CVE-2023-4457

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-209
View all →

Vulnerability Description

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2.

Related Vulnerabilities

CVE-2015-10012

HIGH
CVSS:7.5(High)

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the f...

CWE-2092015

CVE-2017-16629

HIGH
CVSS:7.5(High)

In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an ...

CWE-2092017

CVE-2017-2594

HIGH
CVSS:7.5(High)

hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this ...

CWE-2092017

CVE-2017-2659

HIGH
CVSS:7.5(High)

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly cou...

CWE-2092017

CVE-2019-0404

HIGH
CVSS:7.5(High)

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.

CWE-2092019

CVE-2019-12446

HIGH
CVSS:7.5(High)

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message.

CWE-2092019