FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- Incorrect Access Control

Affected packages
8.0.0 <= grafana < 8.2.4
8.0.0 <= grafana8 < 8.2.4

Details

VuXML ID 99bff2bd-4852-11ec-a828-6c3be5272acd
Discovery 2021-11-02
Entry 2021-12-11

Grafana Labs reports:

When the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin.

References

CVE Name CVE-2021-41244
URL https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/