CVE-2021-27962

Опубликовано: 22 мар. 2021

Источник: nvd

CVSS3: 7.1

CVSS2: 4.9

EPSS Низкий

Описание

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.

Ссылки

http://www.openwall.com/lists/oss-security/2021/03/19/5
Mailing List
Third Party Advisory
https://community.grafana.com
Vendor Advisory
https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
Release Notes
Vendor Advisory
https://community.grafana.com/t/release-notes-v6-7-x/27119
Release Notes
Vendor Advisory
https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/
Release Notes
Vendor Advisory
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/
Release Notes
Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/03/19/5
Mailing List
Third Party Advisory
https://community.grafana.com
Vendor Advisory
https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
Release Notes
Vendor Advisory
https://community.grafana.com/t/release-notes-v6-7-x/27119
Release Notes
Vendor Advisory
https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/
Release Notes
Vendor Advisory
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*

Версия от 7.2.0 (включая) до 7.3.10 (исключая)

cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*

Версия от 7.4.0 (включая) до 7.4.5 (исключая)

EPSS

Процентиль: 51%

0.00278

Низкий

7.1 High

CVSS3

4.9 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-27962

CVSS3: 7.1

ubuntu

около 4 лет назад

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.

CVE-2021-27962

CVSS3: 6.8

redhat

больше 4 лет назад

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.

CVE-2021-27962

CVSS3: 7.1

debian

около 4 лет назад

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4. ...

GHSA-6858-383c-7xhr

CVSS3: 7.1

github

около 3 лет назад

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.

openSUSE-SU-2021:2675-1

suse-cvrf

почти 4 года назад

Security update for SUSE Manager Client Tools

EPSS

Процентиль: 51%

0.00278

Низкий

7.1 High

CVSS3

4.9 Medium

CVSS2

Дефекты

NVD-CWE-noinfo