| id: GO-2022-0305 |
| modules: |
| - module: github.com/grafana/agent |
| versions: |
| - introduced: 0.14.0 |
| - fixed: 0.21.2 |
| vulnerable_at: 0.21.1 |
| summary: Instance config inline secret exposure in Grafana in github.com/grafana/agent |
| cves: |
| - CVE-2021-41090 |
| ghsas: |
| - GHSA-9c4x-5hgq-q3wh |
| references: |
| - advisory: https://github.com/grafana/agent/security/advisories/GHSA-9c4x-5hgq-q3wh |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-41090 |
| - fix: https://github.com/grafana/agent/commit/a5479755e946e5c7cddb793ee9adda8f5692ba11 |
| - fix: https://github.com/grafana/agent/commit/af7fb01e31fe2d389e5f1c36b399ddc46b412b21 |
| - fix: https://github.com/grafana/agent/pull/1152 |
| - web: https://github.com/grafana/agent/releases/tag/v0.20.1 |
| - web: https://github.com/grafana/agent/releases/tag/v0.21.2 |
| - web: https://security.netapp.com/advisory/ntap-20211229-0004 |
| source: |
| id: GHSA-9c4x-5hgq-q3wh |
| created: 2024-08-20T12:56:55.576848-04:00 |
| review_status: UNREVIEWED |
| unexcluded: EFFECTIVELY_PRIVATE |
