CVE-2022-23498
When query caching is enabled in Grafana users can query another users session
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.
A flaw was found in the Grafana package. When data-source query caching is enabled, Grafana caches all headers, including `grafana_session.` As a result, any user that queries a data source where the caching is enabled can acquire another user’s session.
Updated container image for Red Hat Ceph Storage 5.3 is now available in the Red Hat Ecosystem Catalog. Issues addressed include cross site scripting and denial of service vulnerabilities.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2022-01-19 CVE Reserved
- 2023-02-03 CVE Published
- 2025-03-05 CVE Updated
- 2025-03-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8 | 2025-03-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-23498 | 2024-02-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2167266 | 2024-02-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Grafana Search vendor "Grafana" | Grafana Search vendor "Grafana" for product "Grafana" | >= 8.3.1 < 9.2.10 Search vendor "Grafana" for product "Grafana" and version " >= 8.3.1 < 9.2.10" | - |
Affected
| ||||||
| Grafana Search vendor "Grafana" | Grafana Search vendor "Grafana" for product "Grafana" | >= 9.3.0 < 9.3.4 Search vendor "Grafana" for product "Grafana" and version " >= 9.3.0 < 9.3.4" | - |
Affected
| ||||||
| Grafana Search vendor "Grafana" | Grafana Search vendor "Grafana" for product "Grafana" | 8.3.0 Search vendor "Grafana" for product "Grafana" and version "8.3.0" | beta1 |
Affected
| ||||||
| Grafana Search vendor "Grafana" | Grafana Search vendor "Grafana" for product "Grafana" | 8.3.0 Search vendor "Grafana" for product "Grafana" and version "8.3.0" | beta2 |
Affected
| ||||||