12 matches found
GO-2026-5219 Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions in github.com/grafana/grafana
Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this...
BIT-GRAFANA-2026-21724 Missing Protected-field Authorization in Provisioning Contact Points API
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...
EUVD-2026-16338
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission. A patched version is available at...
GHSA-7G92-G4VH-HP84 Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission. A patched version is available at...
CVE-2026-21724
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
CVE-2026-21724
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
CVE-2026-21724
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
CVE-2026-21724 Missing Protected-field Authorization in Provisioning Contact Points API
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...
CVE-2026-21724
Grafana OSS vulnerability CVE-2026-21724: a flaw in the Provisioning Contact Points API allows users with Editor role to bypass authorization and modify protected webhook URLs without the alert.notifications.protected:write permission. Impact is limited to unauthorized changes to protected webhoo...
Missing Protected-field Authorization in Provisioning Contact Points API
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...