CVE-2024-1442

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-1442

Severity

8.8

High

CVSS CVSS_V3

Description

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.

References

https://images.chainguard.dev/security/CGA-85wh-38wf-qwmf
https://github.com/advisories/GHSA-5mxf-42f5-j782
https://images.chainguard.dev/security/CGA-jvwm-r7w5-ghcf
https://images.chainguard.dev/security/CGA-94j3-xx6j-8rfc
https://images.chainguard.dev/security/CGA-2h6v-p72f-wmg4
https://grafana.com/security/security-advisories/cve-2024-1442/
https://security.netapp.com/advisory/ntap-20241122-0007/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal