Exploit Report

Computer Security And Bug Information

CVE-2022-36062

CVECVE-2022-36062
CVE Ordinal Value241783
Published Date2022-09-22T18:15Z
Modified Date2022-09-22T19:24Z
CWE TypeCWE-281
DescriptionGrafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/grafana/grafana/security/advisories/GHSA-p978-56hq-r492
Reference DescriptionCONFIRM https://github.com/grafana/grafana/security/advisories/GHSA-p978-56hq-r492
Reference Description
Sources NIST MITRE
Note
  • No CVSS data for this CVE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles