Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/03/19/5 | Mailing List Third Party Advisory |
https://community.grafana.com | Vendor Advisory |
https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 | Release Notes Vendor Advisory |
https://community.grafana.com/t/release-notes-v6-7-x/27119 | Release Notes Vendor Advisory |
https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ | Release Notes Vendor Advisory |
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
29 Mar 2021, 13:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory | |
References | (CONFIRM) http://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory | |
References | (MISC) https://community.grafana.com - Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Release Notes, Vendor Advisory | |
References | (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory | |
CWE | CWE-732 | |
CPE | cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 7.1 |
22 Mar 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-22 14:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-27962
Mitre link : CVE-2021-27962
CVE.ORG link : CVE-2021-27962
JSON object : View
Products Affected
grafana
- grafana
CWE