Описание
Grafana's users with permissions to create a data source can CRUD all data sources
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
Пакеты
github.com/grafana/grafana
>= 8.5.0, < 9.5.7
9.5.7
github.com/grafana/grafana
>= 10.0.0, < 10.0.12
10.0.12
github.com/grafana/grafana
>= 10.1.0, < 10.1.8
10.1.8
github.com/grafana/grafana
>= 10.2.0, < 10.2.5
10.2.5
github.com/grafana/grafana
>= 10.3.0, < 10.3.4
10.3.4
Связанные уязвимости
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
A user with the permissions to create a data source can use Grafana AP ...
Уязвимость реализации прикладного программного интерфейса веб-инструмента представления данных Grafana, позволяющая нарушителю получить несанкционированный доступ к ограниченным функциям