VDB
CVE-2024-1442
CVE-2024-1442
PUBLISHED
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
EPSS 0.21% · 43.4th percentile
Risk Scores
EPSS Score
0.21%
43.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | grafana | 10.3.0, 8.5.0, 10.0.0 |
| Bitnami | grafana | 8.5.0, 10.1.0, 10.2.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-1442 (circl-sighting)
- CIRCL seen: CVE-2024-1442 (circl-sighting)
- CIRCL seen: CVE-2024-1442 (circl-sighting)
- CIRCL seen: CVE-2024-1442 (circl-sighting)
- https://security.netapp.com/advisory/ntap-20241122-0007/ (circl)
- https://grafana.com/security/security-advisories/cve-2024-1442/ (circl)
Timeline
- Mar 7, 2024 CVE Published
- Mar 7, 2024 PoC Published
- Mar 7, 2024 PoC Published
- Mar 7, 2024 PoC Published
- Mar 8, 2024 EPSS Score
- Apr 3, 2024 EPSS Score
- Apr 29, 2024 EPSS Score
- May 25, 2024 EPSS Score
- Jun 21, 2024 EPSS Score
- Jul 17, 2024 EPSS Score
- Aug 4, 2024 PoC Published
- Aug 16, 2024 EPSS Score