Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.
{ "cpes": [ "cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*" ], "severity": "High" }