Количество 9
Количество 9
GHSA-xfc5-hp99-89qr
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an ...
openSUSE-SU-2021:2675-1
Security update for SUSE Manager Client Tools
openSUSE-SU-2021:2662-1
Security update for grafana
openSUSE-SU-2021:1162-1
Security update for SUSE Manager Client Tools
openSUSE-SU-2021:1148-1
Security update for grafana
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-xfc5-hp99-89qr The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have. | 0% Низкий | больше 3 лет назад | |
 | CVE-2021-28146 The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have. | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-28146 The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have. | CVSS3: 6.8 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-28146 The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have. | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-28146 The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an ... | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
 | openSUSE-SU-2021:2675-1 Security update for SUSE Manager Client Tools | около 4 лет назад | ||
| openSUSE-SU-2021:2662-1 Security update for grafana | около 4 лет назад | ||
| openSUSE-SU-2021:1162-1 Security update for SUSE Manager Client Tools | около 4 лет назад | ||
| openSUSE-SU-2021:1148-1 Security update for grafana | около 4 лет назад |
Уязвимостей на страницу