7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
24.8%
gafana is vulnerable to privilege escalation. An attacker can take over another user’s account in the grafana instance by supplying a login name through the specified OAuth IdP
when the attacker’s external user id is linked to a grafana account, and the attacker knows the grafana user name of the target user.
github.com/grafana/grafana/commit/756939ac2a76c97518bbe633c6b2b4d64fe615c0
github.com/grafana/grafana/commit/967e17d7ef6bc62a108add33ea699710f0e15870
github.com/grafana/grafana/commit/c5aa4f48690d01c5c3bcdd4ab3b2f957f7637c2b
github.com/grafana/grafana/commit/c9492585b586ae936080641bd302743a06c3aadb
github.com/grafana/grafana/issues/395
github.com/grafana/grafana/issues/397
github.com/grafana/grafana/issues/399
github.com/grafana/grafana/pull/401
github.com/grafana/grafana/pull/52218
github.com/grafana/grafana/pull/52236
github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2
grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/
grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/
grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/
security.netapp.com/advisory/ntap-20220901-0010/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
24.8%