Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-41244  

A security issue has been found in Grafana 8.0 before version 8.2.4. When the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, users with the Organization Admin role can list, add, remove, and update users’ roles in other organizations in which they are not an admin.

Source
Severity Critical

Remote Yes

Type Access restriction bypass

Description 

A security issue has been found in Grafana 8.0 before version 8.2.4. When the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, users with the Organization Admin role can list, add, remove, and update users’ roles in other organizations in which they are not an admin.

AVG-2559 grafana 8.2.3-1 8.2.4-1 Critical Fixed 

https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx
https://github.com/grafana/grafana/commit/5fb0bd30e88e8c9211c42c94539c5297e3629d36

Workaround
==========

If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started