CVE-2021-27962

High

7.1/10

Summary

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory Timeline

Published Mar 22, 2021

CVE-2021-27962

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS