Уязвимость прикладного программного интерфейса платформы для мониторинга и наблюдения Grafana, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации

Уязвимость grafana

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.

The dashboard permissions API does not verify the target dashboard sco ...

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.

Security update for grafana

Important: grafana security update

Important: grafana security update

ELSA-2026-2920: grafana security update (IMPORTANT)

ELSA-2026-2914: grafana security update (IMPORTANT)

Security update 5.0.7 for Multi-Linux Manager Client Tools

Security update for grafana