10 matches found
EUVD-2026-42109
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...
CVE-2026-28378
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...
CVE-2026-28378
The CVE-2026-28378 entry describes a vulnerability in Grafana where the public dashboard deletion endpoint does not enforce organization isolation. An Org Admin in one organization can delete public dashboards belonging to another organization by supplying the target dashboard identifiers. Impact...
PT-2026-53931
Name of the Vulnerable Software and Affected Versions CVAT versions prior to 2.69.0 Description An improper authorization issue exists in the QualityReportViewSet.get queryset function. Authenticated attackers can enumerate quality report identifiers from other organizations by exploiting a missi...
CVE-2026-21727
--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: " Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvssscore: "3.3" cvssvector:...
CVE-2024-4147 Insufficient Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...
CVE-2026-0713
The Red Hat/CIRCL/EUVD/PTSecurity entries confirm a security issue in Grafana’s API at /apis/dashboard.grafana.app/* affecting all API versions (v0alpha1, v1alpha1, v2alpha1). Root cause: authenticated users can bypass dashboard and folder permissions, allowing Viewer role to access all dashboard...
PT-2026-2986
Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A security issue exists in the /apis/dashboard.grafana.app/ API endpoints, allowing authenticated users to bypass dashboard and folder permissions. This affects all API versions v0alpha1,...
CVE-2025-3260
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...
UBUNTU-CVE-2025-3260
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...