CVE-2024-8986 Information
Description
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built as retrieved by running git remote get-url origin.
If credentials are included in the repository URI (for instance to allow for fetching of private dependencies) the final binary will contain the full URI including said credentials.
Reference
https://grafana.com/security/security-advisories/cve-2024-8986/
The
grafana
plugin
SDK
bundles
build
metadata
into
the
binaries
it
compiles;
this
metadata
includes
the
repository
URI
for
the
plugin
being
built
as
retrieved
by
running
git remote get-url origin.
If credentials are included in the repository URI (for instance to allow for fetching of private dependencies) the final binary will contain the full URI including said credentials.
Share on: