7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
github.com/grafana/grafana is vulnerable to authentication bypass. The library does not properly restrict access to literal paths, allowing unauthenticated users to modify data.
www.openwall.com/lists/oss-security/2021/10/05/4
github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269
github.com/grafana/grafana/pull/36325
github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9
grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-11/
grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/
lists.fedoraproject.org/archives/list/[email protected]/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT/
lists.fedoraproject.org/archives/list/[email protected]/message/E6ANHRDBXQT6TURLP2THM26ZPDINFBEG/
security.netapp.com/advisory/ntap-20211029-0008/
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P