HomePentest-Tools.com Logo

Grafana IDOR Vulnerability (GHSA-63g3-9jq3-mccv) CVE-2022-21713

Severity
CVSSv3 Score
4.3
Vulnerability description

Grafana is prone to an insecure direct object reference (IDOR) vulnerability on Grafana Teams APIs.

Risk description

This vulnerability only impacts the following API endpoints: - /teams/:teamId - an authenticated attacker can view unintended data by querying for the specific team ID. - /teams/:search - an authenticated attacker can search for teams and see the total number of available teams, including for those teams that the user does not have access to. - /teams/:teamId/members - when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.

Recommendation

Update to version 7.5.15, 8.3.5 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 8, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available