Data Exposure Vulnerability in Grafana with Zabbix Integration
CVE-2022-26148

9.8CRITICAL

Key Information:

Vendor: Grafana
Status: Grafana
Vendor: CVE Published:; 21 March 2022

What is CVE-2022-26148?

A vulnerability in Grafana, when integrated with Zabbix, allows sensitive information to be exposed. The Zabbix password can be found embedded in the source code of api_jsonrpc.php. This can occur when a user logs in and enables user registration. By right-clicking to view the page source, malicious actors may search for the password, leading to unauthorized access to the Zabbix account and its associated URL. This highlights the importance of secure coding practices to prevent leaking sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://2k8.org/post-319.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220425-0005/

x_refsource_CONFIRM

EPSS Score

90% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2022
Vulnerability Reserved
Feb 26, 2022

JSON

Grafana

What is CVE-2022-26148?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.