CVE-2024-8986

Published: Sep 19, 2024

Modified: Sep 19, 2024

PUBLISHED

Description

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.

Vendor	Product	Versions
grafana-plugin-sdk-go	Grafana Plugin SDK	affected `0.106.0 - <= 0.249.0`

Weaknesses (CWE)

CWE-522

References

https://grafana.com/security/security-advisories/cve-2024-8986/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-8986

Description

Affected Products

Weaknesses (CWE)

References