Grafana Direct Data Source Password Exposure Vulnerability

Vulnerability

A vulnerability exists in Grafana that exposes passwords of direct data sources when public dashboards are used, even if those data sources are not actively utilized in the dashboards. This issue does not affect proxied data sources. Users are advised to convert direct data sources to proxied ones whenever possible to enhance security.

Impact

Exposing passwords of direct data sources can lead to unauthorized access to sensitive data or systems, depending on the nature of the data source.

Added: Mar 27, 2026, 4:00 PM

Updated: Mar 27, 2026, 4:00 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

7.4

remediation

8.3

relevance

4.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

7.4

remediation

8.3

relevance

4.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grafana Direct Data Source Password Exposure Vulnerability

Vulnerability

Impact

Affected Products

Grafana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating