CVE-2021-27962

EUVD-2021-14680
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
grafanagrafana
7.2.0 ≤
𝑥
< 7.3.10
grafanagrafana
7.4.0 ≤
𝑥
< 7.4.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grafana
bionic
dne
focal
dne
groovy
dne
trusty
dne
xenial
not-affected
References
http://www.openwall.com/lists/oss-security/2021/03/19/5
https://community.grafana.com
https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
https://community.grafana.com/t/release-notes-v6-7-x/27119
https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/
http://www.openwall.com/lists/oss-security/2021/03/19/5
https://community.grafana.com
https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
https://community.grafana.com/t/release-notes-v6-7-x/27119
https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/