Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zN3g1LXFwbTgtNTNycc4AA2eH
Google Sheets data source plugin for Grafana information disclosure vulnerability
Grafana is an open-source platform for monitoring and observability.
The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.
The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.
This vulnerability was fixed in version 1.2.2.
Permalink: https://github.com/advisories/GHSA-37x5-qpm8-53rqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zN3g1LXFwbTgtNTNycc4AA2eH
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 months ago
Updated: 6 months ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Identifiers: GHSA-37x5-qpm8-53rq, CVE-2023-4457
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4457
- https://grafana.com/security/security-advisories/cve-2023-4457/
- https://github.com/advisories/GHSA-37x5-qpm8-53rq
Affected Packages
go:github.com/grafana/google-sheets-datasource
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 0.9.0, < 1.2.2
Fixed in: 1.2.2
All affected versions: 0.9.0, 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.2.0
All unaffected versions: 0.1.0, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7