2 matches found
Grafana -- User deletion issue
Grafana Labs reports: On April 15, we discovered a vulnerability that stems from the user deletion logic associated with organization administrators. An organization admin could remove any user from the specific organization they manage. Additionally, they have the power to delete users entirely...
Grafana -- Authorization bypass in data source proxy API
Grafana Labs reports: This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects Grafana’s data source proxy API and allows authorization checks to be bypassed by adding an extra slash character / in the URL path. Among Grafana-maintained data...