What is CVE-2023-1387?

CVE-2023-1387 is a medium-severity vulnerability in Grafana, classified under Information Disclosure. CVSS score: 4.2/10. Published 2023-04-26.

How severe is CVE-2023-1387?

Medium severity. CVSS v3 base score is 4.2 out of 10.

Information disclosure in Grafana

CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enab…

Vulnerability class: Information Disclosure

EPSS: 0.003 (52.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.2 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N.

Affected products

Grafana — versions 9.1.0, 9.3.0, 9.4.0
Grafana Enterprise — versions 9.1.0, 9.3.0, 9.4.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

grafana.com/security/security-advisories/cve-2023-1387/
github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j
security.netapp.com/advisory/ntap-20230609-0003/

Frequently asked questions

What is CVE-2023-1387?: CVE-2023-1387 is a medium-severity vulnerability in Grafana, classified under Information Disclosure. CVSS score: 4.2/10. Published 2023-04-26.
How severe is CVE-2023-1387?: Medium severity. CVSS v3 base score is 4.2 out of 10.