CVE-2021-27962
Summary
| CVE | CVE-2021-27962 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-03-22 14:15:00 UTC |
| Updated | 2022-07-12 17:42:00 UTC |
| Description | Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release notes for Grafana 7.4.5 | Grafana Labs | MISC | grafana.com | |
| oss-security - Grafana 7.4.5, 7.3.10 and 6.7.6 released with security fixes for Grafana Enterprose | CONFIRM | www.openwall.com | |
| Grafana 6.7.6, 7.3.10, and 7.4.5 released with important security fixes for Grafana Enterprise | Grafana Labs | CONFIRM | grafana.com | |
| Release Notes v6.7.x - Releases - Grafana Community | MISC | community.grafana.com | |
| Grafana Enterprise 6.7.6, 7.3.10 and 7.4.5 Security Update - Security Announcements - Grafana Labs Community Forums | MISC | community.grafana.com | |
| Grafana Community | MISC | community.grafana.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 501864 Alpine Linux Security Update for grafana
- 730073 Grafana Enterprise Multiple Security Vulnerabilities
- 750959 OpenSUSE Security Update for SUSE Manager Client Tools (openSUSE-SU-2021:2675-1)
- 750960 OpenSUSE Security Update for grafana (openSUSE-SU-2021:2662-1)
- 750964 OpenSUSE Security Update for grafana (openSUSE-SU-2021:1148-1)
- 750980 OpenSUSE Security Update for SUSE Manager Client Tools (openSUSE-SU-2021:1162-1)