CVE-2021-27962

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*

History

29 Mar 2021, 13:59

Type Values Removed Values Added
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (CONFIRM) http://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) http://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com - (MISC) https://community.grafana.com - Vendor Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Release Notes, Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CWE CWE-732
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.9
v3 : 7.1

22 Mar 2021, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-03-22 14:15

Updated : 2021-03-29 13:59


NVD link : CVE-2021-27962

Mitre link : CVE-2021-27962


JSON object : View

Products Affected

grafana

  • grafana
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource