Organization admin can delete server admin in Grafana
An access control vulnerability was discovered in Grafana where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: An Organization administrator exists...