cbcvebase.
CVE-2024-1442
published 2024-03-07

CVE-2024-1442: A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to…

PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.80%
52.0th percentile
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.

Affected

12 ranges
VendorProductVersion rangeFixed in
github.comgrafana_grafana>= 10.0.0 < 10.0.1210.0.12
github.comgrafana_grafana>= 10.1.0 < 10.1.810.1.8
github.comgrafana_grafana>= 10.2.0 < 10.2.510.2.5
github.comgrafana_grafana>= 10.3.0 < 10.3.410.3.4
github.comgrafana_grafana>= 8.5.0 < 9.5.79.5.7
grafanagrafana>= 10.0.0 < 10.0.1210.0.12
grafanagrafana>= 10.1.0 < 10.1.810.1.8
grafanagrafana>= 10.2.0 < 10.2.510.2.5
grafanagrafana>= 10.3.0 < 10.3.410.3.4
grafanagrafana>= 8.5.0 < 9.5.79.5.7
linuxlinux_kernel>= 0 < 6.1.119-16.1.119-1
linuxlinux_kernel>= 0 < 6.11.7-16.11.7-1

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_oracle6.0MEDIUM
vendor_redhat6.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.