Lucene search
K

7 matches found

OSV
OSV
added 2026/04/06 7:50 a.m.2 views

BIT-GRAFANA-2026-21724 Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.8AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 10:32 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...

5.4CVSS5.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 10:32 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...

5.4CVSS5.9AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/26 9:31 p.m.7 views

EUVD-2026-16338

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/26 8:6 p.m.22 views

CVE-2026-21724 Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 8:6 p.m.2 views

CVE-2026-21724 Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:6 p.m.7 views

CVE-2026-21724

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder