BIT-grafana-2026-28380

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2026-28380.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-grafana-2026-28380
Aliases
  • CVE-2026-28380
Published
2026-05-15T08:42:38.869Z
Modified
2026-05-15T11:00:11.318571Z
Summary
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Details

Any Editor could delete any snapshot, even if they have no access to read or write them.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:grafana:grafana:*:*:*:*:*:go:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / grafana

Package

Name
grafana
Purl
pkg:bitnami/grafana

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
9.4.0
Fixed
11.6.14
Introduced
12.0.0
Fixed
12.2.8
Introduced
12.3.0
Fixed
12.3.6
Introduced
12.4.0
Fixed
12.4.3
Introduced
13.0.0
Fixed
13.0.1

Database specific

source 
"https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2026-28380.json"