Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability
{ "cpes": [ "cpe:2.3:a:grafana:grafana:8.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*" ], "severity": "High" }