Grafana Image Renderer
Approved changes feed: RSS · Atom
cpe:2.3:a:grafana:grafana-image-renderer:*:*:*:*:*:grafana:*:*
part: a version: * update: *
| Vendor | Grafana (7564912d-bb81-50cf-9eb9-f573ac2fa519) |
|---|---|
| Product | Grafana Image Renderer (84532895-7668-51da-9829-c2ab5807d542) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | grafana |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-31176 |
vulnerable | 2026-06-03 14:47:10.759019 |
Grafana Image Renderer leaking files
HIGH (8.3)
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer).
Published: 2022-09-02T00:00:00.000Z
Updated: 2025-04-23T17:32:35.024Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.