| |
Vulnerability CVE-2024-8986
Published: 2024-09-19
| Description: |
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`.
If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials. |
References: |
https://grafana.com/security/security-advisories/cve-2024-8986/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
