摘要:
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
安全等级: Low
公告ID: KylinSec-SA-2022-1401
发布日期: 2022年4月29日
关联CVE: CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-26148 | KY3.4-4A | grafana | Unaffected |
| CVE-2022-26148 | KY3.4-5 | grafana | Unaffected |
| CVE-2022-26148 | KY3.5.1 | grafana | Unaffected |
