Количество 9
Количество 9
GHSA-xfc5-hp99-89qr
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an ...
openSUSE-SU-2021:2675-1
Security update for SUSE Manager Client Tools
openSUSE-SU-2021:2662-1
Security update for grafana
openSUSE-SU-2021:1162-1
Security update for SUSE Manager Client Tools
openSUSE-SU-2021:1148-1
Security update for grafana
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-xfc5-hp99-89qr The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have. | 0% Низкий | около 3 лет назад | |
 | CVE-2021-28146 The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have. | CVSS3: 6.5 | 0% Низкий | около 4 лет назад |
 | CVE-2021-28146 The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have. | CVSS3: 6.8 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-28146 The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have. | CVSS3: 6.5 | 0% Низкий | около 4 лет назад |
| CVE-2021-28146 The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an ... | CVSS3: 6.5 | 0% Низкий | около 4 лет назад |
 | openSUSE-SU-2021:2675-1 Security update for SUSE Manager Client Tools | почти 4 года назад | ||
| openSUSE-SU-2021:2662-1 Security update for grafana | почти 4 года назад | ||
| openSUSE-SU-2021:1162-1 Security update for SUSE Manager Client Tools | почти 4 года назад | ||
| openSUSE-SU-2021:1148-1 Security update for grafana | почти 4 года назад |
Уязвимостей на страницу