FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- Incorrect Access Control

Affected packages
8.0.0 <= grafana < 8.2.4
8.0.0 <= grafana8 < 8.2.4

Details

VuXML ID 99bff2bd-4852-11ec-a828-6c3be5272acd
Discovery 2021-11-02
Entry 2021-12-11

Grafana Labs reports:

When the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin.

[source]

References

CVE Name CVE-2021-41244
URL https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.