CVE-2024-1442

Published: Mar 7, 2024Modified: Mar 11, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization.

Affected (5)

Products: Grafana: Grafana

Grafana

1 product

Grafana

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Grafana Grafana	From 10.0.0 to 10.0.12
Grafana Grafana	From 10.1.0 to 10.1.8
Grafana Grafana	From 10.2.0 to 10.2.5
Grafana Grafana	From 10.3.0 to 10.3.4
Grafana Grafana	From 8.5.0 to 9.5.7

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (3)

https://grafana.com/security/security-advisories/cve-2024-1442/

Source: security@grafana.com

Vendor Advisory

https://grafana.com/security/security-advisories/cve-2024-1442/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.netapp.com/advisory/ntap-20241122-0007/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.