8 matches found
openSUSE 15 Security Update : SUSE Manager Client Tools (openSUSE-SU-2021:1162-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1162-1 advisory. - Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning...
openSUSE 15 Security Update : grafana (openSUSE-SU-2021:1148-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1148-1 advisory. - The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a...
openSUSE 15 Security Update : grafana (openSUSE-SU-2021:2662-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2662-1 advisory. - The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a...
openSUSE 15 Security Update : SUSE Manager Client Tools (openSUSE-SU-2021:2675-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2675-1 advisory. - Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning...
Grafana 6.1.0-beta1 - 7.4.3 Access Control Bypass Vulnerability
Grafana is prone to an access control bypass vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...
CVE-2021-28147
CVE-2021-28147 affects Grafana Enterprise: when external authentication is in use and EditorsCanAdmin is enabled, any authenticated user can add external groups to any existing team due to an Incorrect Access Control flaw. Affected versions include Grafana Enterprise 6.x prior to 6.7.6, 7.x prior...