BIT-grafana-2026-28374

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2026-28374.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-grafana-2026-28374
Aliases
  • CVE-2026-28374
Published
2026-05-15T08:42:31.522Z
Modified
2026-05-15T11:00:11.431304Z
Summary
IDOR in Annotations API allows unprivileged users to DELETE annotation
Details

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:grafana:grafana:*:*:*:*:*:go:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / grafana

Package

Name
grafana
Purl
pkg:bitnami/grafana

Severity

  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.5.0
Fixed
11.6.14
Introduced
12.0.0
Fixed
12.2.8
Introduced
12.3.0
Fixed
12.3.6
Introduced
12.4.0
Fixed
12.4.3
Introduced
13.0.0
Fixed
13.0.1

Database specific

source 
"https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2026-28374.json"