CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6322
https://notcve.org/view.php?id=CVE-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource. • https://grafana.com/security/security-advisories/cve-2024-6322 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-1313 – Users outside an organization can delete a snapshot with its key
https://notcve.org/view.php?id=CVE-2024-1313
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. Es posible que un usuario de una organización diferente al propietario de una instantánea omita la autorización y elimine una instantánea emitiendo una solicitud DELETE a /api/snapshots/ usando su clave de vista. Esta funcionalidad está destinada a estar disponible solo para personas con permiso para escribir/editar la instantánea en cuestión, pero debido a un error en la lógica de autorización, las solicitudes de eliminación emitidas por un usuario sin privilegios en una organización diferente a la del propietario de la instantánea se tratan. según lo autorizado. Grafana Labs desea agradecer a Ravid Mazon y Jay Chen de Palo Alto Research por descubrir y revelar esta vulnerabilidad. • https://grafana.com/security/security-advisories/cve-2024-1313 https://security.netapp.com/advisory/ntap-20240524-0008 https://access.redhat.com/security/cve/CVE-2024-1313 https://bugzilla.redhat.com/show_bug.cgi?id=2271903 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-1442 – User with permissions to create a data source can CRUD all data sources
https://notcve.org/view.php?id=CVE-2024-1442
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization. Un usuario con permisos para crear una fuente de datos puede usar Grafana API para crear una fuente de datos con UID configurado en *. Hacer esto le otorgará al usuario acceso para leer, consultar, editar y eliminar todas las fuentes de datos dentro de la organización. A flaw was found in Grafana, where setting the Grafana API Data Source UID to '*' Grants Unrestricted Access, grants a user the ability to set the UID to '*' via the Grafana API poses a severe security risk. This issue enables unauthorized access to read, query, edit, and delete all data sources within the organization. • https://grafana.com/security/security-advisories/cve-2024-1442 https://access.redhat.com/security/cve/CVE-2024-1442 https://bugzilla.redhat.com/show_bug.cgi?id=2268486 • CWE-269: Improper Privilege Management •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5122 – SSRF in CSV Datasource Plugin
https://notcve.org/view.php?id=CVE-2023-5122
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator Grafana es una plataforma de código abierto para monitoreo y observabilidad. • https://grafana.com/security/security-advisories/cve-2023-5122 https://security.netapp.com/advisory/ntap-20240503-0002 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5123 – Improper Path Sanitization in JSON Datasource Plugin
https://notcve.org/view.php?id=CVE-2023-5123
The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path. This means that if the datasource was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the datasource which issues queries containing path traversal characters, which would in turn cause the datasource to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) . In the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability. El complemento de fuente de datos JSON (https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/) es un complemento mantenido por Grafana Labs para Grafana que permite recuperar y procesar datos JSON desde un endpoint remoto (incluida una subruta específica) configurado por un administrador. • https://grafana.com/security/security-advisories/cve-2023-5123 https://security.netapp.com/advisory/ntap-20240503-0007 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •