Grafana Plugin SDK Includes Build Metadata and Credentials in Binaries
CVE-2024-8986

Currently unrated

Key Information:

Vendor: Grafana-plugin-sdk-go
Status: Grafana Plugin Sdk
Vendor: CVE Published:; 19 September 2024

Summary

The Grafana Plugin SDK has a vulnerability that allows sensitive information to be embedded in compiled binaries during the build process. When developers use repository URIs containing credentials for private dependencies, this information can be inadvertently included in the final product. This exposure poses a significant risk, as attackers could potentially exploit these credentials to gain unauthorized access to repositories or other resources.

Affected Version(s)

Grafana Plugin SDK 0.106.0 <= 0.249.0

References

https://grafana.com/security/security-advisories/cve-2024...

Timeline

Vulnerability published
Sep 19, 2024
Vulnerability Reserved
Sep 18, 2024