Home > Vulnerability Database > CVE-2023-4457

Mend.io Vulnerability Database

CVE-2023-4457

Good to know:

Date: October 16, 2023

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2.

Language: Go

Severity Score

5.5

Related Resources (5)

Url: https://grafana.com/security/security-advisories/cve-2023-4457

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-4457

Url: https://grafana.com/security/security-advisories/cve-2023-4457/

Url: https://github.com/grafana/google-sheets-datasource

Url: https://www.mend.io/vulnerability-database/CVE-2023-4457

Severity Score

5.5

Weakness Type (CWE)

Generation of Error Message Containing Sensitive Information

CWE-209

Top Fix

Upgrade Version

Upgrade to version v1.2.2

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-4457

Good to know:

Date: October 16, 2023

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?