CVE-2024-8986

Grafana-plugin-sdk-go < 0.250.0 - Insufficiently Protected Credentials

Title source: rule

Description

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.

References (1)

[Various Sources] https://grafana.com/security/security-advisories/cve-2024-8986/

Scores

EPSS 0.0009

EPSS Percentile 25.2%

Classification

CWE

CWE-522

Status draft

Affected Products (1)

grafana/grafana-plugin-sdk-go < 0.250.0Go

Timeline

Published Sep 19, 2024

Tracked Since Feb 18, 2026