CVE-2024-1442

2024-03-0719:38:05

redhat.com

access.redhat.com

grafana

api

data source

uid

security risk

unauthorized access

data breaches

privacy violations

compliance issues

access controls

monitoring

mitigation

red hat product

stability

6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A flaw was found in Grafana, where setting the Grafana API Data Source UID to ‘’ Grants Unrestricted Access, grants a user the ability to set the UID to '’ via the Grafana API poses a severe security risk. This issue enables unauthorized access to read, query, edit, and delete all data sources within the organization. Such unrestricted access can lead to data breaches, manipulation, privacy violations, and compliance issues, emphasizing the critical importance of implementing stringent access controls and monitoring API usage.

Mitigation

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.