CVE-2021-27962
Advisory lineage Upstream: 0 Downstream: 8
Modified
Published: 22 Mar 2021, 13:55
Last modified:03 Aug 2024, 21:33
Vulnerability Summary
Overall Risk (default)
medium
28/100 CVSS Score
7.1 HIGH
v3.1 (nvd)
EPSS Score
0.37% LOW
0% probability +0.09%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
22 Mar 2021, 13:55
Published
Vulnerability first disclosed
03 Aug 2024, 21:33
Last Modified
Vulnerability information updated
Description
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
CVSS Metrics
- v3.1•HIGH•Score: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
- v2.0•MEDIUM•Score: 4.9AV:N/AC:M/Au:S/C:P/I:P/A:N
EPSS Trends
Current EPSS score: 0.37%• Percentile: 59%
Affected Systems
- grafana•grafana
≥ 7.2.0, < 7.3.10 | ≥ 7.4.0, < 7.4.5
References (6)
- https://community.grafana.com/t/release-notes-v6-7-x/27119
- https://community.grafana.com
- http://www.openwall.com/lists/oss-security/2021/03/19/5
- https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/
- https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
- https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/