VDB

BIT-GRAFANA-2024-1442

BIT-GRAFANA-2024-1442 PUBLISHED CVSS 6 MEDIUM

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.

Risk Scores

CVSS 3.1
6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Affected Products

VendorProductVersions
GrafanaGrafana8.5.0, 10.0.0, 10.1.0

Timeline

  • Mar 7, 2024 CVE Published
  • Mar 7, 2024 PoC Published
  • Mar 7, 2024 PoC Published
  • Mar 7, 2024 PoC Published
  • Aug 4, 2024 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›