Grafana Cleartext Storage of Sensitive Information Vulnerability - CVE-2022-26148 - Vulnerability Database

Grafana Cleartext Storage of Sensitive Information Vulnerability - CVE-2022-26148

Critical
Reference: CVE-2022-26148
Title: Grafana Cleartext Storage of Sensitive Information Vulnerability
Overview:

An issue was discovered in Grafana through 7.3.4 when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.