Vulnerability Details : CVE-2023-4457
Grafana is an open-source platform for monitoring and observability.
The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.
The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.
This vulnerability was fixed in version 1.2.2.
Vulnerability category: Information leak
Products affected by CVE-2023-4457
- Grafana » Google Sheets » For GrafanaVersions from including (>=) 0.9.0 and up to, including, (<=) 1.2.2cpe:2.3:a:grafana:google_sheets:*:*:*:*:*:grafana:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4457
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4457
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
Grafana Labs |
CWE ids for CVE-2023-4457
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by:
- nvd@nist.gov (Primary)
- security@grafana.com (Secondary)
References for CVE-2023-4457
-
https://grafana.com/security/security-advisories/cve-2023-4457/
Google Sheets data source plugin - API key leaks in error messages | Grafana LabsVendor Advisory
Jump to