Endpoint Vulnerability

Grafana grafana_session Information Disclosure Vulnerability

Description

Grafana caches all headers, including grafana_session, when datasource query caching is enabled, allowing users to hijack other users' sessions; disable caching to mitigate; patched in 9.2.10 and 9.3.4.

Affected Applications

GrafanaOSS

Version Updates

Date	Version	Status	Detail
2023-02-15	1.00400	New	GrafanaOSS

References

https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8

ID	4781
Created	Feb 15, 2023
Description Updated	Jan 16, 2026
CVE ID
Risk
Coverage	FortiClient
OS	Windows
Vendor	Grafana Labs
Patch	manual
Application	GrafanaOSS

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Endpoint Vulnerability

Grafana grafana_session Information Disclosure Vulnerability

Description

Affected Applications

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Endpoint Vulnerability

Grafana grafana_session Information Disclosure Vulnerability

Description

Affected Applications

Version Updates

References

Threat Intelligence
Center