CVE-2022-32276

Name of the Vulnerable Software and Affected Versions Grafana version 8.4.3

Description The issue allows unauthenticated access via a "/dashboard/snapshot/*?orgId=0" URI. The vendor considers this a UI bug, not a vulnerability.

Recommendations For Grafana version 8.4.3, consider restricting access to the "/dashboard/snapshot/*" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the orgId parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.