CGA-85wh-38wf-qwmf

Published

Last updated

https://images.chainguard.dev/security/CGA-85wh-38wf-qwmf

Package

grafana

Latest Update

Fixed

Fixed Version

10.4.0-r0

Aliases

CVE-2024-1442
GHSA-5mxf-42f5-j782

Severity

6.0

Medium

CVSS V3

Summary

Grafana's users with permissions to create a data source can CRUD all data sources

Description

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-1442
https://github.com/advisories/GHSA-5mxf-42f5-j782
https://github.com/grafana/grafana
https://grafana.com/security/security-advisories/cve-2024-1442
https://security.netapp.com/advisory/ntap-20241122-0007

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-85wh-38wf-qwmf

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources