github.com/grafana/grafana is vulnerable to Access Control Bypass. The vulnerability exists due to a lack of write authorization checks in authorization.go
, which allows an attacker with the viewer role and send a test alert using the api, as well as block SMTP servers.
github.com/advisories/GHSA-cvm3-pp2j-chr3
github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3
github.com/grafana/grafana/commit/157004db287ce04cfd2d665937aa91ba81680239
github.com/grafana/grafana/commit/4b92020636ec468f9c37b5fa44286f7c5eb9fffe
github.com/grafana/grafana/commit/7078e75abf89816c0910592dac01ee6db5f39bf3
github.com/grafana/grafana/commit/8f0a89e8188b61dfc766a8c561be60f2be8ac167
github.com/grafana/grafana/commit/d5ff95cc42e845b76d16dbfd7bb1fc97a1064ea6
grafana.com/security/security-advisories/cve-2023-2183/
security.netapp.com/advisory/ntap-20230706-0002/