17 matches found
RHEL 9 : grafana (RHSA-2026:3529)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3529 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes:...
grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation
An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...
grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation
An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...
BIT-GRAFANA-2026-21721 Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation
The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...
grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation
An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...
grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation
An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...
WeKan 安全漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.19 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation during the creation of inventories and related inventory routing processes, which did not ensure that the...
WeKan 安全漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.19 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation during the creation of inventories and related inventory routing processes, which did not ensure that the...
WeKan 安全漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.19 contained security vulnerabilities. These vulnerabilities stemmed from the card movement logic, where users could specify target dashboards, lists, or channels without proper authorization checks, an...
SUSE CVE-2026-21721
The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization-internal privilege...
UBUNTU-CVE-2026-21721
The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...
CVE-2026-21721
The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...
CVE-2026-21721
CVE-2026-21721 — Grafana dashboard permissions scope bypass. The exposed issue arises because the dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. An authenticated user with permission-management rights on one dashboard can ...
EUVD-2026-4820
The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...
CVE-2026-21721 Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation
The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...
PT-2026-4878
Name of the Vulnerable Software and Affected Versions versions prior to 2026-21721 Description The dashboard permissions API does not verify the target dashboard scope, only checking the dashboards.permissions: action. This allows a user with permission management rights on one dashboard to read...
Cross-dashboard privilege escalation via permission management
Grafana is an open-source platform for monitoring and observability. The platform supports creating dashboards, which collate various visualisation panels onto one plane. These can have per-user permissions. If a user has permission management rights on one dashboard, they could edit the...