Published: 08/02/2022 Updated: 07/11/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated malicious user to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated malicious user to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grafana grafana
grafana grafana 5.0.0
netapp e-series performance analyzer
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36

Synopsis Important: grafana security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for grafana is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rate ...

Synopsis Important: Red Hat OpenShift Service Mesh 231 Containers security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 231 ContainersRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...

Grafana is an open-source platform for monitoring and observability Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to ...

Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint contain the following vulnerabilities: CVE-2022-21702, CVE-2022-21703, CVE-2022-21713 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

CWE-639 https://github.com/grafana/grafana/pull/45083 https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv https://security.netapp.com/advisory/ntap-20220303-0005/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/https://access.redhat.com/errata/RHSA-2022:8057 https://nvd.nist.gov https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-116/index.html

CVE-2022-21713

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect