PT-2021-17695 · Grafana+2 · Grafana Enterprise+3

Published

2021-03-22

Updated

2024-06-15

CVE-2021-27962

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Grafana Enterprise versions 7.2.x through 7.3.x before 7.3.10 Grafana Enterprise versions 7.4.x before 7.4.5

Description: The issue allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.

Recommendations: For Grafana Enterprise versions 7.2.x through 7.3.x before 7.3.10, update to version 7.3.10 or later. For Grafana Enterprise versions 7.4.x before 7.4.5, update to version 7.4.5 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2021-1708

BIT-GRAFANA-2021-27962

CVE-2021-27962

OPENSUSE-SU-2021:1148-1

OPENSUSE-SU-2021:1162-1

OPENSUSE-SU-2021:2662-1

OPENSUSE-SU-2021:2675-1

OPENSUSE-SU-2021_1148-1

OPENSUSE-SU-2021_1162-1

OPENSUSE-SU-2021_2662-1

OPENSUSE-SU-2021_2675-1

OPENSUSE-SU-2024:10818-1

SUSE-SU-2021:2660-1

SUSE-SU-2021:2673-1

SUSE-SU-2021:2675-1

SUSE-SU-2021:3907-1

SUSE-SU-2021:3908-1

Affected Products

Alt Linux

Grafana

Grafana Enterprise

Suse

PT-2021-17695 · Grafana+2 · Grafana Enterprise+3

CVE-2021-27962

Related Identifiers

Affected Products

References · 47