CVE-2024-1442 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-1442 PUBLISHED

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.

EPSS 0.21% · 43.2th percentile

Risk Scores

EPSS Score

0.21%

43.2th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	8.5.0, 10.0.0, 10.1.0
Bitnami	grafana	8.5.0, 10.1.0, 10.2.0

Timeline

Mar 7, 2024 CVE Published
Mar 8, 2024 EPSS Score
Apr 3, 2024 EPSS Score
Apr 28, 2024 EPSS Score
May 24, 2024 EPSS Score
Jun 18, 2024 EPSS Score
Jul 14, 2024 EPSS Score
Aug 13, 2024 EPSS Score
Sep 7, 2024 EPSS Score
Oct 3, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 28, 2024 EPSS Score

References

Open in Interactive Console →