CVE-2023-4457: Generation of Error Message Containing Sensitive Information

October 16, 2023 (updated October 29, 2023)

Grafana is an open-source platform for monitoring and observability.

The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 is vulnerable to an information disclosure vulnerability.

The plugin does not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.

This vulnerability was fixed in version 1.2.2.

References

github.com/advisories/GHSA-37x5-qpm8-53rq
grafana.com/security/security-advisories/cve-2023-4457/
nvd.nist.gov/vuln/detail/CVE-2023-4457

Detect and mitigate CVE-2023-4457 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →