{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T11:23:51.666","vulnerabilities":[{"cve":{"id":"CVE-2023-4457","sourceIdentifier":"security@grafana.com","published":"2023-10-16T10:15:12.057","lastModified":"2024-11-21T08:35:12.207","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Grafana is an open-source platform for monitoring and observability.\n\nThe Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.\n\nThe plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.\n\nThis vulnerability was fixed in version 1.2.2.\n\n"},{"lang":"es","value":"Grafana es una plataforma de código abierto para monitorización y observabilidad. El complemento de fuente de datos de Google Sheets para Grafana, versiones 0.9.0 a 1.2.2, son afectados por a una vulnerabilidad de divulgación de información. El complemento no sanitizo adecuadamente los mensajes de error, lo que potencialmente expuso la clave API de Google Sheet que está configurada para la fuente de datos. Esta vulnerabilidad se solucionó en la versión 1.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-209"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:google_sheets:*:*:*:*:*:grafana:*:*","versionStartIncluding":"0.9.0","versionEndIncluding":"1.2.2","matchCriteriaId":"DBCDCF04-9E82-4FF7-BB1B-65011FBC43FC"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2023-4457/","source":"security@grafana.com","tags":["Vendor Advisory"]},{"url":"https://grafana.com/security/security-advisories/cve-2023-4457/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}