← back
CVE-2023-4457

CVE-2023-4457

CVSS 5.5 MEDIUMEPSS 0.4%CWE-209
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Affected products
Grafana · google-sheets-datasource

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://grafana.com/security/security-advisories/cve-2023-4457/