:10.913
Modified: 2024-09-20T12:30:17.483
Link: CVE-2024-8986
Redhat