CVE-2024-1442 Information

Description

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read query edit and delete all data sources within the organization.

Reference

https://grafana.com/security/security-advisories/cve-2024-1442/