Количество 15
Количество 15
BDU:2024-04116
Уязвимость веб-инструмента представления данных Grafana, связанная с обходом авторизации, позволяющая нарушителю обойти процесс авторизации и удалить моментальный снимок
ROS-20240521-08
Множественные уязвимости grafana
CVE-2024-1313
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.
CVE-2024-1313
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.
CVE-2024-1313
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.
CVE-2024-1313
It is possible for a user in a different organization from the owner o ...
GHSA-67rv-qpw2-6qrr
Grafana: Users outside an organization can delete a snapshot with its key
SUSE-SU-2024:1530-2
Security update for grafana and mybatis
SUSE-SU-2024:1530-1
Security update for grafana and mybatis
SUSE-SU-2024:1508-1
Security update for SUSE Manager Client Tools
RLSA-2024:3265
Important: grafana security update
RLSA-2024:2568
Moderate: grafana security update
ELSA-2024-3265
ELSA-2024-3265: grafana security update (IMPORTANT)
ELSA-2024-2568
ELSA-2024-2568: grafana security update (MODERATE)
SUSE-SU-2024:1509-1
Security update for SUSE Manager Client Tools
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-04116 Уязвимость веб-инструмента представления данных Grafana, связанная с обходом авторизации, позволяющая нарушителю обойти процесс авторизации и удалить моментальный снимок | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
 | ROS-20240521-08 Множественные уязвимости grafana | CVSS3: 6.5 | около 2 лет назад | |
 | CVE-2024-1313 It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
 | CVE-2024-1313 It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
 | CVE-2024-1313 It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
| CVE-2024-1313 It is possible for a user in a different organization from the owner o ... | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
| GHSA-67rv-qpw2-6qrr Grafana: Users outside an organization can delete a snapshot with its key | CVSS3: 6.5 | 1% Низкий | около 2 лет назад |
 | SUSE-SU-2024:1530-2 Security update for grafana and mybatis | около 2 лет назад | ||
| SUSE-SU-2024:1530-1 Security update for grafana and mybatis | около 2 лет назад | ||
| SUSE-SU-2024:1508-1 Security update for SUSE Manager Client Tools | около 2 лет назад | ||
 | RLSA-2024:3265 Important: grafana security update | около 2 лет назад | ||
| RLSA-2024:2568 Moderate: grafana security update | около 2 лет назад | ||
| ELSA-2024-3265 ELSA-2024-3265: grafana security update (IMPORTANT) | около 2 лет назад | ||
| ELSA-2024-2568 ELSA-2024-2568: grafana security update (MODERATE) | около 2 лет назад | ||
| SUSE-SU-2024:1509-1 Security update for SUSE Manager Client Tools | около 2 лет назад |
Уязвимостей на страницу