CVE-2024-6322
CVSS V2 None
CVSS V3 None
Description
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource.
Overview
- CVE ID
- CVE-2024-6322
- Assigner
- GRAFANA
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-20T17:52:06.232Z
- Last Modified Date
- 2024-08-20T17:52:06.232Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://grafana.com/security/security-advisories/cve-2024-6322/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-6322 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6322 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-21 13:08:08 | Added to TrackCVE |