Описание
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
6 Medium
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
A user with the permissions to create a data source can use Grafana AP ...
Grafana's users with permissions to create a data source can CRUD all data sources
Уязвимость реализации прикладного программного интерфейса веб-инструмента представления данных Grafana, позволяющая нарушителю получить несанкционированный доступ к ограниченным функциям
EPSS
6 Medium
CVSS3
8.8 High
CVSS3