漏洞标题
N/A
漏洞描述信息
Grafana 是一个开源平台,用于监控和观测。这个漏洞影响了多个组织的 Grafana 实例,并允许在一个组织中拥有组织管理员权限的用户更改所有组织中与组织查看器、组织编辑器和组织管理员角色相关的权限。
它还允许组织管理员将他们所掌握的任何权限分配给或撤销 globally 的任何用户。
这意味着任何组织管理员可以在他们已经是该组织成员的任何组织中提高其权限,或提高或限制其他用户的权限。
这个漏洞不允许用户成为他们不是已经属于该组织的成员的组织的会员,或者将任何其他用户添加到当前用户不属于该组织的组织的组织中。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
漏洞类别
特权管理不恰当
漏洞标题
N/A
漏洞描述信息
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.
It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.
This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.
The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
漏洞类别
特权管理不恰当
漏洞标题
Grafana 安全漏洞
漏洞描述信息
Grafana是Grafana开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana存在安全漏洞。攻击者利用该漏洞可以提升权限。
CVSS信息
N/A
漏洞类别
其他