Описание
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps-legacy/xenial | needs-triage | |
| esm-apps/xenial | ignored | end of ESM support, was needs-triage |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE |
Показывать по
EPSS
6 Medium
CVSS3
Связанные уязвимости
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
A user with the permissions to create a data source can use Grafana AP ...
Grafana's users with permissions to create a data source can CRUD all data sources
Уязвимость реализации прикладного программного интерфейса веб-инструмента представления данных Grafana, позволяющая нарушителю получить несанкционированный доступ к ограниченным функциям
EPSS
6 Medium
CVSS3