CVE-2021-27962

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-27962
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27962.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-27962
Aliases
Downstream
Related
Published
2021-03-22T14:15:14.023Z
Modified
2026-04-10T04:31:37.404780Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
[none]
Details

Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.

References

Affected packages

Git / github.com/grafana/grafana

Affected ranges

Type
GIT
Repo
https://github.com/grafana/grafana
Events
Introduced
efe4941ee38fb86062142a359640ede0abf66ac0
Fixed
43e9cd2a02a7bcb955d95e6d9e330a4795380777
Introduced
c2203b985929c0273afe132b0df7a06859b41b24
Fixed
8a2c78d3f82ab36c1c53e745a755f0e63f01f360
Database specific 
{
    "versions": [
        {
            "introduced": "7.2.0"
        },
        {
            "fixed": "7.3.10"
        },
        {
            "introduced": "7.4.0"
        },
        {
            "fixed": "7.4.5"
        }
    ]
}

Affected versions

v7.*
v7.4.0
v7.4.1
v7.4.2
v7.4.3
v7.4.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27962.json"