CVE-2022-26148

CRITICAL Year: 2022
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-312
View all →

Vulnerability Description

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.

Related Vulnerabilities

CVE-2001-1481

CRITICAL
CVSS:9.8(Critical)

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

CWE-3122001

CVE-2008-0174

CRITICAL
CVSS:9.8(Critical)

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal t...

CWE-3122008

CVE-2014-5433

CRITICAL
CVSS:9.8(Critical)

An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700B...

CWE-3122014

CVE-2018-18394

CRITICAL
CVSS:9.8(Critical)

Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

CWE-3122018

CVE-2018-18641

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.

CWE-3122018

CVE-2019-0285

CRITICAL
CVSS:9.8(Critical)

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.

CWE-3122019