CVE-2021-28146

The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
Configurations

Configuration 1 (hide)

cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*

History

26 Mar 2021, 17:17

Type Values Removed Values Added
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CWE CWE-863
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CWE CWE-863
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CWE CWE-863
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-863
CWE CWE-863
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-863
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-863
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-863
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-863
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-863
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CWE CWE-863
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-863
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-863
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/ - Release Notes, Vendor Advisory
References (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - (CONFIRM) https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - (MISC) https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/ - Release Notes, Vendor Advisory
References (MISC) https://grafana.com/products/enterprise/ - (MISC) https://grafana.com/products/enterprise/ - Product, Vendor Advisory
References (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - (CONFIRM) https://www.openwall.com/lists/oss-security/2021/03/19/5 - Mailing List, Third Party Advisory
References (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - (MISC) https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724 - Vendor Advisory
References (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - (MISC) https://community.grafana.com/t/release-notes-v6-7-x/27119 - Release Notes, Vendor Advisory

22 Mar 2021, 16:11

Type Values Removed Values Added
CWE CWE-863
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CWE CWE-863
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CWE CWE-863
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CWE CWE-863
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CWE CWE-863
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CWE CWE-863
CWE CWE-863
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CWE CWE-863
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CWE CWE-863
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CWE CWE-863
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CWE CWE-863
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CWE CWE-863
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CWE CWE-863
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CWE CWE-863
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CWE CWE-863
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CVSS v2 : 4.0
v3 : 6.5
v2 : unknown
v3 : unknown
CPE cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*

22 Mar 2021, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-03-22 14:15

Updated : 2021-03-26 17:17


NVD link : CVE-2021-28146

Mitre link : CVE-2021-28146


JSON object : View

Products Affected

grafana

  • grafana
CWE
CWE-863

Incorrect Authorization