Hi All,
I have found a vulnerability that you view the frontend code (HTML Code) it’s exposing the data source credentials (in my use case I am using 5 Zabbix sources) in clear text.
Steps to reproduce -
Right-click on the front end page > View page source
Opening this new topic as I couldn’t find a similar thread in the forum.
Thank you.
I guess, you are using Zabbix datasource with direct access mode = browser (Grafana frontend) makes connection to the Zabbix => browser must know Zabbix credentials.
Try to switch to proxy mode = Grafana binary will make connection to the Zabbix.
IMHO not a bug, but it’s a feature.
But also none of those application use direct access mode. All of them use an approach, which is alrwady implemented in Grafana as a proxy mode.
My question: are you using access mode? Do you see the same problem in the proxy mode?