Upstream information
Description
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`.If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having critical severity.
| CNA (Grafana Labs) | |
|---|---|
| Base Score | 9.1 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:X |
| Attack Vector | Network |
| Attack Complexity | Low |
| Attack Requirements | Present |
| Privileges Required | None |
| User Interaction | None |
| Vulnerable System Confidentiality Impact | High |
| Vulnerable System Integrity Impact | None |
| Vulnerable System Availability Impact | None |
| Subsequent System Confidentiality Impact | High |
| Subsequent System Integrity Impact | High |
| Subsequent System Availability Impact | High |
| CVSSv4 Version | 4.0 |
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-14515 |
SUSE Timeline for this CVE
CVE page created: Thu Sep 19 14:00:18 2024CVE page last modified: Fri Nov 22 00:51:17 2024