Hi All,
Grafana 6.7.4 is tested for vulnerability and our team has come up with a high-risk item of session hijacking.
VA Team logins to Grafana and take the grafana_session value from cookie and able to login from another system with the same session value.
Do Grafana provide any solution for restricting the session to one system/browser? Or new session shouldn’t be created with the hijacked session value
Thanks,
Goushik Murugesan