Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14eHh3LTNqNmgtcTdoNs4AA_sL
Grafana plugin SDK Information Leakage
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin.
If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.
Permalink: https://github.com/advisories/GHSA-xxxw-3j6h-q7h6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14eHh3LTNqNmgtcTdoNs4AA_sL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 month ago
Updated: about 1 month ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-xxxw-3j6h-q7h6, CVE-2024-8986
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-8986
- https://grafana.com/security/security-advisories/cve-2024-8986
- https://github.com/grafana/grafana-plugin-sdk-go/commit/aaa26d1bebaaf6160c37d3f1226a750eab70ca41
- https://github.com/advisories/GHSA-xxxw-3j6h-q7h6
Blast Radius: 15.9
Affected Packages
go:github.com/grafana/grafana-plugin-sdk-go
Dependent packages: 153Dependent repositories: 498
Downloads:
Affected Version Ranges: <= 0.249.0
Fixed in: 0.250.0
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.31.0, 0.32.0, 0.33.0, 0.34.0, 0.35.0, 0.36.0, 0.37.0, 0.38.0, 0.39.0, 0.40.0, 0.41.0, 0.42.0, 0.43.0, 0.44.0, 0.45.0, 0.46.0, 0.47.0, 0.48.0, 0.49.0, 0.50.0, 0.51.0, 0.52.0, 0.53.0, 0.54.0, 0.55.0, 0.56.0, 0.57.0, 0.58.0, 0.59.0, 0.60.0, 0.61.0, 0.62.0, 0.63.0, 0.64.0, 0.65.0, 0.66.0, 0.67.0, 0.68.0, 0.69.0, 0.70.0, 0.71.0, 0.72.0, 0.73.0, 0.74.0, 0.75.0, 0.76.0, 0.77.0, 0.78.0, 0.79.0, 0.80.0, 0.81.0, 0.82.0, 0.83.0, 0.84.0, 0.85.0, 0.86.0, 0.87.0, 0.88.0, 0.89.0, 0.90.0, 0.91.0, 0.92.0, 0.93.0, 0.94.0, 0.95.0, 0.96.0, 0.97.0, 0.98.0, 0.98.1, 0.99.0, 0.100.0, 0.101.0, 0.102.0, 0.103.0, 0.104.0, 0.105.0, 0.106.0, 0.107.0, 0.108.0, 0.109.0, 0.110.0, 0.111.0, 0.112.0, 0.113.0, 0.114.0, 0.114.1, 0.115.0, 0.116.0, 0.117.0, 0.118.0, 0.119.0, 0.120.0, 0.121.0, 0.122.0, 0.123.0, 0.124.0, 0.125.0, 0.125.1, 0.126.0, 0.127.0, 0.128.0, 0.129.0, 0.130.0, 0.131.0, 0.132.0, 0.133.0, 0.134.0, 0.135.0, 0.136.0, 0.137.0, 0.138.0, 0.139.0, 0.140.0, 0.141.0, 0.142.0, 0.143.0, 0.144.0, 0.145.0, 0.146.0, 0.147.0, 0.148.0, 0.149.0, 0.149.1, 0.150.0, 0.151.0, 0.152.0, 0.153.0, 0.154.0, 0.155.0, 0.156.0, 0.157.0, 0.158.0, 0.159.0, 0.160.0, 0.161.0, 0.162.0, 0.163.0, 0.164.0, 0.165.0, 0.166.0, 0.167.0, 0.168.0, 0.169.0, 0.170.0, 0.171.0, 0.172.0, 0.173.0, 0.174.0, 0.175.0, 0.176.0, 0.177.0, 0.178.0, 0.179.0, 0.180.0, 0.181.0, 0.182.0, 0.183.0, 0.184.0, 0.185.0, 0.186.0, 0.187.0, 0.188.0, 0.188.1, 0.188.2, 0.188.3, 0.188.4, 0.189.0, 0.190.0, 0.191.0, 0.192.0, 0.193.0, 0.194.0, 0.195.0, 0.196.0, 0.197.0, 0.198.0, 0.199.0, 0.200.0, 0.201.0, 0.202.0, 0.203.0, 0.204.0, 0.205.0, 0.206.0, 0.207.0, 0.208.0, 0.209.0, 0.210.0, 0.211.0, 0.212.0, 0.213.0, 0.214.0, 0.215.0, 0.216.0, 0.217.0, 0.218.0, 0.219.0, 0.220.0, 0.221.0, 0.222.0, 0.223.0, 0.224.0, 0.225.0, 0.226.0, 0.227.0, 0.228.0, 0.229.0, 0.230.0, 0.231.0, 0.232.0, 0.233.0, 0.234.0, 0.235.0, 0.236.0, 0.237.0, 0.238.0, 0.239.0, 0.240.0, 0.241.0, 0.242.0, 0.243.0, 0.244.0, 0.245.0, 0.246.0, 0.247.0, 0.248.0, 0.249.0
All unaffected versions: 0.250.0, 0.250.1, 0.250.2, 0.251.0, 0.252.0, 0.253.0, 0.254.0, 0.255.0