漏洞描述
当与Zabbix集成时,Grafana至7.3.4中发现了一个问题。Zabbix密码可以在api_jsonrpc中找到。phpHTML源代码。当用户登录并允许用户注册时,可以右键单击以查看源代码,并使用Ctrl-F在api_jsonrpc中搜索密码。php来发现Zabbix帐户密码和URL地址。
Grafana Zabbix集成密码泄露(CVE-2022-26148)
PoC代码
暂无相关漏洞推荐
-
CVE-2020-13379: Grafana 3.0.1-7.0.1 - Server-Side Request Forgery POC
2025-09-01 | GrafanaGrafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, wh... -
CVE-2021-43798: Grafana v8.x Arbitrary File Read POC
2025-09-01 | GrafanaGrafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing a... -
CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure POC
2025-09-01 | Grafana & ZabbixGrafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. ... -
Webmin /package-updates/update.cgi 命令执行漏洞(CVE-2022-36446) 无POC
2025-09-05 | WebminWebmin是Webmin社区的一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.997之前的版本存在安全漏洞,该漏洞源于其software/apt-lib.pl组件缺少对U... -
CVE-2022-0342: Zyxel authentication bypass patch analysis POC
2025-09-01 | ZyxelAn authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versio...