VDB
BIT-GRAFANA-2024-1442
BIT-GRAFANA-2024-1442
PUBLISHED
CVSS 6 MEDIUM
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
Risk Scores
CVSS 3.1
6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grafana | Grafana | 8.5.0, 10.0.0, 10.1.0 |
Exploit Intelligence
- https://security.netapp.com/advisory/ntap-20241122-0007/ (circl)
- https://grafana.com/security/security-advisories/cve-2024-1442/ (circl)
- CIRCL seen: CVE-2024-1442 (circl-sighting)
- CIRCL seen: CVE-2024-1442 (circl-sighting)
- CIRCL seen: CVE-2024-1442 (circl-sighting)
- CIRCL seen: CVE-2024-1442 (circl-sighting)
Timeline
- Mar 7, 2024 CVE Published
- Mar 7, 2024 PoC Published
- Mar 7, 2024 PoC Published
- Mar 7, 2024 PoC Published
- Aug 4, 2024 PoC Published