VDB

CVE-2024-1442

CVE-2024-1442 PUBLISHED

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.

EPSS 0.21% · 43.4th percentile

Risk Scores

EPSS Score
0.21%
43.4th percentile

Affected Products

VendorProductVersions
Bitnamigrafana10.3.0, 8.5.0, 10.0.0
Bitnamigrafana8.5.0, 10.1.0, 10.2.0

Timeline

  • Mar 7, 2024 CVE Published
  • Mar 7, 2024 PoC Published
  • Mar 7, 2024 PoC Published
  • Mar 7, 2024 PoC Published
  • Mar 8, 2024 EPSS Score
  • Apr 3, 2024 EPSS Score
  • Apr 29, 2024 EPSS Score
  • May 25, 2024 EPSS Score
  • Jun 21, 2024 EPSS Score
  • Jul 17, 2024 EPSS Score
  • Aug 4, 2024 PoC Published
  • Aug 16, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›