CVE-2022-31123— Grafana plugin signature bypass vulnerability

CVSS 6.1 · Medium EPSS 0.01% · P1 Updated Jan 28, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-31123

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Grafana plugin signature bypass vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

密码学签名的验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Grafana 数据伪造问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Grafana是Grafana Labs开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana存在数据伪造问题漏洞。攻击者利用该漏洞在Grafana上使用恶意数据，以欺骗受害者。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
grafana	grafana	< 8.5.14	-

II. Public POCs for CVE-2022-31123

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-31123

请登录查看更多情报信息。

Same Patch Batch · grafana · 2022-10-13 · 4 CVEs total

CVE-2022-39201	6.8 MEDIUM	Data source and plugin proxy endpoints could leak the authentication cookie to some destin
CVE-2022-31130	4.9 MEDIUM	Grafana data source and plugin proxy endpoints leaking authentication tokens to some desti
CVE-2022-39229	4.3 MEDIUM	Grafana users with email as a username can block other users from signing in

IV. Related Vulnerabilities

Same product: grafana

Same vendor: grafana

Same weakness: CWE-347

V. Comments for CVE-2022-31123

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-31123— Grafana plugin signature bypass vulnerability

I. Basic Information for CVE-2022-31123

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-31123

III. Intelligence Information for CVE-2022-31123

Same Patch Batch · grafana · 2022-10-13 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-31123

Leave a comment