7.5
CVE-2026-27877
- EPSS 0.31%
- Veröffentlicht 27.03.2026 14:02:11
- Zuletzt bearbeitet 30.06.2026 03:17:59
- Quelle security@grafana.com
- CVE-Watchlists
- Unerledigt
Public dashboards discloses all direct mode datasources
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.225 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@grafana.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-201 Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
https://grafana.com/security/security-advisories/cve-2026-27877
https://access.redhat.com/errata/RHSA-2026:10223
https://access.redhat.com/errata/RHSA-2026:10226
https://access.redhat.com/errata/RHSA-2026:11416
https://access.redhat.com/errata/RHSA-2026:11417
https://access.redhat.com/errata/RHSA-2026:19134
https://access.redhat.com/errata/RHSA-2026:19352
https://access.redhat.com/security/cve/CVE-2026-27877
https://bugzilla.redhat.com/show_bug.cgi?id=2452293
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27877.json